Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Window 10 stuck in a boot loop


  • Please log in to reply

#31
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

Hello,

 

it did not find any integrity violations when the scan completed. :)


  • 0

Advertisements


#32
iMacg3

iMacg3

    Malware Removal

  • Malware Removal
  • 296 posts
Hi,

We'll run chkdsk to check for any issues with the hard disk. Please do this:

Press the Windows Key + R. This will open the Run box.
Type cmd and press Ctrl + Shift + Enter.
A command prompt window will open. Type chkdsk /r (note the space between chkdsk and /r) and press Enter.

Chkdsk will say that it will need to schedule the disk check until the next reboot. Press Y to continue.

Restart your computer. Before Windows loads, chkdsk will begin scanning your hard drive for bad sectors and attempt to repair them. This may take some time.

Once it is complete, your computer should boot to Windows.
  • Press the Windows Key + R. Type eventvwr and press Enter.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

  • 0

#33
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

Well, some things changed, the other account is no longer there and it is just the administrator log in but I can't log in because it says "Your account has been disabled, please contact your system administrator" so I went into safe mode. Here is the log:

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          3/21/2019 5:21:07 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      DESKTOP-LNO50DL
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
Stage 1: Examining basic file system structure ...
  470016 file records processed.                                                        
 
 
File verification completed.
  52372 large file records processed.                                   
 
 
  0 bad file records processed.                                     
 
 
 
Stage 2: Examining file name linkage ...
  20566 reparse records processed.                                      
 
 
  545608 index entries processed.                                                       
 
 
Index verification completed.
  0 unindexed files scanned.                                        
 
 
  0 unindexed files recovered to lost and found.                    
 
 
  20566 reparse records processed.                                      
 
 
 
Stage 3: Examining security descriptors ...
Cleaning up 5096 unused index entries from index $SII of file 0x9.
Cleaning up 5096 unused index entries from index $SDH of file 0x9.
Cleaning up 5096 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
  37797 data files processed.                                           
 
 
CHKDSK is verifying Usn Journal...
  40361256 USN bytes processed.                                                           
 
 
Usn Journal verification completed.
 
Stage 4: Looking for bad clusters in user file data ...
  470000 files processed.                                                               
 
 
File data verification completed.
 
Stage 5: Looking for bad, free clusters ...
  232565438 free clusters processed.                                                       
 
 
Free space verification is complete.
Correcting errors in the Volume Bitmap.
 
Windows has made corrections to the file system.
No further action is required.
 
 962225151 KB total disk space.
  31208000 KB in 139958 files.
    113644 KB in 37800 indexes.
         0 KB in bad sectors.
    641751 KB in use by the system.
     65536 KB occupied by the log file.
 930261756 KB available on disk.
 
      4096 bytes in each allocation unit.
 240556287 total allocation units on disk.
 232565439 allocation units available on disk.
 
Internal Info:
00 2c 07 00 68 b6 02 00 94 f8 04 00 00 00 00 00  .,..h...........
10 00 00 00 46 50 00 00 00 00 00 00 00 00 00 00  ....FP..........
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2019-03-21T22:21:07.328002700Z" />
    <EventRecordID>1829</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>DESKTOP-LNO50DL</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
Stage 1: Examining basic file system structure ...
  470016 file records processed.                                                        
 
 
File verification completed.
  52372 large file records processed.                                   
 
 
  0 bad file records processed.                                     
 
 
 
Stage 2: Examining file name linkage ...
  20566 reparse records processed.                                      
 
 
  545608 index entries processed.                                                       
 
 
Index verification completed.
  0 unindexed files scanned.                                        
 
 
  0 unindexed files recovered to lost and found.                    
 
 
  20566 reparse records processed.                                      
 
 
 
Stage 3: Examining security descriptors ...
Cleaning up 5096 unused index entries from index $SII of file 0x9.
Cleaning up 5096 unused index entries from index $SDH of file 0x9.
Cleaning up 5096 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
  37797 data files processed.                                           
 
 
CHKDSK is verifying Usn Journal...
  40361256 USN bytes processed.                                                           
 
 
Usn Journal verification completed.
 
Stage 4: Looking for bad clusters in user file data ...
  470000 files processed.                                                               
 
 
File data verification completed.
 
Stage 5: Looking for bad, free clusters ...
  232565438 free clusters processed.                                                       
 
 
Free space verification is complete.
Correcting errors in the Volume Bitmap.
 
Windows has made corrections to the file system.
No further action is required.
 
 962225151 KB total disk space.
  31208000 KB in 139958 files.
    113644 KB in 37800 indexes.
         0 KB in bad sectors.
    641751 KB in use by the system.
     65536 KB occupied by the log file.
 930261756 KB available on disk.
 
      4096 bytes in each allocation unit.
 240556287 total allocation units on disk.
 232565439 allocation units available on disk.
 
Internal Info:
00 2c 07 00 68 b6 02 00 94 f8 04 00 00 00 00 00  .,..h...........
10 00 00 00 46 50 00 00 00 00 00 00 00 00 00 00  ....FP..........
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>

</Event> 


  • 0

#34
iMacg3

iMacg3

    Malware Removal

  • Malware Removal
  • 296 posts

Hi,
 

Download Farbar Recovery Scan Tool from a working computer, and save it to a USB flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Plug in the USB flash drive to the affected computer.
  • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
  • If you receive a SmartScreen warning, click on More Info and Run Anyway.
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Copy and paste the contents of FRST.txt and Addition.txt into your next reply.

  • 0

#35
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

I am sorry, I have a problem, I cannot open file explorer in order to use FRST as administrator. I can only use the command line since the start menu literally won't come up. It's weird, the buttons are there on the desktop but they aren't functioning.


  • 0

#36
iMacg3

iMacg3

    Malware Removal

  • Malware Removal
  • 296 posts
Hi,

It's fine if you launch FRST from the command prompt if you can't access it from the desktop or File Explorer.
  • 0

#37
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts

Hi,

It's fine if you launch FRST from the command prompt if you can't access it from the desktop or File Explorer.

