Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected Computer

Started by harveyj176 , Jul 06 2018 12:55 PM

Please log in to reply

#1
harveyj176

Posted 06 July 2018 - 12:55 PM

Member

Member
286 posts

Hi,

over the last couple of days I've been having pages from 'traffic-media' pop up on chrome. Whenever i then search for anything related to malware the browser then immediately shuts. The virus was also blocking me from running any antimalware software. After investigation I was able to find 2 processes of svchost.exe running as a hollow processes, once I end these tasks I am able to run the antimalware software and search on the internet without interruption.

I have attempted various basic antimalware programs which do pick up and clear minor issues but don't remove the problem completely.

Any help would be greatly appreciated. I've attached the log files below as requested.

Thanks,

James

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018

Ran by James (administrator) on DESKTOP-GQDL9OG (06-07-2018 19:30:33)

Running from C:\Users\James\Desktop

Loaded Profiles: James (Available Profiles: James)

Platform: Windows 10 Pro Version 1803 17134.112 (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe

(F5 Networks, Inc.) C:\Windows\SysWOW64\F5TrafficSrv.exe

(F5 Networks, Inc.) C:\Windows\SysWOW64\F5FltSrv.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe

(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe

(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Microsoft Corporation) C:\Windows\System32\SurfaceService.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Plumbytes Software Lp) C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe

() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.App.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

(Microsoft Corporation) C:\Windows\System32\browser_broker.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Microsoft Corporation) C:\Windows\System32\OpenWith.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe

(Microsoft Corporation) C:\Users\James\AppData\Local\Temp\3ECB64A5-A28A-4A4E-9B85-4E92292FDF0D\DismHost.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.1_none_eedfeda03074e04e\TiWorker.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

(Microsoft Corporation) C:\Windows\System32\sfc.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)

HKLM\...\Run: [Plumbytes Anti-Malware] => C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe [2189304 2018-06-13] (Plumbytes Software Lp)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-05-15] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)

HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)

HKU\S-1-5-21-2756646170-1118768877-2006359221-1003\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2017-04-10] (Disc Soft Ltd)

GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{54db6971-3a62-4bc8-bd69-c270c2dac8b5}: [DhcpNameServer] 139.222.130.1 139.222.130.2

Tcpip\..\Interfaces\{a9e144f2-16f9-4eec-b90e-eb2c83ef54cd}: [DhcpNameServer] 172.20.10.1

Tcpip\..\Interfaces\{bc0460f7-76b1-4925-acc2-42c3f7b80d49}: [DhcpNameServer] 192.168.1.254

Internet Explorer:

==================

HKU\S-1-5-21-2756646170-1118768877-2006359221-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-03] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-08] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-08] (Oracle Corporation)

DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab

DPF: HKLM-x32 {206599BA-54C3-4B56-8B27-361541F02B36} hxxp://139.222.133.103/tools/xc_loader_activex.ocx

DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab

DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\WINDOWS\TEMP\f5tmp\urxvpn.cab

DPF: HKLM-x32 {2c8ffa64-e3f7-49ae-87c2-49018fde3aea} file://C:/Program Files (x86)/F5 VPN/F5_TMP/OesisInspector.cab

DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\WINDOWS\TEMP\f5tmp\f5tunsrv.cab

DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab

DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab

DPF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab

DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab

DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\WINDOWS\TEMP\f5tmp\urxhost.cab

DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)

FireFox:

========

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)

FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll [2010-08-05] (CambridgeSoft Corp.)

FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll [2010-08-05] (CambridgeSoft Corp.)

FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=16.0 -> C:\Program Files (x86)\PerkinElmerInformatics\ChemOffice2016\ChemDraw\npcdp32.dll [2016-10-05] (PerkinElmer)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-08] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-08] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-04] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)

FF Plugin HKU\S-1-5-21-2756646170-1118768877-2006359221-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-03-09] (Unity Technologies ApS)

Chrome:

=======

CHR HomePage: Default -> hxxps://www.google.co.uk/

CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"

CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default [2018-07-06]

CHR Extension: (Slides) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]

CHR Extension: (Docs) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]

CHR Extension: (Google Drive) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-25]

CHR Extension: (YouTube) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-25]

CHR Extension: (Sheets) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]

CHR Extension: (Google Docs Offline) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-25]

CHR Extension: ( Add to Giftster Wish List Registry) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\igbiconphejknohhlfkbccjlemlnjndc [2016-12-06]

CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]

CHR Extension: (Gmail) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-25]

CHR Extension: (Chrome Media Router) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-18]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-20] (Microsoft Corporation)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)

R2 F5 Networks Component Installer; C:\WINDOWS\SysWOW64\F5InstallerService.exe [415712 2017-12-19] (F5 Networks, Inc.)

R2 F5FltSrv; C:\WINDOWS\SysWOW64\F5FltSrv.exe [358368 2017-12-20] (F5 Networks, Inc.)

R2 F5TrafficSrv; C:\WINDOWS\SysWOW64\F5TrafficSrv.exe [217104 2016-04-19] (F5 Networks, Inc.)

R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2018-04-17] (Foxit Software Inc.)

R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)

R2 pbamw_service; C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe [134136 2018-06-13] (Plumbytes Software Lp)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)

S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()

S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-27] (Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-04-10] (Disc Soft Ltd)

R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-04-10] (Disc Soft Ltd)

S3 F5FltDrv; C:\WINDOWS\SysWOW64\drivers\F5FltDrv.sys [47848 2017-12-19] (F5 Networks, Inc.)

S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [34536 2015-08-14] (F5 Networks, Inc.)

R3 iactrllogic; C:\WINDOWS\System32\drivers\iactrllogic64.sys [183184 2017-10-12] (Intel® Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-06] (Malwarebytes)

R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)

R3 urvpndrv; C:\WINDOWS\System32\drivers\covpnv64.sys [57736 2017-12-19] (F5 Networks, Inc.)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-27] (Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-27] (Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-27] (Microsoft Corporation)

R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-07-05] (Zemana Ltd.)

R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-07-05] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-06 19:30 - 2018-07-06 19:31 - 000018539 _____ C:\Users\James\Desktop\FRST.txt

2018-07-06 19:26 - 2018-07-06 19:26 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys

2018-07-06 00:29 - 2018-07-06 19:30 - 000000000 ____D C:\FRST

2018-07-06 00:28 - 2018-07-06 00:28 - 002412544 _____ (Farbar) C:\Users\James\Desktop\FRST64.exe

2018-07-05 22:27 - 2018-07-05 22:27 - 108003328 _____ C:\WINDOWS\system32\config\SOFTWARE

2018-07-05 22:21 - 2018-07-05 22:26 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware

2018-07-05 21:58 - 2018-07-05 22:37 - 000000000 ____D C:\Users\James\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}

2018-07-05 21:58 - 2018-07-05 21:58 - 000000000 ____D C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plumbytes Anti-Malware

2018-07-05 21:58 - 2018-07-05 21:58 - 000000000 ____D C:\Program Files\Plumbytes Software

2018-07-05 21:28 - 2018-07-05 21:28 - 000000000 ___HD C:\OneDriveTemp

2018-07-05 21:20 - 2018-07-05 21:20 - 003027568 _____ C:\Users\James\Desktop\-midlehner_et_al-2018-European_Journal_of_Organic_Chemistry.pdf

2018-07-05 21:19 - 2018-07-05 21:19 - 000498358 _____ C:\Users\James\Desktop\nihms-389701.pdf

2018-07-05 21:19 - 2018-07-05 21:19 - 000099698 _____ C:\Users\James\Desktop\v53n3a3.pdf

2018-07-05 21:12 - 2018-07-06 19:31 - 003190846 _____ C:\WINDOWS\ZAM_Guard.krnl.trace

2018-07-05 21:12 - 2018-07-06 19:31 - 000426167 _____ C:\WINDOWS\ZAM.krnl.trace

2018-07-05 21:12 - 2018-07-05 21:12 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys

2018-07-05 21:12 - 2018-07-05 21:12 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys

2018-07-05 21:12 - 2018-07-05 21:12 - 000000000 ____D C:\Users\James\AppData\Local\Zemana

2018-07-05 21:12 - 2018-07-05 21:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware

2018-07-05 21:12 - 2018-07-05 21:12 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware

2018-07-05 18:57 - 2018-07-05 18:57 - 000398255 _____ C:\Users\James\Desktop\Takeback Waste Transfer Note TB_78069.pdf

2018-07-05 18:36 - 2018-07-05 18:36 - 000001922 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2018-07-05 18:36 - 2018-07-05 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2018-07-05 18:36 - 2018-07-05 18:36 - 000000000 ____D C:\ProgramData\Malwarebytes

2018-07-05 18:36 - 2018-07-05 18:36 - 000000000 ____D C:\Program Files\Malwarebytes

2018-07-05 18:36 - 2018-07-05 18:26 - 007395536 _____ (Malwarebytes) C:\Users\James\Desktop\AdwCleaner.exe

2018-07-05 18:36 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

2018-07-05 17:21 - 2018-07-05 17:21 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe

2018-07-05 17:16 - 2018-07-05 17:22 - 000000000 ____D C:\ProgramData\HitmanPro

2018-07-05 17:16 - 2018-07-05 17:16 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys

2018-07-05 17:16 - 2018-07-05 17:16 - 000000000 ____D C:\Program Files\HitmanPro

2018-07-05 17:15 - 2018-07-05 17:15 - 011576808 _____ (SurfRight B.V.) C:\Users\James\Desktop\HitmanPro_x64.exe

2018-07-05 01:34 - 2018-07-05 01:34 - 000000000 ____D C:\Users\James\AppData\LocalLow\Empyrean

2018-07-05 01:24 - 2018-07-05 01:24 - 000003756 _____ C:\WINDOWS\System32\Tasks\{8DA86CE8-40FF-4F13-3D73-A18127D71B5C}

2018-07-05 01:24 - 2018-07-05 01:24 - 000003552 _____ C:\WINDOWS\System32\Tasks\{13D519CB-2588-9DA6-6E1A-ABB8D1113305}

2018-07-05 01:24 - 2018-07-05 01:24 - 000000002 _____ C:\Users\James\AppData\Local\WMI.ini

2018-07-03 23:36 - 2018-07-03 23:36 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk

2018-07-03 23:36 - 2018-07-03 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools

2018-06-30 18:59 - 2018-07-05 01:37 - 000000000 ____D C:\Users\James\AppData\LocalLow\uTorrent

2018-06-30 11:58 - 2018-06-30 11:58 - 000001293 _____ C:\Users\Public\Desktop\SHAREit.lnk

2018-06-30 11:58 - 2018-06-30 11:58 - 000000000 ____D C:\Users\James\AppData\Roaming\Umeng

2018-06-30 11:58 - 2018-06-30 11:58 - 000000000 ____D C:\Users\James\AppData\Local\SHAREit Technologies

2018-06-30 11:58 - 2018-06-30 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit

2018-06-30 11:58 - 2018-06-30 11:58 - 000000000 ____D C:\Program Files (x86)\SHAREit Technologies

2018-06-29 11:41 - 2018-06-29 11:41 - 000000000 ____D C:\Users\James\Desktop\HPLC

2018-06-28 14:17 - 2018-06-28 14:17 - 000410758 _____ C:\Users\James\Desktop\Donald Trump Very Fake News.wav

2018-06-27 17:12 - 2018-06-27 17:12 - 000000930 _____ C:\Users\James\Desktop\nmr - Shortcut.lnk

2018-06-26 15:39 - 2018-07-05 17:09 - 000000000 ____D C:\Users\James\chemaxon

2018-06-26 15:37 - 2018-06-26 15:37 - 000015248 _____ C:\Users\James\Desktop\Metabolite storage.xlsx

2018-06-26 15:31 - 2018-06-26 15:34 - 000000000 ____D C:\Users\James\AppData\Roaming\ChemAxon

2018-06-26 14:31 - 2018-06-26 14:31 - 000001807 _____ C:\Users\James\Desktop\MKVToolNix GUI.lnk

2018-06-23 16:23 - 2018-06-23 16:23 - 000000000 ___HD C:\ProgramData\CanonBJ

2018-06-23 15:57 - 2018-06-23 15:57 - 000000000 ____D C:\Users\James\AppData\Roaming\Shark007

2018-06-23 15:57 - 2018-06-23 15:57 - 000000000 ____D C:\ProgramData\Shark007

2018-06-23 15:57 - 2018-06-23 15:57 - 000000000 ____D C:\Program Files\Shark007

2018-06-23 15:57 - 2018-06-10 13:36 - 028663008 _____ C:\WINDOWS\system32\x265vfw.dll

2018-06-23 15:57 - 2018-02-22 05:00 - 002207232 _____ (MPC-HC Team) C:\WINDOWS\system32\VSFilter.dll

2018-06-23 15:57 - 2017-07-30 06:50 - 003799552 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll

2018-06-23 15:57 - 2015-03-04 20:45 - 000260184 _____ C:\WINDOWS\system32\unrar.dll

2018-06-23 15:57 - 2013-04-06 00:27 - 002231296 _____ C:\WINDOWS\system32\ac3filter.acm.new

2018-06-23 15:57 - 2013-04-06 00:27 - 002231296 _____ C:\WINDOWS\system32\ac3filter.acm

2018-06-23 15:57 - 2013-04-06 00:27 - 000324608 _____ (IntelleSoft) C:\WINDOWS\system32\BugTrap-x64.dll

2018-06-23 15:57 - 2009-08-11 21:22 - 000580096 _____ C:\WINDOWS\system32\ac3filter.acm.old

2018-06-23 15:57 - 2009-01-23 01:51 - 000124909 _____ (Open Source Software community project) C:\WINDOWS\system32\pthreadGC2.dll

2018-06-23 15:56 - 2018-06-23 15:57 - 000000000 ____D C:\Users\James\AppData\Roaming\Advanced

2018-06-23 15:56 - 2018-06-23 15:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs

2018-06-23 15:56 - 2018-06-23 15:57 - 000000000 ____D C:\ProgramData\Advanced

2018-06-23 15:56 - 2018-06-23 15:56 - 000000000 ____D C:\Program Files (x86)\Shark007

2018-06-23 15:03 - 2018-06-23 15:03 - 000000000 ____D C:\Users\James\AppData\Local\bunkus.org

2018-06-23 15:02 - 2018-06-23 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix

2018-06-23 15:02 - 2018-06-23 15:02 - 000000000 ____D C:\Program Files\MKVToolNix

2018-06-23 14:54 - 2018-06-23 14:54 - 000000000 ____D C:\Users\James\.MakeMKV

2018-06-23 14:42 - 2018-06-23 14:42 - 000000000 ____D C:\Users\James\AppData\Roaming\Boilsoft

2018-06-23 14:29 - 2018-07-05 17:25 - 000000000 ____D C:\ProgramData\Betternet

2018-06-23 14:29 - 2018-06-23 14:29 - 000002108 _____ C:\Users\Public\Desktop\Betternet.lnk

2018-06-23 14:29 - 2018-06-23 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betternet Technologies Inc

2018-06-23 14:29 - 2018-06-23 14:29 - 000000000 ____D C:\Program Files (x86)\Betternet

2018-06-20 19:48 - 2018-06-20 21:21 - 000000000 ____D C:\Users\James\Desktop\eBay

2018-06-20 19:42 - 2018-07-06 19:15 - 000000000 ____D C:\Users\James\AppData\Local\D3DSCache

2018-06-19 19:04 - 2018-06-19 19:04 - 000000000 ____D C:\ProgramData\Packages

2018-06-18 21:41 - 2018-06-18 21:41 - 000000000 ____D C:\Users\James\Documents\Garmin

2018-06-18 21:39 - 2018-06-18 22:20 - 000000000 ____D C:\ProgramData\Garmin

2018-06-18 21:39 - 2018-06-18 21:39 - 000000000 ____D C:\Users\James\AppData\Roaming\Garmin

2018-06-18 21:39 - 2018-06-18 21:39 - 000000000 ____D C:\Users\James\AppData\Local\Garmin_Ltd._or_its_subsid

2018-06-18 21:39 - 2018-06-18 21:39 - 000000000 ____D C:\Program Files\DIFX

2018-06-18 21:38 - 2018-06-18 22:19 - 000000000 ____D C:\Program Files (x86)\Garmin

2018-06-13 09:55 - 2018-06-13 09:55 - 000004590 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier

2018-06-13 09:55 - 2018-06-13 09:55 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2018-06-12 21:15 - 2018-06-08 20:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

2018-06-12 21:15 - 2018-06-08 20:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL

2018-06-12 21:15 - 2018-06-08 19:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2018-06-12 21:15 - 2018-06-08 19:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2018-06-12 21:15 - 2018-06-08 19:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2018-06-12 21:15 - 2018-06-08 19:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2018-06-12 21:15 - 2018-06-08 18:06 - 001539488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll

2018-06-12 21:15 - 2018-06-08 17:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2018-06-12 21:15 - 2018-06-08 11:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll

2018-06-12 21:15 - 2018-06-08 11:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2018-06-12 21:15 - 2018-06-08 10:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2018-06-12 21:15 - 2018-06-08 10:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2018-06-12 21:15 - 2018-06-08 10:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2018-06-12 21:15 - 2018-06-08 10:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll

2018-06-12 21:15 - 2018-06-08 10:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2018-06-12 21:15 - 2018-06-08 10:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2018-06-12 21:15 - 2018-06-08 10:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll

2018-06-12 21:15 - 2018-06-08 10:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2018-06-12 21:15 - 2018-06-08 10:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll

2018-06-12 21:15 - 2018-06-08 10:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2018-06-12 21:15 - 2018-06-08 10:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll

2018-06-12 21:15 - 2018-06-08 10:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll

2018-06-12 21:15 - 2018-06-08 10:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll

2018-06-12 21:15 - 2018-06-08 10:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2018-06-12 21:15 - 2018-06-08 10:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll

2018-06-12 21:15 - 2018-06-08 10:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll

2018-06-12 21:15 - 2018-06-08 10:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2018-06-12 21:15 - 2018-06-08 10:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2018-06-12 21:15 - 2018-06-08 10:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2018-06-12 21:15 - 2018-06-08 10:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

2018-06-12 21:15 - 2018-06-08 10:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll

2018-06-12 21:15 - 2018-06-08 10:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll

2018-06-12 21:15 - 2018-06-08 10:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

2018-06-12 21:15 - 2018-06-08 10:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2018-06-12 21:15 - 2018-06-08 10:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2018-06-12 21:15 - 2018-06-08 10:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2018-06-12 21:15 - 2018-06-08 10:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll

2018-06-12 21:15 - 2018-06-08 10:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2018-06-12 21:15 - 2018-06-08 09:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll

2018-06-12 21:15 - 2018-06-08 09:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2018-06-12 21:15 - 2018-06-08 09:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2018-06-12 21:15 - 2018-06-08 09:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2018-06-12 21:15 - 2018-06-08 09:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll

2018-06-12 21:15 - 2018-06-08 09:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2018-06-12 21:15 - 2018-06-08 09:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll

2018-06-12 21:15 - 2018-06-08 09:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2018-06-12 21:15 - 2018-06-08 09:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2018-06-12 21:15 - 2018-06-06 19:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll

2018-06-12 21:14 - 2018-06-08 20:07 - 002266520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll

2018-06-12 21:14 - 2018-06-08 20:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe

2018-06-12 21:14 - 2018-06-08 20:07 - 000183712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe

2018-06-12 21:14 - 2018-06-08 20:07 - 000040864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClientPS.dll

2018-06-12 21:14 - 2018-06-08 20:07 - 000019872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVTerminator.dll

2018-06-12 21:14 - 2018-06-08 20:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2018-06-12 21:14 - 2018-06-08 20:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2018-06-12 21:14 - 2018-06-08 20:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe

2018-06-12 21:14 - 2018-06-08 20:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll

2018-06-12 21:14 - 2018-06-08 19:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll

2018-06-12 21:14 - 2018-06-08 19:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2018-06-12 21:14 - 2018-06-08 19:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll

2018-06-12 21:14 - 2018-06-08 19:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe

2018-06-12 21:14 - 2018-06-08 19:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE

2018-06-12 21:14 - 2018-06-08 19:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll

2018-06-12 21:14 - 2018-06-08 19:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll

2018-06-12 21:14 - 2018-06-08 19:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll

2018-06-12 21:14 - 2018-06-08 19:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll

2018-06-12 21:14 - 2018-06-08 19:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe

2018-06-12 21:14 - 2018-06-08 19:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll

2018-06-12 21:14 - 2018-06-08 19:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll

2018-06-12 21:14 - 2018-06-08 19:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll

2018-06-12 21:14 - 2018-06-08 19:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll

2018-06-12 21:14 - 2018-06-08 19:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2018-06-12 21:14 - 2018-06-08 19:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll

2018-06-12 21:14 - 2018-06-08 19:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2018-06-12 21:14 - 2018-06-08 19:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2018-06-12 21:14 - 2018-06-08 19:42 - 000800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe

2018-06-12 21:14 - 2018-06-08 19:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll

2018-06-12 21:14 - 2018-06-08 19:42 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe

2018-06-12 21:14 - 2018-06-08 19:42 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe

2018-06-12 21:14 - 2018-06-08 19:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll

2018-06-12 21:14 - 2018-06-08 19:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

2018-06-12 21:14 - 2018-06-08 19:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll

2018-06-12 21:14 - 2018-06-08 19:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2018-06-12 21:14 - 2018-06-08 19:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe

2018-06-12 21:14 - 2018-06-08 19:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll

2018-06-12 21:14 - 2018-06-08 19:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll

2018-06-12 21:14 - 2018-06-08 18:07 - 000148896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe

2018-06-12 21:14 - 2018-06-08 18:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2018-06-12 21:14 - 2018-06-08 17:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL

2018-06-12 21:14 - 2018-06-08 17:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll

2018-06-12 21:14 - 2018-06-08 17:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe

2018-06-12 21:14 - 2018-06-08 17:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2018-06-12 21:14 - 2018-06-08 17:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2018-06-12 21:14 - 2018-06-08 17:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll

2018-06-12 21:14 - 2018-06-08 17:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2018-06-12 21:14 - 2018-06-08 17:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll

2018-06-12 21:14 - 2018-06-08 17:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll

2018-06-12 21:14 - 2018-06-08 17:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll

2018-06-12 21:14 - 2018-06-08 17:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll

2018-06-12 21:14 - 2018-06-08 17:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe

2018-06-12 21:14 - 2018-06-08 17:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2018-06-12 21:14 - 2018-06-08 17:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll

2018-06-12 21:14 - 2018-06-08 17:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll

2018-06-12 21:14 - 2018-06-08 17:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe

2018-06-12 21:14 - 2018-06-08 17:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll

2018-06-12 21:14 - 2018-06-08 17:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll

2018-06-12 21:14 - 2018-06-08 15:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll

2018-06-12 21:14 - 2018-06-08 15:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll

2018-06-12 21:14 - 2018-06-08 11:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll

2018-06-12 21:14 - 2018-06-08 11:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2018-06-12 21:14 - 2018-06-08 11:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll

2018-06-12 21:14 - 2018-06-08 11:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2018-06-12 21:14 - 2018-06-08 11:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll

2018-06-12 21:14 - 2018-06-08 11:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2018-06-12 21:14 - 2018-06-08 11:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys

2018-06-12 21:14 - 2018-06-08 11:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys

2018-06-12 21:14 - 2018-06-08 10:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2018-06-12 21:14 - 2018-06-08 10:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2018-06-12 21:14 - 2018-06-08 10:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe

2018-06-12 21:14 - 2018-06-08 10:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe

2018-06-12 21:14 - 2018-06-08 10:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll

2018-06-12 21:14 - 2018-06-08 10:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll

2018-06-12 21:14 - 2018-06-08 10:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2018-06-12 21:14 - 2018-06-08 10:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2018-06-12 21:14 - 2018-06-08 10:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys

2018-06-12 21:14 - 2018-06-08 10:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll

2018-06-12 21:14 - 2018-06-08 10:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2018-06-12 21:14 - 2018-06-08 10:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll

2018-06-12 21:14 - 2018-06-08 10:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2018-06-12 21:14 - 2018-06-08 10:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2018-06-12 21:14 - 2018-06-08 10:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe

2018-06-12 21:14 - 2018-06-08 10:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2018-06-12 21:14 - 2018-06-08 10:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe

2018-06-12 21:14 - 2018-06-08 10:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2018-06-12 21:14 - 2018-06-08 10:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll

2018-06-12 21:14 - 2018-06-08 10:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2018-06-12 21:14 - 2018-06-08 10:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll

2018-06-12 21:14 - 2018-06-08 10:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2018-06-12 21:14 - 2018-06-08 10:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL

2018-06-12 21:14 - 2018-06-08 10:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2018-06-12 21:14 - 2018-06-08 10:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys

2018-06-12 21:14 - 2018-06-08 10:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2018-06-12 21:14 - 2018-06-08 10:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2018-06-12 21:14 - 2018-06-08 10:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

2018-06-12 21:14 - 2018-06-08 10:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys

2018-06-12 21:14 - 2018-06-08 10:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2018-06-12 21:14 - 2018-06-08 10:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2018-06-12 21:14 - 2018-06-08 10:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2018-06-12 21:14 - 2018-06-08 10:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys

2018-06-12 21:14 - 2018-06-08 10:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys

2018-06-12 21:14 - 2018-06-08 10:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll

2018-06-12 21:14 - 2018-06-08 10:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll

2018-06-12 21:14 - 2018-06-08 10:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll

2018-06-12 21:14 - 2018-06-08 10:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2018-06-12 21:14 - 2018-06-08 10:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll

2018-06-12 21:14 - 2018-06-08 10:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2018-06-12 21:14 - 2018-06-08 10:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL

2018-06-12 21:14 - 2018-06-08 10:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2018-06-12 21:14 - 2018-06-08 10:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll

2018-06-12 21:14 - 2018-06-08 10:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2018-06-12 21:14 - 2018-06-08 10:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll

2018-06-12 21:14 - 2018-06-08 10:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll

2018-06-12 21:14 - 2018-06-08 10:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll

2018-06-12 21:14 - 2018-06-08 10:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll

2018-06-12 21:14 - 2018-06-08 10:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll

2018-06-12 21:14 - 2018-06-08 10:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll

2018-06-12 21:14 - 2018-06-08 10:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll

2018-06-12 21:14 - 2018-06-08 10:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys

2018-06-12 21:14 - 2018-06-08 10:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll

2018-06-12 21:14 - 2018-06-08 10:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe

2018-06-12 21:14 - 2018-06-08 10:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe

2018-06-12 21:14 - 2018-06-08 10:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2018-06-12 21:14 - 2018-06-08 10:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

2018-06-12 21:14 - 2018-06-08 10:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe

2018-06-12 21:14 - 2018-06-08 10:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll

2018-06-12 21:14 - 2018-06-08 10:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll

2018-06-12 21:14 - 2018-06-08 10:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll

2018-06-12 21:14 - 2018-06-08 10:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll

2018-06-12 21:14 - 2018-06-08 10:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll

2018-06-12 21:14 - 2018-06-08 10:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys

2018-06-12 21:14 - 2018-06-08 10:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll

2018-06-12 21:14 - 2018-06-08 10:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll

2018-06-12 21:14 - 2018-06-08 10:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe

2018-06-12 21:14 - 2018-06-08 10:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll

2018-06-12 21:14 - 2018-06-08 10:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll

2018-06-12 21:14 - 2018-06-08 10:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys

2018-06-12 21:14 - 2018-06-08 09:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2018-06-12 21:14 - 2018-06-08 09:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll

2018-06-12 21:14 - 2018-06-08 09:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll

2018-06-12 21:14 - 2018-06-08 09:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll

2018-06-12 21:14 - 2018-06-08 09:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll

2018-06-12 21:14 - 2018-06-08 09:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe

2018-06-12 21:14 - 2018-06-08 09:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll

2018-06-12 21:14 - 2018-06-08 09:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll

2018-06-12 21:14 - 2018-06-08 09:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2018-06-12 21:14 - 2018-06-08 09:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2018-06-12 21:14 - 2018-06-08 09:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll

2018-06-12 21:14 - 2018-06-08 09:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll

2018-06-12 21:14 - 2018-06-08 09:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys

2018-06-12 21:14 - 2018-06-08 09:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll

2018-06-12 21:14 - 2018-06-08 09:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll

2018-06-12 21:14 - 2018-06-08 09:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe

2018-06-12 21:14 - 2018-06-08 09:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2018-06-12 21:14 - 2018-06-08 09:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2018-06-12 21:14 - 2018-06-08 09:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll

2018-06-12 21:14 - 2018-06-08 09:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll

2018-06-12 21:14 - 2018-06-08 09:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll

2018-06-12 21:14 - 2018-06-08 09:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys

2018-06-12 21:14 - 2018-06-08 09:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll

2018-06-12 21:14 - 2018-06-08 09:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll

2018-06-12 21:14 - 2018-06-08 09:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL

2018-06-12 21:14 - 2018-06-08 09:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2018-06-12 21:14 - 2018-06-08 09:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

2018-06-12 21:14 - 2018-06-08 09:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll

2018-06-12 21:14 - 2018-06-08 09:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL

2018-06-12 21:14 - 2018-06-08 09:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2018-06-12 21:14 - 2018-06-08 09:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL

2018-06-12 21:14 - 2018-06-08 09:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2018-06-12 21:14 - 2018-06-08 09:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2018-06-12 21:14 - 2018-06-08 09:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll

2018-06-12 21:14 - 2018-06-08 09:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2018-06-12 21:14 - 2018-06-08 09:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2018-06-12 21:14 - 2018-06-08 09:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2018-06-12 21:14 - 2018-06-08 09:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll

2018-06-12 21:14 - 2018-06-08 09:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll

2018-06-12 21:14 - 2018-06-08 08:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim

2018-06-12 21:14 - 2018-06-06 05:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll

2018-06-12 21:14 - 2018-06-02 00:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll

2018-06-12 21:14 - 2018-06-01 23:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll

2018-06-12 21:14 - 2018-05-25 04:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll

2018-06-10 13:22 - 2018-06-10 13:22 - 006401538 _____ C:\WINDOWS\SysWOW64\x265vfw.dll

2018-06-09 21:21 - 2018-06-09 21:21 - 000000000 ____D C:\Users\James\AppData\LocalLow\Mografi

2018-06-09 20:32 - 2018-06-09 20:32 - 000002232 _____ C:\Users\Public\Desktop\Foxit Reader.lnk

2018-06-09 20:31 - 2018-06-09 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

2018-06-09 20:21 - 2018-06-09 20:21 - 000001826 _____ C:\Users\Public\Desktop\iTunes.lnk

2018-06-09 20:21 - 2018-06-09 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2018-06-09 20:21 - 2018-06-09 20:21 - 000000000 ____D C:\Program Files\iPod

2018-06-09 20:20 - 2018-06-09 20:21 - 000000000 ____D C:\Program Files\iTunes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-06 19:28 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2018-07-06 19:17 - 2018-05-28 23:15 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EC77214A-4C4C-4B1C-BFE4-1DA70327E3B6}

2018-07-06 19:15 - 2018-05-28 23:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2018-07-06 19:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase

2018-07-06 02:00 - 2017-04-10 16:11 - 000000000 ____D C:\Users\James\AppData\Local\Adobe

2018-07-05 21:38 - 2016-11-25 15:58 - 000000000 ____D C:\Users\James\AppData\Local\VirtualStore

2018-07-05 21:33 - 2018-05-28 23:17 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2018-07-05 21:33 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF

2018-07-05 21:28 - 2016-11-25 15:59 - 000000000 ___RD C:\Users\James\OneDrive

2018-07-05 21:27 - 2018-05-28 23:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2018-07-05 21:21 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2018-07-05 21:21 - 2016-12-16 23:03 - 000040190 _____ C:\WINDOWS\system32\OV8865_REAR.aiqd

2018-07-05 21:21 - 2016-11-25 03:40 - 000041448 _____ C:\WINDOWS\system32\OV7251_FRONT.aiqd

2018-07-05 21:21 - 2016-11-25 03:40 - 000041448 _____ C:\WINDOWS\system32\OV5693_FRONT.aiqd

2018-07-05 18:42 - 2018-04-12 13:22 - 000000000 ____D C:\Program Files\Transport Fever

2018-07-05 18:37 - 2017-06-21 02:12 - 000000000 ____D C:\AdwCleaner

2018-07-05 18:35 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness

2018-07-05 16:49 - 2016-12-02 21:55 - 000000000 ____D C:\Users\James\AppData\Roaming\vlc

2018-07-05 13:26 - 2018-05-28 23:06 - 000000000 ____D C:\Users\James

2018-07-05 13:11 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF

2018-07-05 01:37 - 2016-12-21 03:49 - 000000000 ____D C:\Users\James\AppData\Roaming\uTorrent

2018-07-05 01:14 - 2017-04-20 12:22 - 000000000 ____D C:\Program Files (x86)\Steam

2018-07-05 00:37 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps

2018-07-03 23:36 - 2016-11-24 20:23 - 000002508 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk

2018-07-03 23:36 - 2016-08-11 04:43 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk

2018-07-03 23:36 - 2016-08-11 04:43 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk

2018-07-03 23:36 - 2016-08-11 04:43 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk

2018-07-03 23:36 - 2016-08-11 04:43 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk

2018-07-03 23:36 - 2016-08-11 04:43 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk

2018-07-03 23:36 - 2016-08-11 04:43 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk

2018-07-03 23:34 - 2016-08-11 04:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2018-06-30 13:40 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2018-06-30 11:57 - 2018-01-26 00:21 - 000000000 ____D C:\Users\James\AppData\Local\Packages

2018-06-30 11:46 - 2018-05-30 10:38 - 000000000 ____D C:\Users\James\AppData\Local\PlaceholderTileLogoFolder

2018-06-27 15:22 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files

2018-06-27 15:21 - 2017-06-15 12:10 - 000001883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIG-IP Edge Client.lnk

2018-06-27 15:21 - 2017-06-15 12:10 - 000000000 ____D C:\Program Files (x86)\F5 VPN

2018-06-27 14:48 - 2018-02-21 18:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2018-06-27 10:24 - 2016-11-25 02:16 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-06-27 10:24 - 2016-11-25 02:16 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2018-06-26 15:20 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2018-06-26 14:38 - 2017-06-09 16:13 - 000000000 ____D C:\Program Files (x86)\OSTotoSoft

2018-06-23 16:23 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\spool

2018-06-23 15:57 - 2018-05-28 23:07 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2018-06-23 13:11 - 2016-12-21 03:50 - 000000906 _____ C:\Users\James\Desktop\µTorrent.lnk

2018-06-23 13:11 - 2016-12-21 03:50 - 000000886 _____ C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2018-06-21 22:53 - 2018-05-28 23:15 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2756646170-1118768877-2006359221-1003