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Administrator (administrator) on DESKTOP-LNO50DL (22-03-2019 19:23:31)
Running from F:\
Loaded Profiles: False (Available Profiles: Administrator) <==== ATTENTION (Temporary Profile?)
Platform: Windows 10 Home Version 1803 17134.648 (X64) Language: English (United States)
Default browser not detected!
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-09-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-09-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWelcome.exe [127480 2017-11-06] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-11-27] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1198448 2017-08-30] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\RunOnce: [Unattend0000000001{83EF361F-FBE0-40C3-9D3A-D12A61800E8C}] => C:\windows\system32\oem\pwrcfg.bat [486 2018-05-24] ()
HKLM\...\RunOnce: [Unattend0000000002{EB8278D3-6EE5-4259-99BF-8CCE98C5D75E}] => C:\windows\system32\oem\pwrcfg.bat [486 2018-05-24] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{4b79d419-ded7-42d7-8c8d-20b8afd759ef}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{dd1c4e9b-13ca-44f7-af61-018a93addf62}: [DhcpNameServer] 10.13.109.99
ManualProxies: 
 
Internet Explorer:
==================
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-09-25] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-09-25] (McAfee, Inc. -> McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-09-25] (McAfee, Inc. -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-09-25] (McAfee, Inc. -> )
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
S2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-11-28] (Intel® Software Development Products -> Intel Corporation)
S2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [406504 2018-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-08-10] (McAfee, Inc. -> McAfee, Inc.)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc -> Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc -> Dell Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc -> Dell Inc.)
S2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [119840 2017-11-03] (Dell Inc -> Dell Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232832 2018-01-23] (Dell Inc -> Dell Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2410672 2017-11-28] (Intel® Rapid Storage Technology -> Intel Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-11-27] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [742704 2017-10-11] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Trust Services -> Intel® Corporation)
S2 IRMTService; C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe [183424 2017-08-08] (Intel® RMT -> Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2484408 2018-07-27] (Rivet Networks LLC -> Rivet Networks)
S4 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [991720 2017-11-22] (McAfee, Inc. -> McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2017-01-17] (McAfee, Inc. -> McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc. -> McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [357840 2017-09-14] (McAfee, Inc. -> McAfee LLC)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [509904 2017-09-14] (McAfee, Inc. -> McAfee LLC)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [466384 2017-09-14] (McAfee, Inc. -> McAfee LLC)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1546904 2017-08-17] (McAfee, Inc. -> McAfee, Inc.)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1046456 2017-09-14] (McAfee, Inc. -> Intel Security, Inc.)
S2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [190840 2018-06-29] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324584 2017-09-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-12-18] (Dell Inc. -> Dell Inc.)
S2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [829816 2017-08-30] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72888 2018-07-27] (Rivet Networks LLC -> CloudBees, Inc.)
S2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72888 2018-07-27] (Rivet Networks LLC -> CloudBees, Inc.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77288 2017-10-17] (McAfee, Inc. -> McAfee LLC)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36400 2018-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 e2xw10x64; C:\WINDOWS\System32\drivers\e2xw10x64.sys [165584 2018-06-05] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-10] (McAfee, Inc. -> McAfee, Inc.)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-16] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [69632 2017-11-28] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [34712 2017-08-08] (Intel Corporation -> Intel Corporation)
S3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [144592 2018-07-27] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [492520 2017-10-17] (McAfee, Inc. -> McAfee LLC)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [355304 2017-10-17] (McAfee, Inc. -> McAfee LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84024 2017-10-17] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee LLC)
S3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [505320 2017-10-17] (McAfee, Inc. -> McAfee LLC)
S0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [936936 2017-10-17] (McAfee, Inc. -> McAfee LLC)
S3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [505768 2017-11-14] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108456 2017-11-14] (McAfee, Inc. -> McAfee LLC.)
S3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115176 2017-10-17] (McAfee, Inc. -> McAfee LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252896 2017-10-17] (McAfee, Inc. -> McAfee LLC)
S3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2358112 2018-06-29] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [129776 2017-09-21] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-03-21 16:45 - 2019-03-21 16:45 - 000000080 ___SH C:\bootTel.dat
2019-03-21 01:26 - 2019-03-21 01:26 - 000065304 _____ C:\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000001.db
2019-03-21 01:26 - 2019-03-21 01:26 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2019-03-21 01:26 - 2018-04-11 18:34 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-19 16:10 - 2019-03-19 16:10 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-03-19 00:43 - 2019-03-22 19:23 - 000000000 ____D C:\FRST
2019-03-18 00:07 - 2019-03-18 00:09 - 000000000 _____ C:\Recovery.txt
2019-03-17 21:28 - 2019-03-22 16:21 - 000558898 _____ C:\WINDOWS\ntbtlog.txt
2019-03-17 00:38 - 2019-03-17 00:44 - 000000000 ____D C:\Windows.old
2019-03-17 00:38 - 2019-03-17 00:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-03-17 00:37 - 2019-03-16 23:51 - 000000000 ____D C:\WINDOWS\IAStorAfsService
2019-03-17 00:36 - 2019-03-17 00:36 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-03-17 00:36 - 2019-03-17 00:36 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-03-17 00:36 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\Setup
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\te-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\or-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\km-KH
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\is-IS
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\id-ID
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\be-BY
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\as-IN
2019-03-17 00:33 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\OCR
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\Program Files\MSBuild
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-03-17 00:33 - 2019-03-17 00:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\system32\0409
2019-03-17 00:32 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\DigitalLocker