2018-06-21 22:53 - 2018-05-28 23:06 - 000002377 _____ C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2018-06-18 22:20 - 2016-08-11 04:41 - 000000000 ____D C:\ProgramData\Package Cache

2018-06-13 09:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed

2018-06-13 09:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

2018-06-12 21:57 - 2018-05-28 23:04 - 000478072 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\zu-ZA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\yo-NG

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\xh-ZA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\wo-SN

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\tn-ZA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ti-ET

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\rw-RW

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\nso-ZA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ig-NG

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA

2018-06-12 21:56 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2018-06-12 21:56 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2018-06-12 21:56 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Dism

2018-06-12 21:18 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp

2018-06-12 21:14 - 2016-11-24 22:09 - 000000000 ____D C:\WINDOWS\system32\MRT

2018-06-12 21:12 - 2017-10-11 20:50 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

2018-06-12 21:12 - 2016-11-24 22:09 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2018-06-09 22:40 - 2018-01-27 18:52 - 000000000 ___RD C:\Users\James\3D Objects

2018-06-09 22:40 - 2016-08-11 05:11 - 000000000 __RHD C:\Users\Public\AccountPictures

2018-06-09 22:38 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2018-06-09 22:38 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB

2018-06-09 22:38 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\setup

2018-06-09 22:38 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\en-GB

2018-06-09 20:32 - 2016-11-27 20:41 - 000000000 ____D C:\ProgramData\Foxit Software

2018-06-09 20:32 - 2016-11-24 23:27 - 000001153 _____ C:\Users\Public\Desktop\VLC media player.lnk

2018-06-06 00:29 - 2018-04-12 00:41 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2018-06-06 00:29 - 2018-04-12 00:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2018-04-12 00:34 - 2018-04-12 00:34 - 000059904 ____N (Microsoft Corporation) C:\Users\James\OOijLea.exe

2018-04-24 18:01 - 2018-04-24 18:01 - 366870165 _____ () C:\Users\James\AppData\Local\ACCCx4_4_1_298.zip.aamdownload

2018-04-24 18:01 - 2018-04-24 18:01 - 000004029 _____ () C:\Users\James\AppData\Local\ACCCx4_4_1_298.zip.aamdownload.aamd

2017-09-30 15:30 - 2017-09-30 15:30 - 000000000 ___SH () C:\Users\James\AppData\Local\LumaEmu

2016-12-14 01:14 - 2016-12-14 01:14 - 000007605 _____ () C:\Users\James\AppData\Local\Resmon.ResmonCfg

2018-07-05 01:24 - 2018-07-05 01:24 - 000000002 _____ () C:\Users\James\AppData\Local\WMI.ini

Some files in TEMP:

====================

2018-06-12 14:58 - 2018-06-12 14:58 - 272218624 _____ (Frontier Developments) C:\Users\James\AppData\Local\Temp\JWE.exe

2018-07-05 16:50 - 2018-06-30 18:09 - 000125618 _____ () C:\Users\James\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-28 23:04

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018

Ran by James (06-07-2018 19:32:07)

Running from C:\Users\James\Desktop

Windows 10 Pro Version 1803 17134.112 (X64) (2018-05-28 22:15:29)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2756646170-1118768877-2006359221-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2756646170-1118768877-2006359221-503 - Limited - Disabled)

defaultuser0 (S-1-5-21-2756646170-1118768877-2006359221-1000 - Limited - Disabled)

Guest (S-1-5-21-2756646170-1118768877-2006359221-501 - Limited - Disabled)

James (S-1-5-21-2756646170-1118768877-2006359221-1003 - Administrator - Enabled) => C:\Users\James

WDAGUtilityAccount (S-1-5-21-2756646170-1118768877-2006359221-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2756646170-1118768877-2006359221-1003\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)

Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)

Adobe Photoshop CC 2017 (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF03}) (Version: 18.0 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)

Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.19 - Audible, Inc.)

Betternet for Windows 4.2.1 (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF8C905999}) (Version: 4.2.1 - Betternet Technologies Inc.)

BIG-IP Edge Client (HKLM-x32\...\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}) (Version: 71.2017.1219.2255 - F5 Networks, Inc.)

BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2017.1219.2255 - F5 Networks, Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

CambridgeSoft Activation Client (HKLM-x32\...\{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}) (Version: 12.0 - CambridgeSoft Corporation)

CambridgeSoft ChemDraw Ultra 12.0 (HKLM-x32\...\{48DEAAF2-8276-4BBD-B7B6-91E454938476}) (Version: 12.0 - CambridgeSoft Corporation)

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)

dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.4 - Illustrate)

Evil Genius (HKLM-x32\...\Evil Genius_is1) (Version: - GOG.com)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.1.0.5096 - Foxit Software Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden

HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)

iTunes (HKLM\...\{EA44188A-5042-4CFB-8F8D-AF048872B7A7}) (Version: 12.7.5.9 - Apple Inc.)

Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)

Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)

Mendeley Desktop 1.17.11 (HKLM-x32\...\Mendeley Desktop) (Version: 1.17.11 - Mendeley Ltd.)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10228.20080 - Microsoft Corporation)

Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10228.20080 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2756646170-1118768877-2006359221-1003\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

MKVToolNix 24.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 24.0.0 - Moritz Bunkus)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

PerkinElmer ChemDraw Prime 16.0 (HKLM-x32\...\{BDB47404-8E8B-4327-A9B3-B4B457716924}) (Version: 16.0 - PerkinElmer Informatics, Inc.)

PerkinElmer ChemOffice 64-bit Support for ChemDraw Prime 16.0 (HKLM\...\{03963B0B-6132-4D9E-840A-FC38347D08CD}) (Version: 16.0 - PerkinElmer Informatics, Inc.)

PhotoStitcher 2.0 (HKLM\...\{299EB32D-0525-4482-A8B5-1F30725AB6F1}_is1) (Version: - Teorex)

Plumbytes Anti-Malware 2018 (HKLM\...\Plumbytes Anti-Malware 2018) (Version: - Plumbytes Software)

Prison Architect (HKLM-x32\...\1441974651_is1) (Version: 13f - GOG.com)

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd)

Shark007 ADVANCED Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 10.2.3 - Shark007)

Shark007 ADVANCED x64Components (HKLM\...\ADVANCED x64Components_is1) (Version: 10.2.3 - Shark007)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

The Movies™ (HKLM-x32\...\{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.0 - Activision) Hidden

The Movies™ 1.1 Patch (HKLM-x32\...\{284CF4B8-4055-4D2E-BC04-5ADD7AA10E3D}) (Version: 1.0 - Activision) Hidden

The Movies™ Stunts & Effects (HKLM-x32\...\{C06A7DAC-1708-417C-B694-28C84DFE2DF9}) (Version: 1.0 - Activision) Hidden

The Movies™ Stunts & Effects (HKLM-x32\...\InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.2 - Activision)

The Universim version 1.0 (HKLM-x32\...\{77E2F6D6-85F9-4A73-8FC6-5A6CB3C816C1}_is1) (Version: 1.0 - Crytivo Games)

Transport Fever (HKLM-x32\...\Transport Fever_is1) (Version: - )

Transport Fever Update Build 14085 (HKLM\...\dHJhbnNwb3J0ZmV2ZXI_is1) (Version: 1 - )

Unity Web Player (HKU\S-1-5-21-2756646170-1118768877-2006359221-1003\...\UnityWebPlayer) (Version: 5.3.8f1 - Unity Technologies ApS)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)

VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)

Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)

WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-07-05] ()

ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-07-05] ()

ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04A8EB3A-8015-405D-9075-A2C47F39C13D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-03] (Microsoft Corporation)

Task: {0D8931C0-4FE9-406C-95C4-9B073246B86A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)

Task: {21C911BD-768E-4B2B-A90E-DE2D508A6C63} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe [2018-06-13] (Adobe Systems Incorporated)

Task: {24F86034-C964-42C5-AB91-AB4BE8696034} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\jmhar\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe

Task: {2C6CE3BA-52BD-415D-A625-BCE37920ACC0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

Task: {369E6ED7-0E53-428B-BAE3-31ADDB993371} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)

Task: {3F27DA31-8A52-46EF-833F-B1628798CF7C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-03] (Microsoft Corporation)

Task: {4E66809E-796E-4CB0-8836-D8265166B288} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-25] (Google Inc.)

Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()

Task: {69CAD593-6588-4935-ACA2-7CE040E1B434} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

Task: {73D98422-74B5-40C3-B0F4-B61919262C31} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-03] (Microsoft Corporation)

Task: {78DF8910-CB2F-4085-8B53-F812DB634A83} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)

Task: {7B632840-2D0F-4551-AD99-B52373A886C8} - System32\Tasks\{8DA86CE8-40FF-4F13-3D73-A18127D71B5C} => C:\WINDOWS\SysWOW64\Cgey.exe [2018-04-12] (Microsoft Corporation)

Task: {9041DB0C-29C4-4F1E-BD65-D10EBE6CA9DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-03] (Microsoft Corporation)

Task: {92FBB0A2-D9A4-4CC0-A0F3-81C295C9ECC0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-13] (Adobe Systems Incorporated)

Task: {95FAFB88-0A42-4386-B2F3-AB375F103B71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-25] (Google Inc.)

Task: {9616E418-9021-4FA4-9E05-B7609AF02525} - System32\Tasks\{13D519CB-2588-9DA6-6E1A-ABB8D1113305} => C:\Users\James\OOijLea.exe [2018-04-12] (Microsoft Corporation)

Task: {988C1F4A-7C6E-492A-B1F3-6D46DE2F3D91} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)

Task: {9949EEDC-5BA4-409C-8979-548A9F842309} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)

Task: {A5CCC737-5D82-4855-9585-710B1A8742BB} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)

Task: {A904DA60-0129-48BE-994F-45A0D5D7840A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)

Task: {B32DFF83-AEB7-45C9-995A-AD0BEF071702} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-03] (Microsoft Corporation)

Task: {BE87AFE3-9E5D-4834-9E75-147840170B0A} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe

Task: {C1F82170-2A9F-4D43-B874-DFE8E54C5671} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)

Task: {E1A3EC2E-FE1A-4269-95CF-B1EEF91AEF7A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-03] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll

2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll

2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll

2018-07-05 21:12 - 2018-07-05 21:12 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll

2016-09-05 16:50 - 2016-09-05 16:50 - 000017920 _____ () C:\Program Files\PerkinElmerInformatics\ChemOffice2016\ChemDraw\boost_system-vc100-mt-1_55.dll

2018-06-12 21:14 - 2018-06-08 09:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2018-05-22 20:57 - 2018-05-22 20:58 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2018-05-22 20:57 - 2018-05-22 20:58 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2018-06-27 10:27 - 2018-06-27 10:29 - 027126784 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe

2018-06-27 10:27 - 2018-06-27 10:28 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\SharedUI.dll

2018-06-27 10:27 - 2018-06-27 10:28 - 006735872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntCommon.dll

2017-09-26 13:01 - 2017-09-26 13:02 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2018-06-27 10:27 - 2018-06-27 10:28 - 009360384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntPlat.dll

2018-06-09 10:50 - 2018-06-09 10:56 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

2018-06-09 10:50 - 2018-06-09 10:56 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll

2017-10-04 18:31 - 2017-10-04 18:32 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll

2018-05-30 10:42 - 2018-05-30 10:43 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll

2018-05-30 10:42 - 2018-05-30 10:42 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll

2018-05-08 00:01 - 2018-05-08 00:02 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll

2018-05-30 10:42 - 2018-05-30 10:43 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll

2018-04-06 11:43 - 2018-04-06 11:45 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll

2018-06-09 10:50 - 2018-06-09 10:57 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll

2018-05-30 10:42 - 2018-05-30 10:42 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll

2018-06-09 10:50 - 2018-06-09 10:53 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll

2018-05-30 10:42 - 2018-05-30 10:43 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll

2018-05-30 10:42 - 2018-05-30 10:43 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2018-05-30 10:42 - 2018-05-30 10:43 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll

2018-06-09 10:50 - 2018-06-09 10:57 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll

2018-06-21 22:55 - 2018-06-21 22:55 - 000093696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll

2018-06-21 22:55 - 2018-06-21 22:55 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2018-06-21 22:55 - 2018-06-21 22:55 - 007813632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll

2018-06-27 10:24 - 2018-06-22 20:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll

2018-06-27 10:24 - 2018-06-22 20:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll

2018-07-05 18:36 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2756646170-1118768877-2006359221-1003\...\sharepoint.com -> hxxps://ueanorwich-files.sharepoint.com

IE trusted site: HKU\S-1-5-21-2756646170-1118768877-2006359221-1003\...\uea.ac.uk -> hxxps://vpn.uea.ac.uk

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2017-04-10 16:49 - 000001030 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com

127.0.0.1 hlrcv.stage.adobe.com

127.0.0.1 lmlicenses.wip4.adobe.com

127.0.0.1 lm.licenses.adobe.com

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2756646170-1118768877-2006359221-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\aloe-from-the-pot-wide.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "GoPro Tray App"

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKU\S-1-5-21-2756646170-1118768877-2006359221-1003\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B9729BAA-A927-4D9A-92E4-8B81D889A401}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{E0ED199E-9828-4D41-9B4B-D03E07E9149D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [UDP Query User{F1686732-DFBD-4065-A3DB-4B722F6DE7BA}C:\users\james\appdata\local\temp\rar$exa0.084\machiavillain\machiavillain.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.084\machiavillain\machiavillain.exe

FirewallRules: [TCP Query User{FFA1C524-2FE6-4897-BCE2-9F71D1189395}C:\users\james\appdata\local\temp\rar$exa0.084\machiavillain\machiavillain.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.084\machiavillain\machiavillain.exe

FirewallRules: [{1E91B00F-E305-49F3-9A72-CD509C1D6FDD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [UDP Query User{A4A62B77-34A0-4784-A7DE-5EE79D5FFD0F}D:\downloads\northgard.v0.1.3864\northgard.exe] => (Allow) D:\downloads\northgard.v0.1.3864\northgard.exe

FirewallRules: [TCP Query User{B76D6101-3C05-4495-9A4E-51CA11EADC0B}D:\downloads\northgard.v0.1.3864\northgard.exe] => (Allow) D:\downloads\northgard.v0.1.3864\northgard.exe

FirewallRules: [UDP Query User{8CAD5F47-B219-4EC5-8EA8-DEC55F02A4B5}C:\program files (x86)\11 bit studios\beat cop\beatcop.exe] => (Allow) C:\program files (x86)\11 bit studios\beat cop\beatcop.exe

FirewallRules: [TCP Query User{1E9D6CBE-3BED-4296-9BE8-A9556B9F0B15}C:\program files (x86)\11 bit studios\beat cop\beatcop.exe] => (Allow) C:\program files (x86)\11 bit studios\beat cop\beatcop.exe

FirewallRules: [UDP Query User{0EF4CB70-D762-447F-9C67-59F5D9C888E6}D:\downloads\tabletop.simulator.v5.8\tabletop simulator.exe] => (Allow) D:\downloads\tabletop.simulator.v5.8\tabletop simulator.exe

FirewallRules: [TCP Query User{70F4496E-35C7-4E2C-870B-C30A3B57CFB2}D:\downloads\tabletop.simulator.v5.8\tabletop simulator.exe] => (Allow) D:\downloads\tabletop.simulator.v5.8\tabletop simulator.exe

FirewallRules: [UDP Query User{847A688E-D02E-433E-9C46-BA04383F4A62}D:\downloads\simairport.v28.03.2017\simairport.exe] => (Allow) D:\downloads\simairport.v28.03.2017\simairport.exe

FirewallRules: [TCP Query User{FCE64A73-D798-43BD-866F-4873ECE9F47F}D:\downloads\simairport.v28.03.2017\simairport.exe] => (Allow) D:\downloads\simairport.v28.03.2017\simairport.exe

FirewallRules: [{D5BB4B9A-4EDF-42A6-BD2C-2A61C2DC22A7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{A66DFFA9-F57C-448C-A6D1-FC286186C119}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{7E1A599A-3634-40FC-84AE-19AA3D0CB361}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{F4DA55D4-7B66-4285-AC2C-AF2D5371D24E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{7958265E-1EC7-43D9-9259-9D4D0F43AEF5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{B8EEB661-B647-4D1D-98CF-E419BAE85E3A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{5CA0426B-68CA-462E-B7FD-2271F3FA5C14}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{887567F3-2C18-4258-B7C2-80D0A995B738}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{AF7BF4C3-7901-4331-A4F2-92BDE09E5D41}] => (Allow) C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{A887C87B-C130-4C31-A377-02CB87E246BE}] => (Allow) C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{B2B87028-D347-4D0C-A83F-30B13E9ED955}] => (Allow) C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{3A630817-DD5D-4206-848A-9862F17A211A}] => (Allow) C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{4A84C5A2-8CAB-45DB-8426-E2F0F9FF4E6F}] => (Allow) C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{0A705543-8E21-42F2-A4DD-4468D8B555AC}] => (Allow) C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [UDP Query User{E36325BB-AD78-466E-8662-2E6DEB04F5D9}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe

FirewallRules: [TCP Query User{51AAA547-AA45-4C0F-BA81-BE68F9256663}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe

FirewallRules: [{B45808B9-9358-48E0-8ADB-BC54CA0FB956}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe

FirewallRules: [{A70E031A-4B16-45FA-9CAF-9DC97A68F0F1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe

FirewallRules: [{E62AB24E-DF73-4F65-AEAE-0F9992A04B40}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe

FirewallRules: [{26A34A5E-69B4-42AC-8E96-98F6DCEE153A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe

FirewallRules: [{50738CBE-DF0D-465C-BEFA-681FFD73FA78}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe

FirewallRules: [{BBA66824-D6AF-4EDE-921A-C867F001F1A9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe

FirewallRules: [{912F1E34-1D75-4713-AE62-84F625621695}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe

FirewallRules: [{961478CE-EB10-43C3-9815-A08ADA894A57}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe

FirewallRules: [UDP Query User{EB6FBA50-EF05-4A15-B0D4-FCD6CAE42132}C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chemdraw\chemdraw.exe] => (Allow) C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chemdraw\chemdraw.exe

FirewallRules: [TCP Query User{CF851742-ED04-40CD-846E-06FF85009EBE}C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chemdraw\chemdraw.exe] => (Allow) C:\program files (x86)\perkinelmerinformatics\chemoffice2016\chemdraw\chemdraw.exe

FirewallRules: [UDP Query User{1D2145CD-ADF3-47BE-B057-45CF2186FBA2}C:\program files (x86)\daemon sync\daemonsynctray.exe] => (Allow) C:\program files (x86)\daemon sync\daemonsynctray.exe

FirewallRules: [TCP Query User{02666BAC-ECE1-4417-9EBD-49EA88E51497}C:\program files (x86)\daemon sync\daemonsynctray.exe] => (Allow) C:\program files (x86)\daemon sync\daemonsynctray.exe

FirewallRules: [{4DC14CD3-AF40-440D-83A1-2524E9B7B872}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{D84A36FA-6922-47F0-B9BB-2B5A1A13E32B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [TCP Query User{C62EAAE2-B5C1-45F7-AFF7-52E064D62499}C:\users\james\desktop\machiavillain\machiavillain.exe] => (Allow) C:\users\james\desktop\machiavillain\machiavillain.exe

FirewallRules: [UDP Query User{9E352F09-A4FA-462E-AB1D-E6C90BA4356D}C:\users\james\desktop\machiavillain\machiavillain.exe] => (Allow) C:\users\james\desktop\machiavillain\machiavillain.exe

FirewallRules: [TCP Query User{54C52EAC-066F-4387-9D63-E073DABFE9BE}C:\program files\machiavillain\machiavillain.exe] => (Allow) C:\program files\machiavillain\machiavillain.exe

FirewallRules: [UDP Query User{61A3D905-0474-484F-B8B4-FA0CA396028A}C:\program files\machiavillain\machiavillain.exe] => (Allow) C:\program files\machiavillain\machiavillain.exe

FirewallRules: [TCP Query User{7A8E49BD-E854-4430-8BFC-FE15B2ECFF35}C:\program files (x86)\simairport.v28.03.2017\simairport.exe] => (Allow) C:\program files (x86)\simairport.v28.03.2017\simairport.exe

FirewallRules: [UDP Query User{7F68A8FE-C3C7-48C1-8935-3C5A549A1A99}C:\program files (x86)\simairport.v28.03.2017\simairport.exe] => (Allow) C:\program files (x86)\simairport.v28.03.2017\simairport.exe

FirewallRules: [TCP Query User{1721499F-FF99-4E7E-BF36-6E2205D10675}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe

FirewallRules: [UDP Query User{879DB955-EDE9-4E59-A030-1BEE093B01E8}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe

FirewallRules: [{642C8D4A-1C51-476C-B7BC-CB092C90E969}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe

FirewallRules: [{435D93FD-79F2-4BAC-A1B4-C9556337E1B6}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe

FirewallRules: [{E1470208-95D5-4F5D-BC71-E20754E51072}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe

FirewallRules: [TCP Query User{66ED00A5-FF2A-4E43-BE6C-2CB2FF98EA28}C:\program files (x86)\oxygen not included\oxygennotincluded.exe] => (Allow) C:\program files (x86)\oxygen not included\oxygennotincluded.exe

FirewallRules: [UDP Query User{68C0B1C4-BA78-41A8-A187-4EB64BCDC6AF}C:\program files (x86)\oxygen not included\oxygennotincluded.exe] => (Allow) C:\program files (x86)\oxygen not included\oxygennotincluded.exe

FirewallRules: [TCP Query User{E80653FC-F5B1-497F-883C-6406C95398AA}C:\program files (x86)\the escapists 2\theescapists2.exe] => (Allow) C:\program files (x86)\the escapists 2\theescapists2.exe

FirewallRules: [UDP Query User{07C5C4BB-2FBB-4693-B592-4D177E5E8684}C:\program files (x86)\the escapists 2\theescapists2.exe] => (Allow) C:\program files (x86)\the escapists 2\theescapists2.exe

FirewallRules: [TCP Query User{8679CC61-F432-41FD-A757-EA91C330E779}C:\users\james\desktop\the.jackbox.party.pack.4\the jackbox party pack 4\the jackbox party pack 4.exe] => (Block) C:\users\james\desktop\the.jackbox.party.pack.4\the jackbox party pack 4\the jackbox party pack 4.exe

FirewallRules: [UDP Query User{BB41917B-A131-4866-B848-07110C739D2F}C:\users\james\desktop\the.jackbox.party.pack.4\the jackbox party pack 4\the jackbox party pack 4.exe] => (Block) C:\users\james\desktop\the.jackbox.party.pack.4\the jackbox party pack 4\the jackbox party pack 4.exe

FirewallRules: [{18903E95-0FA3-4B1E-87DB-EC5B510F059D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

FirewallRules: [TCP Query User{F26A7618-CCAC-4F09-BD26-052E494EDF63}C:\users\james\desktop\jackbox party pack 4\the jackbox party pack 4\the jackbox party pack 4.exe] => (Block) C:\users\james\desktop\jackbox party pack 4\the jackbox party pack 4\the jackbox party pack 4.exe

FirewallRules: [UDP Query User{FFB719EF-FFDE-433D-932D-37F5988DEFB6}C:\users\james\desktop\jackbox party pack 4\the jackbox party pack 4\the jackbox party pack 4.exe] => (Block) C:\users\james\desktop\jackbox party pack 4\the jackbox party pack 4\the jackbox party pack 4.exe

FirewallRules: [{CA2FC702-C39B-4DAB-9FE2-FC37959A6811}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{C814AC7B-EA7C-47C9-9150-1AD783F666CF}] => (Allow) C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{8AF90117-6359-4C1E-9DED-C7F07E513D99}] => (Allow) C:\Users\James\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{5A56ED30-23AF-4B66-B571-ABCB0F148D9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [TCP Query User{81C73A3A-9FCD-48CD-9103-DE9C86F31928}C:\windows\system32\dllhost.exe] => (Block) C:\windows\system32\dllhost.exe

FirewallRules: [UDP Query User{73810456-DEAF-499E-BDD6-4D09D116C1DF}C:\windows\system32\dllhost.exe] => (Block) C:\windows\system32\dllhost.exe

FirewallRules: [{59A96C02-FFD1-4135-BEA3-0BD931350591}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe

FirewallRules: [{62269247-DA0A-4460-BD21-3600EC4D2892}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe

FirewallRules: [TCP Query User{B6EFAF7F-E726-43CC-9142-1D340886D68C}C:\windows\system32\dllhost.exe] => (Allow) C:\windows\system32\dllhost.exe

FirewallRules: [UDP Query User{0FE3B489-B95D-40AF-8C8A-D332F9A05357}C:\windows\system32\dllhost.exe] => (Allow) C:\windows\system32\dllhost.exe

FirewallRules: [{3421D450-BF6C-4CEC-B28F-39B25781CB23}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe

FirewallRules: [{A9DC0090-DCA4-4193-BF72-607857542313}] => (Allow) C:\WINDOWS\SysWOW64\Cgey.exe

FirewallRules: [{77C3E62C-745F-42F0-835F-40C0DDEDC275}] => (Allow) C:\Users\James\OOijLea.exe

FirewallRules: [{DD403A36-4253-4222-BA9F-859E591A4C58}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{2E32D6AD-813B-489E-AAEC-27C912564645}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{7B284E2C-302B-4905-B779-44AB09271E17}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{F30A46CB-9D8B-4B50-BCC4-BA42025A4093}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{197F2CB9-F3C3-4F17-8700-CCE598737711}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{C224556B-A9A9-4F6A-A804-66F9846B67C9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{CCD66DC9-8AAE-4BAD-9966-8A856D4B3F9C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{BA741F66-9C4D-463D-9295-BA70FF1031AF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{67A093EF-CF24-4691-AC38-E93903BC7954}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{D01ED940-14D2-4FC6-8D63-A289F9F7999D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{748CE5DF-6CDF-46C5-86E6-788FFEB0474A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{AC8761D2-662C-42AF-85AF-549BB666C73B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [TCP Query User{A4F3F4E1-F11A-4E2A-B0A4-B856274BDE18}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe

FirewallRules: [UDP Query User{68DA58D5-76BC-4B69-9688-A53678AF5180}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe

FirewallRules: [{EFFDA671-9917-493A-A70D-9CBF21024052}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{5DB7B0EA-2BB9-4AE7-B2FC-52BFDAE3D559}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

FirewallRules: [{D2FFEBAA-0414-406F-A4B4-D3BD2CD8D77A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (07/06/2018 07:17:03 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )

Description: Event-ID 0

Error: (07/06/2018 12:14:54 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program notepad.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3304

Start Time: 01d414b5d4baf097

Termination Time: 22

Application Path: C:\Windows\System32\notepad.exe

Report Id: 3474ebbc-fac3-4973-84e6-6347c9385d0f

Faulting package full name:

Faulting package-relative application ID:

Error: (07/05/2018 05:24:12 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: rundll32.exe, version: 10.0.17134.1, time stamp: 0x1e3f5e34

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x048b9a31

Faulting process ID: 0x20a0

Faulting application start time: 0x01d4147c99863993

Faulting application path: C:\WINDOWS\SysWOW64\rundll32.exe

Faulting module path: unknown

Report ID: c8d5a8c4-efd7-4783-9cd7-ace4b1af4d80

Faulting package full name:

Faulting package-relative application ID:

Error: (07/05/2018 02:22:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MestReNova.exe, version: 6.0.2.5475, time stamp: 0x4acf0732

Faulting module name: NMRPlugin.dll, version: 0.0.0.0, time stamp: 0x4acf0933

Exception code: 0xc0000005

Fault offset: 0x0005b658

Faulting process ID: 0x2594

Faulting application start time: 0x01d4145e78899ed9

Faulting application path: C:\Users\James\AppData\Local\Temp\RarSFX0\MestReNova.exe

Faulting module path: C:\Users\James\AppData\Local\Temp\RarSFX0\NMRPlugin.dll

Report ID: 7064c996-620e-4a18-a982-0b961868206b

Faulting package full name:

Faulting package-relative application ID:

Error: (07/05/2018 01:13:12 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )

Description: Office Subscription licensing exception: Error Code: 0x80070057; CorrelationId: {CF20D531-1920-41B9-B597-531CFA107F2C}

Error: (07/05/2018 12:21:19 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )

Description: Event-ID 0

Error: (07/05/2018 01:39:58 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program HouseFlipper.exe version 2017.4.2.55755 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 118c

Start Time: 01d413f7dea75286

Termination Time: 43

Application Path: C:\Program Files (x86)\House Flipper\HouseFlipper.exe

Report Id: 795c934e-d8d7-4ccc-930d-912763384a35

Faulting package full name:

Faulting package-relative application ID:

Error: (07/05/2018 01:22:18 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

System errors:

=============

Error: (07/06/2018 07:25:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/06/2018 01:41:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Error: (07/06/2018 12:15:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Error: (07/06/2018 12:14:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Error: (07/06/2018 10:48:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Error: (07/06/2018 10:03:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Error: (07/06/2018 02:14:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (07/06/2018 02:09:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Windows Defender:

===================================

Date: 2018-07-05 17:16:21.451

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {BB5A4E51-3144-41D6-AA99-6CF209526DAE}

Scan Type: Antimalware

Scan Parameters: Custom Scan

Date: 2018-07-05 17:08:28.701

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {C0CA74CE-DDAC-43F0-B921-7E63E57A0F35}

Scan Type: Antimalware

Scan Parameters: Full Scan

Date: 2018-07-05 13:34:30.141

Description:

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...84&enterprise=0

Name: Trojan:Win32/Vigorf.A

ID: 2147714384

Severity: Severe

Category: Trojan

Path: file:_C:\$RECYCLE.BIN\S-1-5-21-2756646170-1118768877-2006359221-1003\$RDN59Z4.rar

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: System

Process Name: Unknown

Signature Version: AV: 1.271.504.0, AS: 1.271.504.0, NIS: 1.271.504.0

Engine Version: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-07-05 13:27:20.399

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {3156C0EE-B92F-48DD-8AE4-CFB73605B6DF}

Scan Type: Antimalware

Scan Parameters: Full Scan

Date: 2018-07-05 13:27:20.398

Description:

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...84&enterprise=0

Name: Trojan:Win32/Vigorf.A

ID: 2147714384

Severity: Severe

Category: Trojan

Path: file:_C:\$RECYCLE.BIN\S-1-5-21-2756646170-1118768877-2006359221-1003\$RDN59Z4.rar

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: User

Process Name: Unknown

Signature Version: AV: 1.271.504.0, AS: 1.271.504.0, NIS: 1.271.504.0

Engine Version: AM: 1.1.15000.2, NIS: 1.1.15000.2

Date: 2018-07-05 01:06:29.150

Description:

Windows Defender Antivirus has encountered an error trying to restore an item from quarantine.

For more information please see the following:

https://go.microsoft...80&enterprise=0

Name: Trojan:Win32/Occamy.C

ID: 2147726780

Severity: Severe

Category: Trojan

Error Code: 0x80508014

Error description: The quarantined item cannot be restored.

Signature Version: AV: 1.271.504.0, AS: 1.271.504.0

Engine Version: 1.1.15000.2

Date: 2018-06-01 19:17:20.254

Description:

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.269.320.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.14901.4

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

Processor: Intel® Core™ m3-6Y30 CPU @ 0.90GHz

Percentage of memory in use: 80%

Total physical RAM: 4021.09 MB

Available physical RAM: 803.99 MB

Total Virtual: 5421.09 MB

Available Virtual: 1171.1 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:116.95 GB) (Free:16.56 GB) NTFS

Drive d: () (Removable) (Total:119.05 GB) (Free:48.53 GB) exFAT

\\?\Volume{22bb318b-5af3-403b-9881-3a53a06adb93}\ (Windows RE tools) (Fixed) (Total:1.91 GB) (Free:1.52 GB) NTFS

\\?\Volume{70110f3b-6ed2-4639-8de0-a30e9254c11b}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 119.2 GB) (Disk ID: 766ED2D5)

Partition: GPT.

========================================================

Disk: 1 (Protective MBR) (Size: 119.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

#2
RKinner

Posted 06 July 2018 - 03:24 PM

Malware Expert

Expert
24,625 posts

Download the attached fixlist.txt to the same location as FRST

fixlist.txt 1.1KB 188 downloads

Run FRST and press Fix
A fix log will be generated please post that

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

#3
harveyj176

Posted 06 July 2018 - 03:39 PM

Member

Topic Starter
Member
286 posts

Hi,

thanks for the help

here's the lists as requested

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018

Ran by James (06-07-2018 22:33:20) Run:1

Running from C:\Users\James\Desktop

Loaded Profiles: James (Available Profiles: James)

Boot Mode: Normal

==============================================

fixlist content:

*****************

Virustotal: C:\WINDOWS\SysWOW64\Cgey.exe

Virustotal: C:\Users\James\OOijLea.exe

Task: {7B632840-2D0F-4551-AD99-B52373A886C8} - System32\Tasks\{8DA86CE8-40FF-4F13-3D73-A18127D71B5C} => C:\WINDOWS\SysWOW64\Cgey.exe [2018-04-12] (Microsoft Corporation)

Task: {9616E418-9021-4FA4-9E05-B7609AF02525} - System32\Tasks\{13D519CB-2588-9DA6-6E1A-ABB8D1113305} => C:\Users\James\OOijLea.exe [2018-04-12] (Microsoft Corporation)

CMD: rd /s %systemdrive%\$Recycle.bin

CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

*****************

VirusTotal: C:\WINDOWS\SysWOW64\Cgey.exe => https://www.virustot...sis/1530859394/

VirusTotal: C:\Users\James\OOijLea.exe => https://www.virustot...sis/1530859394/

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B632840-2D0F-4551-AD99-B52373A886C8}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B632840-2D0F-4551-AD99-B52373A886C8}" => removed successfully

C:\WINDOWS\System32\Tasks\{8DA86CE8-40FF-4F13-3D73-A18127D71B5C} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8DA86CE8-40FF-4F13-3D73-A18127D71B5C}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9616E418-9021-4FA4-9E05-B7609AF02525}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9616E418-9021-4FA4-9E05-B7609AF02525}" => removed successfully

C:\WINDOWS\System32\Tasks\{13D519CB-2588-9DA6-6E1A-ABB8D1113305} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{13D519CB-2588-9DA6-6E1A-ABB8D1113305}" => removed successfully

========= rd /s %systemdrive%\$Recycle.bin =========

C:\$Recycle.bin, Are you sure (Y/N)? Y

========= End of CMD: =========

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Intel-SST-BUS/Debug. The instance name passed was not recognized as valid by a WMI data provider.

Failed to clear log Intel-SST-CFD-HDA/IntelSST. The instance name passed was not recognized as valid by a WMI data provider.

Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.

Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

========= End of CMD: =========

==== End of Fixlog 22:34:16 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018

Ran by James (administrator) on DESKTOP-GQDL9OG (06-07-2018 22:36:22)