2019-03-17 00:29 - 2019-03-03 11:54 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-17 00:29 - 2019-03-03 11:54 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-17 00:28 - 2019-03-17 00:25 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2019-03-17 00:28 - 2019-03-17 00:25 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2019-03-17 00:28 - 2019-03-17 00:25 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2019-03-17 00:27 - 2019-03-21 01:26 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2019-03-17 00:27 - 2019-03-21 01:26 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2019-03-17 00:27 - 2019-03-19 22:09 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-17 00:27 - 2019-03-19 16:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-17 00:27 - 2019-03-17 03:31 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-03-17 00:27 - 2019-03-17 03:31 - 000000000 ____D C:\WINDOWS\appcompat
2019-03-17 00:27 - 2019-03-17 00:39 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-17 00:27 - 2019-03-17 00:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-03-17 00:27 - 2019-03-17 00:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ta-in
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\si-lk
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\setup
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-17 00:27 - 2019-03-17 00:36 - 000000000 ____D C:\WINDOWS\system32\am-et
2019-03-17 00:27 - 2019-03-17 00:35 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-17 00:27 - 2019-03-17 00:35 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-03-17 00:27 - 2019-03-17 00:35 - 000000000 ____D C:\WINDOWS\Provisioning
2019-03-17 00:27 - 2019-03-17 00:35 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-17 00:27 - 2019-03-17 00:35 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-03-17 00:27 - 2019-03-17 00:35 - 000000000 ____D C:\Program Files\Windows Defender
2019-03-17 00:27 - 2019-03-17 00:35 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-03-17 00:27 - 2019-03-17 00:35 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-17 00:27 - 2019-03-17 00:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ___SD C:\WINDOWS\system32\dsc
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\system32\com
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\IME
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\Help
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ____D C:\Program Files\Common Files\system
2019-03-17 00:27 - 2019-03-17 00:32 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-03-17 00:27 - 2019-03-17 00:28 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2019-03-17 00:27 - 2019-03-17 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2019-03-17 00:27 - 2019-03-17 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2019-03-17 00:27 - 2019-03-17 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2019-03-17 00:27 - 2019-03-17 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2019-03-17 00:27 - 2019-03-17 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2019-03-17 00:27 - 2019-03-17 00:28 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 __RSD C:\WINDOWS\media
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 __RHD C:\Users\Public\Libraries
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ___SD C:\WINDOWS\system32\Nui
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\Web
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\WaaS
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\Vss
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\tracing
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\TAPI
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SystemResources
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SystemApps
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\winevt
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\ras
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\my-mm
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\IME
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\icsxml
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\ias
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\DriverState
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\downlevel
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\DDFs
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\System
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SKB
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\ServiceState
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\security
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\schemas
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\SchCache
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\Resources
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\rescache
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\PLA
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\Performance
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\L2Schemas
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\InputMethod
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\IdentityCRL
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\Globalization
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\Cursors
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\Branding
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\addins
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\Program Files\Windows Security
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\Program Files\Windows Portable Devices
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\Program Files\windows nt
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\Program Files\Common Files\Services
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\Program Files (x86)\windows nt
2019-03-17 00:27 - 2019-03-17 00:27 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2019-03-17 00:27 - 2019-03-17 00:25 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2019-03-17 00:27 - 2019-03-17 00:25 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2019-03-17 00:27 - 2019-03-17 00:25 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-03-17 00:27 - 2019-03-17 00:25 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2019-03-17 00:27 - 2019-03-17 00:25 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2019-03-17 00:27 - 2019-03-17 00:25 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2019-03-17 00:27 - 2019-03-17 00:12 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-03-17 00:27 - 2019-03-17 00:12 - 000000000 ____D C:\WINDOWS\Registration
2019-03-17 00:27 - 2019-03-17 00:07 - 000000000 ___RD C:\Program Files (x86)
2019-03-17 00:27 - 2019-03-17 00:07 - 000000000 ____D C:\WINDOWS\system32\spool
2019-03-17 00:27 - 2019-03-16 23:55 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-03-17 00:27 - 2019-03-16 23:55 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-03-17 00:27 - 2019-03-16 23:54 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-17 00:27 - 2019-03-16 23:53 - 000000000 ____D C:\ProgramData\USOPrivate
2019-03-17 00:27 - 2019-03-16 23:50 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2019-03-17 00:27 - 2019-03-16 23:50 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2019-03-17 00:27 - 2019-03-16 23:50 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2019-03-17 00:27 - 2019-03-16 23:50 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2019-03-17 00:26 - 2019-03-22 16:25 - 000000000 ____D C:\WINDOWS\INF
2019-03-17 00:21 - 2019-03-19 00:11 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-17 00:16 - 2019-03-21 17:13 - 081002496 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-03-17 00:16 - 2019-03-21 17:13 - 081002496 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-03-17 00:16 - 2019-03-21 17:13 - 020447232 _____ C:\WINDOWS\system32\config\SYSTEM
2019-03-17 00:16 - 2019-03-21 17:13 - 020447232 _____ C:\WINDOWS\system32\config\SYSTEM
2019-03-17 00:16 - 2019-03-21 17:13 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT
2019-03-17 00:16 - 2019-03-21 17:13 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT
2019-03-17 00:16 - 2019-03-21 17:13 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2019-03-17 00:16 - 2019-03-21 17:13 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2019-03-17 00:16 - 2019-03-21 17:13 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2019-03-17 00:16 - 2019-03-21 17:13 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2019-03-17 00:16 - 2019-03-17 00:32 - 000000000 ____D C:\WINDOWS\servicing
2019-03-17 00:16 - 2019-03-17 00:27 - 000000000 ____D C:\WINDOWS\system32\SMI
2019-03-17 00:16 - 2019-03-17 00:13 - 000000000 ____D C:\WINDOWS\Panther
2019-03-17 00:16 - 2019-03-17 00:12 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-17 00:16 - 2019-03-17 00:12 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-17 00:16 - 2019-03-17 00:09 - 000008192 _____ C:\WINDOWS\system32\config\BBI
2019-03-17 00:16 - 2019-03-17 00:09 - 000008192 _____ C:\WINDOWS\system32\config\BBI
2019-03-17 00:14 - 2019-03-22 16:25 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-17 00:13 - 2019-03-17 00:13 - 000000000 _SHDL C:\Documents and Settings
2019-03-17 00:12 - 2019-03-21 16:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-17 00:12 - 2019-03-17 00:13 - 000002386 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2019-03-17 00:12 - 2019-03-17 00:12 - 000003256 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2019-03-17 00:12 - 2019-03-17 00:12 - 000003180 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-03-17 00:12 - 2019-03-17 00:12 - 000002782 _____ C:\WINDOWS\System32\Tasks\PCDBackgroundMonSetup
2019-03-17 00:12 - 2019-03-17 00:12 - 000002486 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2019-03-17 00:12 - 2019-03-17 00:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-03-17 00:12 - 2019-03-17 00:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2019-03-17 00:12 - 2019-03-17 00:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-03-17 00:12 - 2018-04-11 18:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-03-17 00:11 - 2019-03-17 00:11 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2019-03-17 00:08 - 2019-03-17 00:08 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-03-17 00:06 - 2019-03-17 00:06 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-03-17 00:06 - 2019-03-17 00:06 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-03-16 23:53 - 2019-03-17 00:07 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-03-16 23:53 - 2019-03-16 23:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\RivetNetworks
2019-03-16 23:53 - 2019-03-16 23:53 - 000000000 ____D C:\ProgramData\USOShared
2019-03-16 23:53 - 2019-03-16 23:53 - 000000000 ____D C:\ProgramData\RivetNetworks
2019-03-16 23:53 - 2019-03-16 23:53 - 000000000 ____D C:\Program Files\Realtek
2019-03-16 23:52 - 2019-03-17 00:07 - 000000000 ____D C:\ProgramData\Intel
2019-03-16 23:52 - 2019-03-17 00:07 - 000000000 ____D C:\Program Files\Intel
2019-03-16 23:52 - 2019-03-17 00:06 - 000000000 ____D C:\Intel
2019-03-16 23:52 - 2019-03-16 23:52 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-03-16 23:52 - 2019-03-16 23:52 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-03-16 23:52 - 2019-03-16 23:52 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2019-03-16 23:52 - 2017-08-16 00:02 - 000140296 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2019-03-16 23:52 - 2017-08-16 00:02 - 000116736 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2019-03-16 23:52 - 2017-07-20 12:21 - 000905504 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-03-16 23:52 - 2017-07-20 12:21 - 000776992 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-03-16 23:52 - 2017-07-20 12:21 - 000578848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-03-16 23:52 - 2017-07-20 12:21 - 000477472 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-03-16 23:50 - 2019-03-22 19:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-16 23:50 - 2019-03-17 00:09 - 000234720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-16 23:50 - 2019-03-16 23:50 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-03-16 23:02 - 2019-03-17 00:39 - 000000000 ___HD C:\$SysReset
2019-03-12 19:16 - 2019-03-06 10:39 - 000720536 ____N (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-12 19:16 - 2019-03-06 10:37 - 001616608 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-12 19:16 - 2019-03-06 10:36 - 001047352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-12 19:16 - 2019-03-06 10:20 - 000064000 ____N (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-12 19:16 - 2019-03-06 10:19 - 000058368 ____N (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-12 19:16 - 2019-03-06 10:17 - 012730368 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-12 19:16 - 2019-03-06 10:17 - 000810496 ____N C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-12 19:16 - 2019-03-06 10:17 - 000116736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-12 19:16 - 2019-03-06 10:14 - 001180672 ____N (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-12 19:16 - 2019-03-06 10:14 - 000522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-12 19:16 - 2019-03-06 10:14 - 000488448 ____N (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-12 19:16 - 2019-03-06 10:13 - 004053504 ____N (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-12 19:16 - 2019-03-06 10:13 - 001856512 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-12 19:16 - 2019-03-06 10:13 - 001662976 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-12 19:16 - 2019-03-06 10:13 - 001364992 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-12 19:16 - 2019-03-06 10:12 - 001180672 ____N (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-12 19:16 - 2019-03-06 07:18 - 000918032 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-12 19:16 - 2019-03-06 07:18 - 000607744 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-12 19:16 - 2019-03-06 07:10 - 000044544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-12 19:16 - 2019-03-06 07:09 - 011919360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-12 19:16 - 2019-03-06 07:06 - 000425472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-12 19:16 - 2019-03-06 07:05 - 004054016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-12 19:16 - 2019-03-06 07:05 - 001586176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-12 19:16 - 2019-03-06 07:04 - 001471488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-12 19:16 - 2019-03-06 07:04 - 000423936 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-12 19:16 - 2019-03-06 06:59 - 001008640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-12 19:16 - 2019-03-06 04:29 - 001035040 ____N (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-12 19:16 - 2019-03-06 04:16 - 002822456 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-12 19:16 - 2019-03-06 04:16 - 001457032 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-12 19:16 - 2019-03-06 04:16 - 001188000 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-12 19:16 - 2019-03-06 04:16 - 000776792 ____N (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-12 19:16 - 2019-03-06 04:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-12 19:16 - 2019-03-06 04:16 - 000566568 ____N (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-12 19:16 - 2019-03-06 04:16 - 000527160 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-12 19:16 - 2019-03-06 04:11 - 000493880 ____N (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-12 19:16 - 2019-03-06 04:10 - 000248880 ____N (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-12 19:16 - 2019-03-06 04:07 - 001219896 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-12 19:16 - 2019-03-06 04:07 - 001023800 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-12 19:16 - 2019-03-06 04:07 - 000376120 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-12 19:16 - 2019-03-06 04:06 - 009084216 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-12 19:16 - 2019-03-06 04:06 - 000134968 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-12 19:16 - 2019-03-06 04:06 - 000076088 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-12 19:16 - 2019-03-06 04:05 - 000439224 ____N (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-12 19:16 - 2019-03-06 04:05 - 000436240 ____N (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-12 19:16 - 2019-03-06 04:05 - 000159864 ____N (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-12 19:16 - 2019-03-06 04:04 - 002765856 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-12 19:16 - 2019-03-06 04:04 - 000945464 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-12 19:16 - 2019-03-06 04:04 - 000628024 ____N (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-12 19:16 - 2019-03-06 04:03 - 007519896 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-12 19:16 - 2019-03-06 04:03 - 002719544 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-12 19:16 - 2019-03-06 04:03 - 002465784 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-12 19:16 - 2019-03-06 04:03 - 001921848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-12 19:16 - 2019-03-06 04:03 - 000793400 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-12 19:16 - 2019-03-06 04:03 - 000412984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-12 19:16 - 2019-03-06 04:03 - 000375608 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-12 19:16 - 2019-03-06 04:02 - 002421048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-12 19:16 - 2019-03-06 04:02 - 001257672 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-12 19:16 - 2019-03-06 04:02 - 001140480 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-12 19:16 - 2019-03-06 04:02 - 000982912 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-12 19:16 - 2019-03-06 04:02 - 000626488 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-12 19:16 - 2019-03-06 03:44 - 025856512 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-12 19:16 - 2019-03-06 03:36 - 022716928 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-12 19:16 - 2019-03-06 03:36 - 004383744 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-12 19:16 - 2019-03-06 03:34 - 004866048 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-12 19:16 - 2019-03-06 03:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-12 19:16 - 2019-03-06 03:32 - 003399168 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-12 19:16 - 2019-03-06 03:32 - 000358912 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-12 19:16 - 2019-03-06 03:32 - 000287232 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2019-03-12 19:16 - 2019-03-06 03:32 - 000209408 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-12 19:16 - 2019-03-06 03:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-12 19:16 - 2019-03-06 03:31 - 002368512 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-12 19:16 - 2019-03-06 03:31 - 001826816 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-12 19:16 - 2019-03-06 03:31 - 000894464 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-12 19:16 - 2019-03-06 03:31 - 000808448 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-12 19:16 - 2019-03-06 03:31 - 000726528 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-12 19:16 - 2019-03-06 03:31 - 000353792 ____N (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-12 19:16 - 2019-03-06 03:31 - 000324608 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-12 19:16 - 2019-03-06 03:31 - 000279552 ____N (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-12 19:16 - 2019-03-06 03:31 - 000266752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-12 19:16 - 2019-03-06 03:31 - 000154112 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-12 19:16 - 2019-03-06 03:29 - 002364928 ____N (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-12 19:16 - 2019-03-06 03:29 - 002174976 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-12 19:16 - 2019-03-06 03:29 - 001559552 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-12 19:16 - 2019-03-06 03:29 - 000736256 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-12 19:16 - 2019-03-06 03:28 - 004937728 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-12 19:16 - 2019-03-06 03:28 - 001803776 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-12 19:16 - 2019-03-06 03:27 - 002224640 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-12 19:16 - 2019-03-06 03:27 - 000776192 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-12 19:16 - 2019-03-06 03:27 - 000542720 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-12 19:16 - 2019-03-06 03:27 - 000507392 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-12 19:16 - 2019-03-06 03:26 - 000868864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-12 19:16 - 2019-03-06 03:26 - 000073216 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-12 19:16 - 2019-03-06 03:26 - 000031232 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-12 19:16 - 2019-03-06 03:25 - 000093696 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-12 19:16 - 2019-03-06 02:08 - 000001310 ____N C:\WINDOWS\system32\tcbres.wim
2019-03-12 19:16 - 2019-03-06 01:17 - 001989040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-12 19:16 - 2019-03-06 01:17 - 000146712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-12 19:16 - 2019-03-06 01:15 - 002253488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-12 19:16 - 2019-03-06 01:15 - 000434488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-12 19:16 - 2019-03-06 01:14 - 006568528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-12 19:16 - 2019-03-06 01:14 - 000785568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-12 19:16 - 2019-03-06 01:14 - 000665224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-12 19:16 - 2019-03-06 01:14 - 000450872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-12 19:16 - 2019-03-06 01:14 - 000380728 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-12 19:16 - 2019-03-06 01:13 - 000607248 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-12 19:16 - 2019-03-06 01:05 - 022018048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-12 19:16 - 2019-03-06 00:56 - 019404288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-12 19:16 - 2019-03-06 00:53 - 005307392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-12 19:16 - 2019-03-06 00:53 - 003711488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-12 19:16 - 2019-03-06 00:52 - 005790720 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-12 19:16 - 2019-03-06 00:52 - 000608768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-12 19:16 - 2019-03-06 00:52 - 000261632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-12 19:16 - 2019-03-06 00:51 - 000561152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-12 19:16 - 2019-03-06 00:51 - 000333824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-12 19:16 - 2019-03-06 00:51 - 000032768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-12 19:16 - 2019-03-06 00:50 - 001628160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-12 19:16 - 2019-03-06 00:50 - 001347584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-12 19:16 - 2019-03-06 00:50 - 000578560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-12 19:16 - 2019-03-06 00:49 - 004516352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-12 19:16 - 2019-03-06 00:49 - 000318464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-12 19:16 - 2019-03-06 00:49 - 000251904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-12 19:16 - 2019-03-06 00:48 - 000669696 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-12 19:16 - 2019-03-06 00:48 - 000533504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-12 19:16 - 2019-02-20 22:26 - 000313344 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-12 19:16 - 2019-02-16 08:02 - 002871304 ____N (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-12 19:16 - 2019-02-16 08:02 - 001644040 ____N (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-12 19:16 - 2019-02-16 08:02 - 000808456 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-12 19:16 - 2019-02-16 08:02 - 000735752 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-12 19:16 - 2019-02-16 08:02 - 000620040 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-12 19:16 - 2019-02-16 08:02 - 000460296 ____N (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-12 19:16 - 2019-02-16 08:02 - 000322568 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-12 19:16 - 2019-02-16 08:02 - 000147464 ____N (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-12 19:16 - 2019-02-16 08:02 - 000071176 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-12 19:16 - 2019-02-16 07:57 - 001048472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-12 19:16 - 2019-02-16 07:57 - 000506088 ____N (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-12 19:16 - 2019-02-16 07:56 - 000549520 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-12 19:16 - 2019-02-16 07:56 - 000540984 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-12 19:16 - 2019-02-16 07:53 - 001516416 ____N (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-12 19:16 - 2019-02-16 07:36 - 000127488 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-12 19:16 - 2019-02-16 07:34 - 004718080 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-12 19:16 - 2019-02-16 07:34 - 001725952 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-12 19:16 - 2019-02-16 07:34 - 000302080 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-12 19:16 - 2019-02-16 07:33 - 001786880 ____N (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-12 19:16 - 2019-02-16 07:32 - 003646976 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-12 19:16 - 2019-02-16 07:32 - 002051072 ____N (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-12 19:16 - 2019-02-16 07:31 - 001271808 ____N (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-12 19:16 - 2019-02-16 07:31 - 001003520 ____N (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-12 19:16 - 2019-02-16 07:31 - 000861184 ____N (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-12 19:16 - 2019-02-16 07:31 - 000615424 ____N (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-12 19:16 - 2019-02-16 07:30 - 002019840 ____N (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-12 19:16 - 2019-02-16 07:30 - 000877568 ____N (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-12 19:16 - 2019-02-16 07:29 - 000174080 ____N (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-12 19:16 - 2019-02-16 07:29 - 000091136 ____N (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-12 19:16 - 2019-02-16 07:24 - 000444176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-12 19:16 - 2019-02-16 07:22 - 001322176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-12 19:16 - 2019-02-16 07:08 - 000373760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-12 19:16 - 2019-02-16 07:07 - 001307648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-12 19:16 - 2019-02-16 07:07 - 000484352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-12 19:16 - 2019-02-16 07:06 - 002890752 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-12 19:16 - 2019-02-16 07:06 - 001530880 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-12 19:16 - 2019-02-16 07:06 - 001451520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-12 19:16 - 2019-02-16 07:06 - 000774656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-12 19:16 - 2019-02-16 07:06 - 000765952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-12 19:16 - 2019-02-16 07:04 - 000080384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-12 19:16 - 2019-02-16 05:24 - 023862272 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-12 19:16 - 2019-02-16 05:22 - 019525120 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-12 19:16 - 2019-02-16 03:16 - 000511800 ____N (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-12 19:16 - 2019-02-16 03:15 - 000505656 ____N (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-12 19:16 - 2019-02-16 03:15 - 000035640 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-12 19:16 - 2019-02-16 03:05 - 000087800 ____N (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-12 19:16 - 2019-02-16 03:04 - 000193032 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-12 19:16 - 2019-02-16 03:03 - 007901392 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-12 19:16 - 2019-02-16 03:03 - 005625360 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-12 19:16 - 2019-02-16 03:03 - 000510288 ____N (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-12 19:16 - 2019-02-16 03:02 - 005821440 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-12 19:16 - 2019-02-16 03:02 - 003291632 ____N (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-12 19:16 - 2019-02-16 03:02 - 001934800 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-12 19:16 - 2019-02-16 03:02 - 001792712 ____N (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-12 19:16 - 2019-02-16 03:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-12 19:16 - 2019-02-16 03:02 - 000432952 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-12 19:16 - 2019-02-16 03:02 - 000413712 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-12 19:16 - 2019-02-16 03:01 - 001285424 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-12 19:16 - 2019-02-16 03:01 - 001209696 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-12 19:16 - 2019-02-16 03:01 - 001098056 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-12 19:16 - 2019-02-16 03:01 - 001028920 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-12 19:16 - 2019-02-16 03:01 - 001014344 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-12 19:16 - 2019-02-16 03:01 - 000735464 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-12 19:16 - 2019-02-16 03:01 - 000641984 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-12 19:16 - 2019-02-16 03:01 - 000594024 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-12 19:16 - 2019-02-16 03:01 - 000527160 ____N (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-12 19:16 - 2019-02-16 03:01 - 000480840 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-12 19:16 - 2019-02-16 03:01 - 000335672 ____N (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-12 19:16 - 2019-02-16 03:01 - 000161664 ____N (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-12 19:16 - 2019-02-16 02:57 - 000383288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-12 19:16 - 2019-02-16 02:53 - 000443632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-12 19:16 - 2019-02-16 02:51 - 002479168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-12 19:16 - 2019-02-16 02:51 - 001584536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-12 19:16 - 2019-02-16 02:51 - 000170952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-12 19:16 - 2019-02-16 02:50 - 001805648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-12 19:16 - 2019-02-16 02:50 - 001171336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-12 19:16 - 2019-02-16 02:50 - 001130568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-12 19:16 - 2019-02-16 02:50 - 001011872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-12 19:16 - 2019-02-16 02:50 - 000560384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-12 19:16 - 2019-02-16 02:50 - 000504072 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-12 19:16 - 2019-02-16 02:37 - 009084928 ____N (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-12 19:16 - 2019-02-16 02:36 - 007057408 ____N (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-12 19:16 - 2019-02-16 02:36 - 000144384 ____N (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-12 19:16 - 2019-02-16 02:35 - 008188928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-12 19:16 - 2019-02-16 02:35 - 006661632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-12 19:16 - 2019-02-16 02:34 - 005883904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-12 19:16 - 2019-02-16 02:34 - 000095232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-12 19:16 - 2019-02-16 02:34 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-12 19:16 - 2019-02-16 02:33 - 006646784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-12 19:16 - 2019-02-16 02:33 - 004708864 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-12 19:16 - 2019-02-16 02:33 - 000119808 ____N (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-12 19:16 - 2019-02-16 02:33 - 000054272 ____N (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-12 19:16 - 2019-02-16 02:33 - 000043520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-12 19:16 - 2019-02-16 02:33 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-12 19:16 - 2019-02-16 02:32 - 002969088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-12 19:16 - 2019-02-16 02:32 - 000173568 ____N (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-12 19:16 - 2019-02-16 02:31 - 002825728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-12 19:16 - 2019-02-16 02:31 - 000392704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-12 19:16 - 2019-02-16 02:31 - 000141312 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-12 19:16 - 2019-02-16 02:31 - 000126976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-12 19:16 - 2019-02-16 02:30 - 002449408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-12 19:16 - 2019-02-16 02:30 - 001986560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-12 19:16 - 2019-02-16 02:30 - 001124352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-12 19:16 - 2019-02-16 02:30 - 000530432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-12 19:16 - 2019-02-16 02:30 - 000357888 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-12 19:16 - 2019-02-16 02:30 - 000254464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-12 19:16 - 2019-02-16 02:30 - 000145920 ____N (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-12 19:16 - 2019-02-16 02:29 - 001768448 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-12 19:16 - 2019-02-16 02:29 - 000304128 ____N (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-12 19:16 - 2019-02-16 02:28 - 003381248 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-12 19:16 - 2019-02-16 02:28 - 002585600 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-12 19:16 - 2019-02-16 02:28 - 001668096 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-12 19:16 - 2019-02-16 02:28 - 000713216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-12 19:16 - 2019-02-16 02:28 - 000705024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-12 19:16 - 2019-02-16 02:28 - 000528384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-12 19:16 - 2019-02-16 02:27 - 001364992 ____N (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-12 19:16 - 2019-02-16 02:27 - 000729088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-12 19:16 - 2019-02-16 02:27 - 000686592 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-12 19:16 - 2019-02-16 02:26 - 001459712 ____N (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-12 19:16 - 2019-02-16 02:26 - 001225216 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-12 19:16 - 2019-02-16 02:26 - 000943616 ____N (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-12 19:16 - 2019-02-16 02:26 - 000935424 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-12 19:16 - 2019-02-16 02:26 - 000401920 ____N (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-12 19:16 - 2019-02-16 02:25 - 000884224 ____N (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-12 19:16 - 2019-02-16 02:25 - 000652800 ____N (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-03-22 16:21 - 2018-05-24 06:34 - 000000000 ____D C:\ProgramData\PCDr
2019-03-17 00:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-03-17 00:07 - 2018-05-24 06:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-03-17 00:07 - 2018-05-24 06:48 - 000000000 ____D C:\ProgramData\Intel Security
2019-03-17 00:07 - 2018-05-24 06:47 - 000000000 ____D C:\ProgramData\McAfee
2019-03-17 00:07 - 2018-05-24 06:47 - 000000000 ____D C:\ProgramData\Dell
2019-03-17 00:07 - 2018-05-24 06:47 - 000000000 ____D C:\Program Files\mcafee.com
2019-03-17 00:07 - 2018-05-24 06:47 - 000000000 ____D C:\Program Files\mcafee
2019-03-17 00:07 - 2018-05-24 06:47 - 000000000 ____D C:\Program Files (x86)\McAfee
2019-03-17 00:07 - 2018-05-24 06:43 - 000000000 ____D C:\Program Files (x86)\Dell Update
2019-03-17 00:07 - 2018-05-24 06:43 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2019-03-17 00:07 - 2018-05-24 06:42 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-03-17 00:07 - 2018-05-24 06:41 - 000000000 ____D C:\ProgramData\Package Cache
2019-03-17 00:07 - 2018-05-24 06:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2019-03-17 00:07 - 2018-05-24 06:40 - 000000000 ____D C:\Program Files\Killer Networking
2019-03-17 00:07 - 2018-05-24 06:36 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2019-03-17 00:07 - 2018-05-24 06:36 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2019-03-17 00:07 - 2018-05-24 06:36 - 000000000 ____D C:\Program Files (x86)\Qualcomm
2019-03-17 00:07 - 2018-05-24 06:35 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-03-17 00:07 - 2018-05-24 06:35 - 000000000 ____D C:\ProgramData\SupportAssist
2019-03-17 00:07 - 2018-05-24 06:35 - 000000000 ____D C:\Program Files\Waves
2019-03-17 00:07 - 2018-05-24 06:35 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-03-17 00:07 - 2018-05-24 06:34 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows
2019-03-17 00:07 - 2018-05-24 06:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-03-17 00:07 - 2018-05-24 06:17 - 000000000 ____D C:\Program Files (x86)\Intel
2019-03-17 00:06 - 2018-05-24 07:14 - 000000000 ____D C:\backup
2019-03-17 00:06 - 2018-05-24 06:47 - 000000000 ____D C:\Program Files\Common Files\mcafee
2019-03-17 00:06 - 2018-05-24 06:47 - 000000000 ____D C:\Program Files\Common Files\intel security
2019-03-17 00:06 - 2018-05-24 06:47 - 000000000 ____D C:\Program Files\Common Files\av
2019-03-17 00:06 - 2018-05-24 06:34 - 000000000 ____D C:\Program Files\Dell Support Center
2019-03-17 00:06 - 2018-05-24 06:34 - 000000000 ____D C:\Program Files\Dell
2019-03-17 00:06 - 2017-10-06 13:11 - 000000000 ____D C:\Dell
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\wininit.exe => MD5 is legit
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\SysWOW64\explorer.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe
[2019-02-16 03:52] - [2019-01-09 00:39] - 000085472 ____N (Microsoft Corporation) 0861726716C9610CE5F6BCF3F4858DA1
 
C:\WINDOWS\SysWOW64\svchost.exe
[2019-02-16 03:52] - [2019-01-09 00:43] - 000071456 ____N (Microsoft Corporation) C01CB20D971C3262F1F856B4539DD27C
 
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\SysWOW64\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\SysWOW64\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2019-01-09 18:25] - [2019-01-01 01:41] - 001159680 ____N (Microsoft Corporation) 2383579559B1EB66C4FA2297119CEDD0
 
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\SysWOW64\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\dllhost.exe => MD5 is legit
C:\WINDOWS\SysWOW64\dllhost.exe => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
LastRegBack: 2019-03-16 23:50
 
==================== End of FRST.txt ============================
 
 
Addition Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Administrator (22-03-2019 19:24:40)
Running from F:\
Windows 10 Home Version 1803 17134.648 (X64) (2019-03-17 18:28:07)
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1495125686-121982251-3072640879-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1495125686-121982251-3072640879-503 - Limited - Disabled)
Guest (S-1-5-21-1495125686-121982251-3072640879-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1495125686-121982251-3072640879-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Dell Digital Delivery (HKLM-x32\...\{A9758B6E-19FC-4DB4-A031-AFE6C2327A35}) (Version: 3.5.1004.0 - Dell Products, LP)
Dell Mobile Connect Drivers (HKLM\...\{AAB336F0-6FC6-4BFE-AD7E-315FCDF20156}) (Version: 1.1.3750 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssist Remediation (HKLM\...\{9C32DD4A-3321-4BD5-BD11-C4B18ECE6AE7}) (Version: 3.2.0.4834 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{9ae76d49-72b5-402c-b900-0dc71ab8ebef}) (Version: 3.2.0.4834 - Dell Inc.)
Dell SupportAssistAgent (HKLM\...\{3627F962-F0E0-4E76-BC90-45EBD712E2E6}) (Version: 2.0.4.6 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{AB1A407B-E492-4DA1-B024-F96606D1B0B7}) (Version: 3.2.0.4834 - Dell Inc.)
Dell Update (HKLM-x32\...\{1F21A462-2FB2-4FF5-A114-54BE534B437E}) (Version: 1.11.1.0 - Dell Inc.)
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 2.0.6875.402 - PC-Doctor, Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4758 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.1.1020 - Intel Corporation)
Intel® Ready Mode Technology (HKLM\...\{DBF0CA69-EADE-4CE0-8C09-D200FE80BCDC}) (Version: 1.1.70.534 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Killer Ethernet Performance Driver Suite (HKLM\...\{B3E0B196-E239-4165-89C3-F82446C76D56}) (Version: 1.4.1494 - Rivet Networks)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9266.0 - Waves Audio Ltd.) Hidden
McAfee Security (HKLM-x32\...\MSC) (Version: 16.0.3 - McAfee, Inc.)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8248 - Realtek Semiconductor Corp.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-09-25] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki123931.inf_amd64_750ee5716ca7cecc\igfxDTCM.dll [2017-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-09-25] (McAfee, Inc. -> McAfee, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4DC11491-043B-4C23-875E-DD0B9A68E583} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe (Intel® Trust Services -> Intel® Corporation)
Task: {636A6233-311D-4FF3-8A7A-8DE19EB9F9EC} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {A28E353F-6D24-49D6-9F84-4470CB962B5C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe (Dell Inc. -> Dell Inc.)
Task: {B3D42BBA-39BD-4704-A241-C599516372B7} - System32\Tasks\PCDBackgroundMonSetup => C:\Program Files\Dell\SupportAssist\pcdrcui.exe (Dell Inc. -> PC-Doctor, Inc.)
Task: {D73586E7-62F9-4D8C-A0FD-177B660BFB21} - System32\Tasks\Microsoft\Windows\SysResetLogSuccess => C:\WINDOWS\system32\ResetEngine.exe (Microsoft Windows -> Microsoft Corporation)
Task: {D87D9553-2332-438B-B0B6-8BE3ABE24763} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {E112BA57-821A-4D6E-B844-D09E7B84C83A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {E425345A-E3C2-4FEC-AEA9-4D6157F8D2F8} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {F6D1DE30-B28B-415E-8D5F-75C9514E8B67} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A44EF5CA-C858-4699-8F56-3A59BED5567C}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_1.1.3750.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{9A3EB03F-83AE-49AE-A2AA-50D0FB217256}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_1.1.3750.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{E6E4A89F-94E2-4191-A9B0-5666D05874E2}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_1.1.3750.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{27A01582-4B6A-4C6A-8F25-6B090C601E61}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_1.1.3750.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{A211D1D4-90FD-4FB1-AAE1-FC027112AE4B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
 
==================== Restore Points =========================
 
19-03-2019 00:10:41 Windows Modules Installer
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Display Audio
Description: Intel® Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcDAud
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Realtek Audio
Description: Realtek Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/17/2019 12:15:29 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (03/17/2019 12:15:29 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
 
Error: (03/17/2019 12:15:29 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
Error: (03/17/2019 12:15:29 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d
 
Error: (03/17/2019 12:15:29 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
Error: (03/17/2019 12:11:54 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (03/17/2019 12:11:54 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
Error: (03/17/2019 12:10:59 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
 
 
System errors:
=============
Error: (03/22/2019 07:24:52 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (03/22/2019 07:23:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-LNO50DL)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/22/2019 07:23:01 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-LNO50DL)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/22/2019 07:22:50 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-LNO50DL)
Description: Unable to start a DCOM Server: {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} as Unavailable/Unavailable. The error:
"1008"
Happened while starting this command:
C:\Windows\System32\smartscreen.exe -Embedding
 
Error: (03/22/2019 07:22:47 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-LNO50DL)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/22/2019 07:22:40 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-LNO50DL)
Description: DCOM got error "1084" attempting to start the service netprofm with arguments "Unavailable" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (03/22/2019 07:21:12 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-LNO50DL)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/22/2019 07:11:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-LNO50DL)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Windows Defender:
===================================
Date: 2019-03-19 15:55:21.697
Description: 
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-8100 CPU @ 3.60GHz
Percentage of memory in use: 14%
Total physical RAM: 7999.7 MB
Available physical RAM: 6849.09 MB
Total Virtual: 9279.7 MB
Available Virtual: 8244.99 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:917.65 GB) (Free:886.78 GB) NTFS
Drive f: () (Removable) (Total:14.9 GB) (Free:14.89 GB) FAT32
 
\\?\Volume{c63ca8f1-8b17-4887-b990-9ba815fac3e4}\ (WINRETOOLS) (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
\\?\Volume{3fbc2897-619c-43bf-9d7a-3b26a5038010}\ (Image) (Fixed) (Total:11.58 GB) (Free:0.21 GB) NTFS
\\?\Volume{f15a707a-98aa-4052-b7da-45a6b4f021d0}\ (DELLSUPPORT) (Fixed) (Total:1.06 GB) (Free:0.45 GB) NTFS
\\?\Volume{62e39a1c-11c3-4ee7-bcca-f360f21cd4cc}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.57 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E7ACB5C9)
 
Partition: GPT.
 
========================================================
Disk: 2 (Protective MBR) (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0






Similar Topics

1 user(s) are reading this topic

1 members, 0 guests, 0 anonymous users


    iMacg3

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP