Jump to content


Photo

Toshiba Satellite laptop (Windows 10) acting slow/can't update antivirus


  • This topic is locked This topic is locked
19 replies to this topic

#1 Zyrus Campbell

Zyrus Campbell

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 25 March 2018 - 07:46 PM

I have Malwarebytes installed but it won't allow me to update and therefore, won't run the scan, so I'm not able to include the log in this post. I installed Farbar RST and Security Analysis and also ran the ESET Online Scanner to get logs (see below). I hope these help. I used to use Spybot S&D as well, but it encountered the same problem that Malwarebytes was having with not being able to update. I followed instructions that I found online for checking the application's settings in Run > Services but it wouldn't let me change the status for either application. So, I'm kinda stuck. My laptop is getting increasingly slower and I'm at my wits end with how to fix it. What can I do? Any help would be greatly appreciated. I am posting the logs (that I'm able to create at the moment) below. Please let me know if you need anything else.
 
=============================================================================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by zC (administrator) on ZC (25-03-2018 20:47:02)
Running from C:\Users\zC\Desktop\Antivirus
Loaded Profiles: zC (Available Profiles: zC)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\rtrxuilsvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Apache Software Foundation) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SweetLabs, Inc) C:\Users\zC\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
() C:\Users\zC\AppData\Local\wimnpel\wimnpel.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.690\SSScheduler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\zC\AppData\Local\igfxmtc\igfxmtc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\5.2.0\Pub\PubMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
() C:\Users\zC\AppData\Local\wimnpel\nvoimkz.exe
() C:\Users\zC\AppData\Local\wimnpel\nvoimkz.exe
() C:\Users\zC\AppData\Local\wimnpel\nvoimkz.exe
() C:\Users\zC\AppData\Local\wimnpel\nvoimkz.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\zC\Desktop\Antivirus\Farbar Recovery Scan Tool (64x).exe
() C:\Users\zC\AppData\Local\wimnpel\nvoimkz.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383328 2018-02-27] (Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [243496 2018-02-26] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3029936 2017-09-20] (Sony Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [GoogleChromeAutoLaunch_6C7EC2962F8CF0594194777D57CC6533] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [Chromium] => c:\users\zc\appdata\local\chromium\application\chrome.exe [1035264 2016-03-17] (The Chromium Authors)
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-18]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-03-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.690\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-18]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\zC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\landreth.lnk [2017-12-25]
ShortcutTarget: landreth.lnk -> C:\Program Files (x86)\Preoccupied\regulative.exe (No File)
Startup: C:\Users\zC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\landrethlandreth.lnk [2017-12-25]
ShortcutTarget: landrethlandreth.lnk -> C:\Program Files (x86)\horizontally\befalling.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{71c9f17f-f4f6-4294-b8bd-9eb426a210d6}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{e17d7c90-3b4a-4079-92ca-f447b5538c53}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131262938001611494&GUID=CDA14719-8E3F-41DE-AA9D-1D7961424823
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131262938001640164&GUID=CDA14719-8E3F-41DE-AA9D-1D7961424823
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C2
SearchScopes: HKLM -> DefaultScope {BADE307F-35F2-4ECF-9736-6ED72F03EA89} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {BADE307F-35F2-4ECF-9736-6ED72F03EA89} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {BADE307F-35F2-4ECF-9736-6ED72F03EA89} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3369261439-609741471-2718208431-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = 
Toolbar: HKLM - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
Toolbar: HKLM-x32 - No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
 
FireFox:
========
FF DefaultProfile: gpb5czdw.default
FF ProfilePath: C:\Users\zC\AppData\Roaming\Mozilla\Firefox\Profiles\gpb5czdw.default [2018-03-21]
FF Homepage: Mozilla\Firefox\Profiles\gpb5czdw.default -> about:tabs
FF NewTab: Mozilla\Firefox\Profiles\gpb5czdw.default -> about:newtab
FF Session Restore: Mozilla\Firefox\Profiles\gpb5czdw.default -> is enabled.
FF Extension: (Avast SafePrice) - C:\Users\zC\AppData\Roaming\Mozilla\Firefox\Profiles\gpb5czdw.default\Extensions\sp@avast.com.xpi [2018-02-26]
FF Extension: (Avast Online Security) - C:\Users\zC\AppData\Roaming\Mozilla\Firefox\Profiles\gpb5czdw.default\Extensions\wrc@avast.com.xpi [2018-02-26]
FF Extension: (ColorZilla) - C:\Users\zC\AppData\Roaming\Mozilla\Firefox\Profiles\gpb5czdw.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-03-08]
FF Extension: (MeasureIt) - C:\Users\zC\AppData\Roaming\Mozilla\Firefox\Profiles\gpb5czdw.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2016-12-07] [Legacy]
FF Plugin: @Citrix.com/npagee64,version=10.1.122.11 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll [2013-11-26] (Citrix Systems, Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @Citrix.com/npagee,version=10.1.122.11 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2013-11-26] (Citrix Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\zC\AppData\Roaming\mozilla\plugins\npagee.dll [2013-11-26] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\zC\AppData\Roaming\mozilla\plugins\npagee64.dll [2013-11-26] (Citrix Systems, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default [2018-03-25]
CHR Extension: (Slides) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Simple Pool Game) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjijhekaonkmkedfdabbageicfhhlgo [2016-04-06]
CHR Extension: (E*TRADE Browser Trading) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgjomjdnhlppcidahijhehhfgneaolh [2017-12-25]
CHR Extension: (SEOquake) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2018-01-29]
CHR Extension: (Word Search Puzzle) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl [2016-04-06]
CHR Extension: (Docs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06]
CHR Extension: (YouTube) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06]
CHR Extension: (8-Ball Pool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2016-12-23]
CHR Extension: (Finance Toolbar - Real Time Stock Tracker) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cichbngoomgnobmmjpagmbkimbamigie [2017-12-25]
CHR Extension: (__MSG_browserActionTitle__) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkkaggocmafajhbcbknhcgnbmagjohi [2016-10-13]
CHR Extension: (Word Search) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2016-04-06]
CHR Extension: (Client for Google Analytics™) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eambnehgniboinbhhcncaggoedccddnp [2017-12-25]
CHR Extension: (Avast SafePrice) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-03-09]
CHR Extension: (Sheets) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Page Analytics (by Google)) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2017-12-25]
CHR Extension: (Google Docs Offline) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-06]
CHR Extension: (Google Calendar) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-03-20]
CHR Extension: (Save to Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2017-12-25]
CHR Extension: (Bookmark Manager) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2017-12-25]
CHR Extension: (Avast Online Security) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-03-06]
CHR Extension: (eCannabis.com News) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hleklbkjnimndonegalbakabcdhmhpbo [2017-12-25]
CHR Extension: (Google Keep - notes and lists) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-03-21]
CHR Extension: (SMhack - Social Media Management Tool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imggkmfffdfkcdekembcmkogdjgdicge [2017-12-25]
CHR Extension: (Unifeed | Social networks in one hub) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjhhjplnmadgnhoiofenklhhpijiojh [2017-12-25]
CHR Extension: (Cisco WebEx Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-15]
CHR Extension: (Reload All Tabs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpdljdpanfecnpindkbnikegohoobci [2016-04-06]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-03-06]
CHR Extension: (Stock Portfolio) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdoambecilccimhbonfabmoomaegehni [2017-12-25]
CHR Extension: (Google Hangouts) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]
CHR Profile: C:\Users\zC\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-06-21]
CHR Profile: C:\Users\zC\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\wbskr <==== ATTENTION (Rootkit!)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9302688 2018-02-17] (Emsisoft Ltd)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-07] () [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2015-09-18] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)
R2 FastTrackProAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe [1688296 2015-06-10] (M-Audio)
S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.690\McCHSvc.exe [405400 2018-02-19] (McAfee, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [498096 2017-09-20] (Sony Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
R2 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
R2 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-08] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-08] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27016 2018-02-27] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [137104 2018-02-27] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2018-02-27] (Advanced Micro Devices)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [186152 2018-02-27] (Broadcom Corporation.)
S3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11761928 2018-02-27] (Broadcom Corp)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11761928 2018-02-27] (Broadcom Corp)
R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-08-31] (LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-02-26] (REALiX™)
S4 jpfo; C:\WINDOWS\System32\drivers\xtos.sys [79064 2017-12-26] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-02-26] (Malwarebytes)
R1 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-02-26] (Malwarebytes)
S1 MpKsl11e31cfa; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA9B35C6-0ACE-4053-90DF-CD01E0FDF25F}\MpKsl11e31cfa.sys [58120 2017-12-08] () [File not signed]
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2018-02-27] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010624 2018-02-27] (Realtek )
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [42088 2018-02-27] (Synaptics Incorporated)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [52976 2017-08-29] ()
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [44952 2018-02-27] (Toshiba Client Solutions Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2017-12-08] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2017-12-08] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-08] (Microsoft Corporation)
S3 MBAMFarflt; \SystemRoot\system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \SystemRoot\system32\DRIVERS\mbam.sys [X]
S3 MBAMWebProtection; \SystemRoot\system32\DRIVERS\mwac.sys [X]
R3 udiskMgr; system32\drivers\qtwzdg.sys [X] <==== ATTENTION
 
========================== Drivers MD5 =======================
 
C:\WINDOWS\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\WINDOWS\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\WINDOWS\System32\drivers\ACPI.sys 91A59E1A94F1A267FA9F8F6FC9AA9497
C:\WINDOWS\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\WINDOWS\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\WINDOWS\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\WINDOWS\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\WINDOWS\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\WINDOWS\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\WINDOWS\system32\drivers\afd.sys 6FB5A2026B16D596DEABF550E7A4BD82
C:\WINDOWS\System32\DRIVERS\ahcache.sys 56166D110D3ECFFC595E5FA02D9BA491
C:\WINDOWS\System32\drivers\AmdAS4.sys 53ED9B999459E8045A3063EBEB62FA28
C:\WINDOWS\System32\drivers\amdk8.sys 62619E31AFF88F906A7E793AC4A9FF51
C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys E8495D3C92EC6ED5A6613A870A85B79D
C:\WINDOWS\system32\DRIVERS\atikmdag.sys 095E567C365426097832AE9F7DF94464
C:\WINDOWS\system32\DRIVERS\atikmpag.sys 4666CE88F17EF3891EA8A1CED794731D
C:\WINDOWS\System32\drivers\amdkmpfd.sys A7820769AF79FF16DBF52133C00FEA80
C:\WINDOWS\System32\drivers\amdppm.sys 735142DD039BEB35632765C41FC6E397
C:\WINDOWS\System32\DRIVERS\amdpsp.sys BC394B09B3B83C46966A26B52832F7D9
C:\WINDOWS\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\WINDOWS\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\WINDOWS\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\WINDOWS\System32\drivers\amd_sata.sys 25A9E15B317AFA4C98E54D987E5545C0
C:\WINDOWS\System32\drivers\amd_xata.sys A114AE7DCE3640AC860EC191246DDB08
C:\WINDOWS\System32\drivers\appid.sys 3692C75C47285D388C886D162F54C430
C:\WINDOWS\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\WINDOWS\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\WINDOWS\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\WINDOWS\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\WINDOWS\system32\drivers\AtihdWT6.sys D1A54E20877DBE8F5772FD249B0A6F2C
C:\WINDOWS\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\WINDOWS\System32\drivers\bam.sys 0565247091903FA6C148EF3A9A7F4D9A
C:\WINDOWS\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\WINDOWS\System32\drivers\BasicRender.sys 2E1EE0F10FAF1250D1AC05BFB0E6BD3D
C:\WINDOWS\system32\drivers\bcbtums.sys AB1F87CBB209BE855FDC93DF2C97D2AC
C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys A0C6FAF828D8962FF9D8187E05C07BE0
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys A0C6FAF828D8962FF9D8187E05C07BE0
C:\Windows\System32\Drivers\Beep.sys EDDAA3A563E7EB71C991FE91249C7D81
C:\WINDOWS\System32\DRIVERS\bowser.sys D030A1203680D66716F4E74053468627
C:\WINDOWS\system32\drivers\BthA2DP.sys 8A99FD5859DF5B147256B1BF46A97A9E
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\WINDOWS\System32\drivers\BthEnum.sys 82BD96D56574231AD0E9BBF293EA2E7F
C:\WINDOWS\system32\DRIVERS\BthHfAud.sys F0801BA7335BF5C8BBD33ECF1C8DA352
C:\WINDOWS\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\WINDOWS\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\WINDOWS\system32\DRIVERS\bthl2cap.sys 338B8D45C7DFB03DB7957188E16C9661
C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 47BF82E2A6D11279C8501E08518AB835
C:\WINDOWS\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\WINDOWS\System32\drivers\bthpan.sys 4F58D8C265FFA943878CF7F922432847
C:\WINDOWS\system32\DRIVERS\BTHport.sys D970480A59C314CC344118D7B185D7E6
C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 55C836530A9602255BFB4F5D9DA2B737
C:\WINDOWS\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\WINDOWS\system32\DRIVERS\btwampfl.sys 241EF920E603F5153F0CB6CB697CA2B4
C:\WINDOWS\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\WINDOWS\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\WINDOWS\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\WINDOWS\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\WINDOWS\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\WINDOWS\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\WINDOWS\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\WINDOWS\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\WINDOWS\System32\drivers\cldflt.sys CC8F32D22A8616F3A38FE43B23611CC5
C:\WINDOWS\System32\drivers\CLFS.sys 59D46CE57A49353A733D162DBA65A4FA
C:\WINDOWS\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\WINDOWS\System32\Drivers\cng.sys 58EF380A20B212FF5E0E337A2F36EBF7
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\WINDOWS\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\WINDOWS\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\WINDOWS\System32\Drivers\dfsc.sys 9910E9CFF5ECDCB225F82E72CE9DE459
C:\WINDOWS\System32\drivers\disk.sys 811173C821171BB910219E53C7FD97AD
C:\WINDOWS\System32\drivers\dmvsc.sys 569FE16775E15A49DC904DE20BF8CAA0
C:\WINDOWS\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\WINDOWS\System32\drivers\dxgkrnl.sys 0DF6B436F579E1DD23C8EBD61EE749E8
C:\WINDOWS\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\WINDOWS\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 9A47AC3DFCF81D30922CDAAF1C2D579F
C:\Program Files\Emsisoft Anti-Malware\epp.sys 0E840AA66CAB02CBA9730C772BBE305B
C:\WINDOWS\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\WINDOWS\system32\drivers\mbae64.sys 680AF1647150CF9B061FF40E71C7396A
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\WINDOWS\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\WINDOWS\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\WINDOWS\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\WINDOWS\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\WINDOWS\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\WINDOWS\System32\drivers\fltmgr.sys 8F0A9F3BEBEE86A88BC82B222488B2FD
C:\WINDOWS\System32\drivers\FsDepends.sys FB55F4ACC55261B25B3FF1B5BF87F10A
C:\Windows\System32\Drivers\Fs_Rec.sys BB82CC2F51F7C3D5DCD13FA3B040D8F8
C:\WINDOWS\System32\DRIVERS\fvevol.sys 11C39CA2326F1F1DBEC11C7A3D26A6A4
C:\WINDOWS\System32\drivers\FwLnk.sys 3409348B2C139768E639021A6CF167AC
C:\WINDOWS\System32\drivers\vmgencounter.sys 3B5DDF1061930A0A891FA63DB0CB878B
C:\WINDOWS\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\WINDOWS\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\WINDOWS\System32\drivers\gpuenergydrv.sys C7DEA3458E50B691E69EFF0B47CBCCDB
C:\WINDOWS\System32\drivers\Hamdrv.sys 7F79205B4EFA98F0767309479C8C01C6
C:\WINDOWS\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\WINDOWS\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\WINDOWS\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\WINDOWS\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\WINDOWS\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\WINDOWS\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\WINDOWS\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\WINDOWS\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\WINDOWS\System32\drivers\HTTP.sys 82C0A5B7D21442D063FFAFD0B6AAC086
C:\WINDOWS\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA
C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS EF558A02D734A1403583E95CCEEC2487
C:\WINDOWS\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\WINDOWS\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\WINDOWS\System32\drivers\hyperkbd.sys 7E00234C67A322988AFEA717D5609C9E
C:\WINDOWS\System32\drivers\HyperVideo.sys FBF5BB641DE99AE1DF4835E88D4F8993
C:\WINDOWS\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\WINDOWS\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\WINDOWS\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\WINDOWS\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\WINDOWS\system32\drivers\RTKVHD64.sys 3481B5AE505F374A91F241ACE953B24C
C:\WINDOWS\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\WINDOWS\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\WINDOWS\System32\drivers\intelppm.sys 10F2757836F41BFAEA2AE19F6FE869B2
C:\WINDOWS\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\WINDOWS\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\WINDOWS\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\WINDOWS\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\WINDOWS\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\WINDOWS\system32\drivers\irda.sys 359CDDBC825959DA28FA886B3C271B53
C:\WINDOWS\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\WINDOWS\System32\drivers\isapnp.sys 2296B158C43C306B0AC5B4D57EA9F0E1
C:\WINDOWS\System32\drivers\msiscsi.sys 2DC0765992CFECE3B13F3BFD20E69DCC
C:\WINDOWS\System32\drivers\xtos.sys 8C17F3795DAE9A0ECDE4B3A3B0740E5F
C:\WINDOWS\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\WINDOWS\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\WINDOWS\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\WINDOWS\System32\Drivers\ksecdd.sys 69FA8BEBADF807089FEFCD3F59CFAC1E
C:\WINDOWS\System32\Drivers\ksecpkg.sys C1081E2B36F77781167FD9401119B98E
C:\WINDOWS\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\WINDOWS\System32\drivers\lltdio.sys CB5A6E117502156794F0DA9E61506006
C:\WINDOWS\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\WINDOWS\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\WINDOWS\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\WINDOWS\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\WINDOWS\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\WINDOWS\System32\Drivers\MbamChameleon.sys 5C3083CDE45F25797F6B4310BF916394
C:\WINDOWS\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\WINDOWS\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\WINDOWS\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\WINDOWS\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\WINDOWS\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\WINDOWS\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\WINDOWS\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\WINDOWS\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\WINDOWS\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\WINDOWS\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\WINDOWS\System32\drivers\mountmgr.sys 6434BC884502E95EEA2379C92DD22B60
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA9B35C6-0ACE-4053-90DF-CD01E0FDF25F}\MpKsl11e31cfa.sys FD4BC5A31AE7C81B7D34BB8A78371B6D
C:\WINDOWS\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066
C:\WINDOWS\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 34898F29BF0E9A84E183046318D17814
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4
C:\WINDOWS\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys AE111778CA6AC08862B3C713F0413333
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\WINDOWS\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\WINDOWS\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\WINDOWS\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\WINDOWS\System32\drivers\MSKSSRV.sys B25B2CD3E052D68075A3814AAA0C6421
C:\WINDOWS\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\WINDOWS\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys 4EB9B77179BDEE89C496E60D4BF85CC1
C:\WINDOWS\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\WINDOWS\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\WINDOWS\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\WINDOWS\System32\Drivers\mup.sys DB5B1539F5EBB3DD3A7ED25ADBC4D6D9
C:\WINDOWS\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\WINDOWS\System32\DRIVERS\nwifi.sys 8A9CD53B0FBE679116638120CCBB201E
C:\WINDOWS\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\WINDOWS\System32\drivers\ndis.sys 44071DC1A957B2062E0C2EE14E05A607
C:\WINDOWS\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\WINDOWS\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\WINDOWS\System32\drivers\ndisuio.sys 8D977AFC195A3F4B15B05D02B2BD0292
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\WINDOWS\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\NDProxy.sys AC908EF74DB5BC1DC7FB2BF0205D4FF1
C:\WINDOWS\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\WINDOWS\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\WINDOWS\System32\drivers\netbios.sys AAC1622CA213F7DA660A04FD51B730C3
C:\WINDOWS\System32\DRIVERS\netbt.sys 401C17200AA0433D94EA61695F111DC3
C:\WINDOWS\System32\drivers\netvsc.sys 19A981EC09C5C78A063FFF2E1E71CD28
C:\Windows\System32\Drivers\Npfs.sys 84EB8F01B140618518AFF30B9951F132
C:\WINDOWS\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\WINDOWS\System32\drivers\nsiproxy.sys 958921BB7AE2671983743FDA0DD587C4
C:\Windows\System32\Drivers\NTFS.sys 70750B27A72427B0ACAE2D6CD161946A
C:\Windows\System32\Drivers\Null.sys 0D1E03A5F87F4DE04D97622C686910A2
C:\WINDOWS\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\WINDOWS\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\WINDOWS\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\WINDOWS\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\WINDOWS\System32\drivers\partmgr.sys BD93CDE9A332C00BCB0836483271781F
C:\WINDOWS\System32\drivers\pci.sys FC0D7D7ADACA8A3746D31F9C710F9E2B
C:\WINDOWS\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\WINDOWS\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\WINDOWS\System32\drivers\pcw.sys ACD510CF2B631A2D36B2CFB7D31E22FD
C:\WINDOWS\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\WINDOWS\System32\drivers\peauth.sys F21127EDE5D72090A1B029AFF4AFFD17
C:\WINDOWS\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\WINDOWS\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\WINDOWS\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\WINDOWS\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\WINDOWS\System32\drivers\raspptp.sys C6010D36B68FB534D1B1245978C9921D
C:\WINDOWS\System32\drivers\processr.sys B1111C47F128C946BDC87A18E44007EB
C:\WINDOWS\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\WINDOWS\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\WINDOWS\System32\DRIVERS\rasacd.sys F57D1DE0C9522BCD590A69D044641B5A
C:\WINDOWS\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\WINDOWS\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\WINDOWS\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\WINDOWS\System32\DRIVERS\rdbss.sys 0945839C334DAAD62EB528F8A5C7F946
C:\WINDOWS\System32\drivers\rdpbus.sys 8A5285B38A203D15110E142DE68406DD
C:\WINDOWS\System32\drivers\rdpdr.sys DF83769C92527DB50653F8FB57D001FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\WINDOWS\System32\drivers\rdyboost.sys 12AF835862F2B6B2FB9DEA8BA2288587
C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499
C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6
C:\WINDOWS\System32\drivers\rfcomm.sys 5BF7698021DB13B55753FD921BEBE318
C:\WINDOWS\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys 4AEF2CC20371CC7965C460EB0CC5DEF5
C:\WINDOWS\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\WINDOWS\System32\drivers\rt640x64.sys 78983CC6A1C29B75324B22BA0087E60B
C:\WINDOWS\System32\drivers\vms3cap.sys F0FA6B67B16EEFDEF8E8AFAD47A4F9B8
C:\WINDOWS\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\WINDOWS\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\WINDOWS\System32\drivers\sdbus.sys 0FB6CCFA52FE5AD0B8D86E8AB370EF34
C:\WINDOWS\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\WINDOWS\System32\drivers\sdstor.sys C289832A3174DC9D393C7603C511DF79
C:\WINDOWS\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\WINDOWS\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\WINDOWS\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\WINDOWS\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\WINDOWS\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F
C:\WINDOWS\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\WINDOWS\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\WINDOWS\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys DDACBE2EFD5143E24EE59B0F460F25BA
C:\WINDOWS\System32\drivers\spaceport.sys 215836D9719355A2C378300BDE31FB83
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917
C:\WINDOWS\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\WINDOWS\System32\DRIVERS\srv2.sys C7DAAB9C4A77B3C3C38A7CB6158E82ED
C:\WINDOWS\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487
C:\WINDOWS\system32\DRIVERS\stdriverx64.sys 4F3BFCC627EE6617D286EF5B4B235576
C:\WINDOWS\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\WINDOWS\system32\DRIVERS\serscan.sys 0690CE515A295BD101415C7E411C43F3
C:\WINDOWS\System32\drivers\storahci.sys DD1F00B80DDD12252B7B228ABCE181A9
C:\WINDOWS\System32\drivers\vmstorfl.sys A12CFAAA0F113A25D8CEFE58B1CBB207
C:\WINDOWS\System32\drivers\stornvme.sys DA0097E6C70EA25F6020CC97C7828F70
C:\WINDOWS\System32\drivers\storqosflt.sys 57377953F5688158054BC8CB5A243115
C:\WINDOWS\System32\drivers\storufs.sys B59D29E535AF7E82717C2AD2C57EEC67
C:\WINDOWS\System32\drivers\storvsc.sys 9B431079624306B5659B3B7208A71C75
C:\WINDOWS\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\WINDOWS\System32\drivers\Synth3dVsc.sys AB15F9FDCD11D5283891BC956E8C5C95
C:\WINDOWS\system32\DRIVERS\SynTP.sys D47B1A895DD6DAAE11DFD7A961E8E26C
C:\WINDOWS\System32\drivers\tcpip.sys 420A2A36A7E04D137DB35126C0C451A3
C:\WINDOWS\System32\drivers\tcpip.sys 420A2A36A7E04D137DB35126C0C451A3
C:\WINDOWS\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\WINDOWS\system32\DRIVERS\tdx.sys 571D82ABAC428D902ACA0CF60373C039
C:\WINDOWS\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\WINDOWS\System32\drivers\Thotkey.sys 3D4F13D1A7687095F507D323B91CB279
C:\WINDOWS\System32\drivers\tosrfec.sys A371045B9685DE327BDF5088AA0F5842
C:\WINDOWS\System32\drivers\tpm.sys 1658D060057C85DEC82BFCB018C4C22F
C:\WINDOWS\System32\drivers\TsUsbFlt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\WINDOWS\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\WINDOWS\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\WINDOWS\System32\drivers\TVALZ_O.SYS 6A2A692F6A987D8C3BF758CA5A225BD1
C:\WINDOWS\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\WINDOWS\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\WINDOWS\System32\drivers\UcmUcsi.sys 149CBBB74DFC3E52F242029A27B0F8EB
C:\WINDOWS\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\WINDOWS\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\WINDOWS\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\WINDOWS\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC
C:\WINDOWS\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\WINDOWS\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\WINDOWS\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\WINDOWS\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\WINDOWS\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\WINDOWS\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\WINDOWS\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\WINDOWS\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\WINDOWS\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\WINDOWS\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\WINDOWS\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\WINDOWS\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\WINDOWS\System32\drivers\UsbHub3.sys 4FA9C956E569D0D380C2859542361780
C:\WINDOWS\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\WINDOWS\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\WINDOWS\System32\drivers\usbser.sys 913CFF365DB1803525DBD2AA8B8188B4
C:\WINDOWS\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\WINDOWS\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\WINDOWS\System32\Drivers\usbvideo.sys 68788AE61B2E6A7D97CAD73B632F5BF5
C:\WINDOWS\System32\drivers\USBXHCI.SYS 41E5A6188180DC72BCECA999ED2532D4
C:\WINDOWS\System32\drivers\VClone.sys 84BB306B7863883018D7F3EB0C453BD5
C:\WINDOWS\System32\drivers\vdrvroot.sys C77C537077822D8EA529AD4EBFD971D6
C:\WINDOWS\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\WINDOWS\System32\drivers\vhdmp.sys EA64495B9FAF0052113890184DA57573
C:\WINDOWS\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\WINDOWS\System32\drivers\vmbus.sys 164E6B2919FF12911F63C7EC526ED669
C:\WINDOWS\System32\drivers\VMBusHID.sys DC9E0600B356258E31403789119C78A9
C:\WINDOWS\System32\drivers\vmgid.sys B24F74B2710B66F647419697BDB9E163
C:\WINDOWS\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\WINDOWS\System32\drivers\volmgr.sys DCE032DE20AB85CFA92141F419CFE68E
C:\WINDOWS\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\WINDOWS\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\WINDOWS\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\WINDOWS\System32\drivers\vpci.sys 702273C7C1BE9D366BAF1305D382F03C
C:\WINDOWS\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\WINDOWS\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\WINDOWS\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\WINDOWS\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\WINDOWS\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03
C:\WINDOWS\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\WINDOWS\System32\DRIVERS\wanarp.sys 478193CE0AAD5C8515568592F1F640D1
C:\WINDOWS\System32\DRIVERS\wanarp.sys 478193CE0AAD5C8515568592F1F640D1
C:\WINDOWS\system32\drivers\wcifs.sys A8DFD1465C05D9EFBDFD5C3A25B7F496
C:\WINDOWS\system32\drivers\wcnfs.sys 9DE3FDFF295F2534DF0A8B6FC4F06355
C:\WINDOWS\system32\drivers\wd\WdBoot.sys 71E8950CF0DEC853EF72EB6A67AD67ED
C:\WINDOWS\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\WINDOWS\system32\drivers\wd\WdFilter.sys F8BB41D6A300A6D7DE64678BAD3D7D6F
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 2D50C46EFE924BC24F63A45D2DB1AA3A
C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys BDD91FCE8883C0E2110FE34E8D22711A
C:\WINDOWS\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\WINDOWS\System32\drivers\wfplwfs.sys 4EAE206AF1D880C9C06FB4ACD17F0506
C:\WINDOWS\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 0484B0D01EA6F7017519EBDDBADE759D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\WINDOWS\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\WINDOWS\System32\drivers\winnat.sys 3E27B5B573DCC8DE15A93F61C01713B6
C:\WINDOWS\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6
C:\WINDOWS\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\WINDOWS\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935
C:\WINDOWS\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\WINDOWS\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\WINDOWS\System32\drivers\WudfRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\WINDOWS\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-03-25 19:21 - 2018-03-25 19:21 - 000001334 _____ C:\Users\zC\Desktop\eset scan 032518.txt
2018-03-25 14:32 - 2018-03-25 14:32 - 000000000 ____D C:\Users\zC\AppData\LocalLow\uTorrent
2018-03-25 11:19 - 2018-03-25 11:20 - 000001134 _____ C:\Users\zC\Desktop\SALog.txt
2018-03-25 10:27 - 2018-03-25 10:27 - 000142160 ____N C:\WINDOWS\system32\Drivers\upkimpsv.sys
2018-03-25 10:21 - 2018-03-25 10:21 - 000899584 _____ C:\Users\zC\Desktop\RGSA.exe
2018-03-25 10:12 - 2018-03-25 20:47 - 000000000 ____D C:\FRST
2018-03-25 09:30 - 2018-03-25 09:30 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-03-13 07:59 - 2018-03-13 07:59 - 007629824 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2018-03-05 09:40 - 2018-03-25 20:11 - 000003000 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (zC)
2018-03-02 10:07 - 2018-03-02 10:07 - 000002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-03-02 10:07 - 2018-03-02 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-03-02 10:06 - 2018-03-16 10:04 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-02-27 09:10 - 2018-02-27 09:10 - 000137104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\Drivers\amdpsp.sys
2018-02-27 09:10 - 2018-02-27 09:10 - 000129032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\tbaseregistry64.dll
2018-02-27 09:10 - 2018-02-27 09:10 - 000108552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\tbaseregistry32.dll
2018-02-27 09:10 - 2018-02-27 09:10 - 000026120 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\t-base_client_api.dll
2018-02-27 09:10 - 2018-02-27 09:10 - 000022024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\t-base_client_api.dll
2018-02-27 09:08 - 2018-02-27 09:08 - 000000000 ____D C:\ProgramData\Audyssey Labs
2018-02-27 09:06 - 2018-02-27 09:06 - 013831786 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-02-27 09:06 - 2018-02-27 09:06 - 003677152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-02-27 09:06 - 2018-02-27 09:06 - 003561920 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-02-27 09:06 - 2018-02-27 09:06 - 003509192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-02-27 09:06 - 2018-02-27 09:06 - 003410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2018-02-27 09:06 - 2018-02-27 09:06 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.
Zyrus Campbell

#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,159 posts

Posted 26 March 2018 - 04:38 AM

Hello Zyrus Campbell.
Welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.

Some set of instructions may be long or you can stay without Internet connection for a while so I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.


Your computer is infected with a variant of a SmartService Rootkit. A rootkit is one of the most difficult types of malware to find and remove. You may want to read more about this type of infection here.

Please read the instructions carefully and follow the directions in the order listed. We will have to deal with this infection step by step.

For now, in Normal mode do this please:

Right click on the FRST64.exe icon and select Run as administrator to start the tool;
Highlight and copy the following text and paste it inside the 'Search' box area of FRST;

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
End::

Once done, click on the Fix button. A file called Fixlog.txt should appear on the same location as FRST64.exe;

Please copy and paste its content in your next reply and wait for further instructions.

Thank you.

Android 8888

 


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 Zyrus Campbell

Zyrus Campbell

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 28 March 2018 - 12:38 PM

Thank you for helping me out with this. I really appreciate it. Wow, a rootkit? I'm gonna have to be more careful from now on.

 

Ok, I followed your instructions. Below are the results:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by zC (28-03-2018 14:32:46) Run:1
Running from C:\Users\zC\Desktop\Antivirus
Loaded Profiles: zC (Available Profiles: zC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
 
*****************
 
 
========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
==== End of Fixlog 14:32:50 ====
 
Thanks again!

Zyrus Campbell

#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,159 posts

Posted 29 March 2018 - 09:38 AM

Thank you for the log.

Now please read carefully the following instructions and if you don't understand something, please STOP and ask before proceed.

You will have to run a scan with FRST from the Windows Recovery Environment (RE).

But first you will need to have access to a uninfected computer and a USB Flash Drive.

Please note: The USB Flash Drive can only be inserted in the infected computer if it is either shutdown, or in the Windows RE (Recovery Environment). Otherwise, the infection will mess with the files on the USB.
 
 

Preparing the USB Flash Drive (on a clean computer)

  • Plug-in the USB Flash Drive on a clean computer and format it before using it ('Quick Format' is enough).
  • Access the Internet and download FRST64.exe from a clean computer (Don't use the FRST64.exe file stored in the infected computer):
  • Move the executable (FRST64.exe) to the USB Flash Drive.

 

Boot in the Recovery Environment (RE) (on the infected computer)

  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splash screen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Note: Once in the Windows RE, plug the USB Flash Drive in the computer.
 
Once in the Command Prompt

  • In the command prompt, type notepad and press on Enter;
  • Notepad will open. Click on the File menu and select Open;
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad;
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter;
  • Note: Replace the letter e with the drive letter of your USB Flash Drive;
  • FRST will open;
  • Click on Yes to accept the disclaimer;
  • Click on the Scan button and wait for the scan to complete;
  • A log called FRST.txt will be saved on your USB Flash Drive;
  • Please post the entire content of that log in your next reply.

 

Let me see the FRST.txt log and wait for further instructions.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 Zyrus Campbell

Zyrus Campbell

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 09 June 2018 - 11:27 AM

I apologize for dropping the ball with this. Life caught up with me and I hadn't touched the laptop in over a month. By the time I got back around to turning it back on, the loading screen was offering the option to Reset Windows so I used it. At least I'm able to use the laptop again. The performance had degraded to the point that it was simply unusable; wouldn't load or anything. So, I apologize for the long delay. Resetting removed a lot of the software that I used but that's fine, I can always reinstall. I used the Reset option to keep my files and it seems to have.

 

At any rate, I followed your instructions above and here's the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by zC (administrator) on ZC (09-06-2018 12:19:34)
Running from E:\
Loaded Profiles: zC (Available Profiles: zC)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPServiceHost.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA America Information Systems.) C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.15_none_2c4b8d3b386eed8e\TiWorker.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383328 2018-02-27] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-03] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [GoogleChromeAutoLaunch_6C7EC2962F8CF0594194777D57CC6533] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1458008 2018-05-25] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-18]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-18]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4c218fd7-ed11-40a1-8d67-cb9906afe954}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C2
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-04-11] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-04-11] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-06-09] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-04-11] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-04-11] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default [2018-06-09]
CHR Extension: (Slides) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-03]
CHR Extension: (E*TRADE Browser Trading) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgjomjdnhlppcidahijhehhfgneaolh [2018-06-09]
CHR Extension: (SEOquake) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2018-06-09]
CHR Extension: (Word Search Puzzle) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl [2018-06-09]
CHR Extension: (Docs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-03]
CHR Extension: (Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-03]
CHR Extension: (YouTube) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-03]
CHR Extension: (8-Ball Pool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2018-06-09]
CHR Extension: (Finance Toolbar - Real Time Stock Tracker) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cichbngoomgnobmmjpagmbkimbamigie [2018-06-09]
CHR Extension: (__MSG_browserActionTitle__) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkkaggocmafajhbcbknhcgnbmagjohi [2018-06-09]
CHR Extension: (Word Search) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2018-06-09]
CHR Extension: (Avast SafePrice) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-09]
CHR Extension: (Sheets) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-06-09]
CHR Extension: (Page Analytics (by Google)) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2018-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-09]
CHR Extension: (Google Calendar) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-06-09]
CHR Extension: (Save to Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2018-06-09]
CHR Extension: (Bookmark Manager) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2018-06-09]
CHR Extension: (Avast Online Security) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-06-09]
CHR Extension: (eCannabis.com News) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hleklbkjnimndonegalbakabcdhmhpbo [2018-06-09]
CHR Extension: (Google Keep - notes and lists) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-06-09]
CHR Extension: (SMhack - Social Media Management Tool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imggkmfffdfkcdekembcmkogdjgdicge [2018-06-09]
CHR Extension: (Unifeed | Social networks in one hub) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjhhjplnmadgnhoiofenklhhpijiojh [2018-06-09]
CHR Extension: (Cisco WebEx Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-06-09]
CHR Extension: (Reload All Tabs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpdljdpanfecnpindkbnikegohoobci [2018-06-09]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-06-09]
CHR Extension: (Stock Portfolio) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdoambecilccimhbonfabmoomaegehni [2018-06-09]
CHR Extension: (Google Hangouts) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-03]
CHR Extension: (Gmail) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-07] () [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-06-03] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-06-03] (AVAST Software)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-12] (WildTangent)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-06-05] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-04-09] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [697288 2017-12-19] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1669328 2018-04-02] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1061528 2018-03-06] (McAfee, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [287240 2018-03-29] (Synaptics Incorporated)
R2 taisregispinger; C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2202680 2015-05-28] (TOSHIBA America Information Systems.)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27016 2018-02-27] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\System32\drivers\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2018-02-27] (Advanced Micro Devices, Inc. )
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-06-03] (AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-06-03] (AVAST Software)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-06-03] (AVAST Software)
S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-06-03] (AVAST Software)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-06-03] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-06-03] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-06-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-06-03] (AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-06-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-03] (AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-06-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-06-03] (AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-06-03] (AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-06-03] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2018-02-27] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-09] (Malwarebytes)
R2 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC)
U3 mfeavfk02; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-28] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543632 2018-01-22] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-01-22] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2018-02-27] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010624 2018-02-27] (Realtek )
R3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [53768 2018-03-29] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [42600 2018-02-27] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [44952 2018-02-27] (Toshiba Client Solutions Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-09 12:08 - 2018-06-09 12:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-06-09 12:05 - 2018-06-09 12:05 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-06-09 10:41 - 2018-06-09 10:41 - 000000000 ____D C:\Users\zC\AppData\Roaming\Google
2018-06-09 10:38 - 2018-06-09 10:38 - 000001381 _____ C:\Users\zC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk
2018-06-09 10:28 - 2018-06-09 10:28 - 000003442 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-06-09 10:28 - 2018-06-09 10:28 - 000003344 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3369261439-609741471-2718208431-1001
2018-06-03 23:32 - 2018-06-03 23:32 - 000000000 ____D C:\ProgramData\AMD
2018-06-03 20:37 - 2018-06-09 12:08 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-06-03 20:37 - 2018-06-09 10:49 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-06-03 20:23 - 2018-06-09 10:28 - 000000000 ____D C:\Program Files\Common Files\AV
2018-06-03 18:03 - 2015-07-10 07:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180603-180309.backup
2018-06-03 16:48 - 2018-06-03 17:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-03 16:48 - 2018-06-03 16:48 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-03 16:47 - 2018-06-03 16:47 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-03 15:40 - 2018-06-03 15:40 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-03 15:40 - 2018-06-03 15:40 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-03 15:38 - 2018-06-09 10:40 - 000000000 ____D C:\Users\zC\AppData\Local\Google
2018-06-03 15:38 - 2018-06-03 16:10 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-03 15:38 - 2018-06-03 16:10 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-03 15:38 - 2018-06-03 15:40 - 000000000 ____D C:\Program Files (x86)\Google
2018-06-03 15:34 - 2018-06-03 15:34 - 000001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-06-03 15:34 - 2018-06-03 15:34 - 000001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-06-03 15:34 - 2018-06-03 15:34 - 000000000 ____D C:\Users\zC\AppData\Roaming\AVAST Software
2018-06-03 15:34 - 2018-06-03 15:34 - 000000000 ____D C:\Users\zC\AppData\Local\CEF
2018-06-03 15:29 - 2018-06-09 12:11 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-06-03 15:28 - 2018-06-03 15:26 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000381552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000159120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000111360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-06-03 15:28 - 2018-06-03 15:24 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-06-03 15:28 - 2018-06-03 15:23 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-06-03 15:28 - 2018-06-03 15:23 - 000234560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-06-03 15:28 - 2018-06-03 15:23 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-06-03 15:28 - 2018-06-03 15:23 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-06-03 15:28 - 2018-06-03 15:23 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-06-03 15:26 - 2018-06-03 15:26 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-06-03 15:26 - 2018-06-03 15:26 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-06-03 15:20 - 2018-06-03 15:20 - 000000013 __RSH C:\WINDOWS\system32\Drivers\fbd.sys
2018-06-03 15:19 - 2018-06-03 15:19 - 000000000 ____D C:\Program Files\AVAST Software
2018-06-03 15:18 - 2018-06-03 17:56 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-03 14:52 - 2018-06-09 12:04 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-03 14:52 - 2018-06-03 14:52 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-03 14:52 - 2018-06-03 14:52 - 000001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-06-03 14:52 - 2018-06-03 14:52 - 000001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-03 14:52 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-03 14:52 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2018-06-03 14:51 - 2018-06-09 10:18 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-06-03 14:51 - 2018-06-03 18:01 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-06-03 14:51 - 2018-06-03 14:51 - 000000000 ____D C:\Users\zC\AppData\Local\DBG
2018-06-03 14:51 - 2018-06-03 14:51 - 000000000 ____D C:\Users\zC\AppData\Local\Comms
2018-06-03 14:33 - 2018-06-03 14:35 - 000000000 ____D C:\Users\zC\AppData\Local\MicrosoftEdge
2018-06-03 14:17 - 2018-06-03 14:17 - 000000000 ____D C:\Users\zC\AppData\Roaming\Macromedia
2018-06-03 01:04 - 2018-06-09 10:28 - 000002365 _____ C:\Users\zC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-03 00:59 - 2018-06-03 01:02 - 000000000 ____D C:\Users\zC\AppData\Roaming\DropboxOEM
2018-06-03 00:59 - 2018-06-03 00:59 - 000000000 ____D C:\Users\zC\AppData\Local\DropboxOEM
2018-06-03 00:57 - 2018-06-03 00:57 - 000000000 ____D C:\Users\zC\AppData\Local\Publishers
2018-06-03 00:56 - 2018-06-03 17:43 - 000000000 ____D C:\Users\zC\AppData\Local\Packages
2018-06-03 00:56 - 2018-06-03 00:56 - 000000000 ____D C:\Users\zC\AppData\Roaming\Adobe
2018-06-03 00:56 - 2018-06-03 00:56 - 000000000 ____D C:\Users\zC\AppData\Local\VirtualStore
2018-06-03 00:55 - 2018-06-03 00:55 - 000000020 ___SH C:\Users\zC\ntuser.ini
2018-06-03 00:55 - 2018-06-03 00:55 - 000000000 ____D C:\Users\zC\AppData\Local\ConnectedDevicesPlatform
2018-06-02 18:44 - 2018-06-03 01:04 - 000000000 ____D C:\ProgramData\TOSHIBA
2018-06-02 18:42 - 2018-06-09 11:01 - 000000000 ____D C:\Windows.old
2018-06-02 18:42 - 2018-06-02 18:43 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-06-02 18:42 - 2018-06-02 15:40 - 000000000 ____D C:\WINDOWS\Panther
2018-06-02 18:39 - 2018-06-02 18:40 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-06-02 18:37 - 2018-06-02 18:37 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-06-02 18:34 - 2018-06-02 18:35 - 000000000 ____D C:\WINDOWS\AMDTAs
2018-06-02 18:33 - 2018-06-02 18:33 - 000000000 ____D C:\Program Files\Synaptics
2018-06-02 18:32 - 2018-06-02 18:32 - 000000000 ____D C:\WINDOWS\Setup
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files\MSBuild
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-06-02 18:27 - 2018-06-02 15:19 - 000000000 ____D C:\WINDOWS\OCR
2018-06-02 18:24 - 2018-06-03 00:56 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\0409
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-06-02 18:20 - 2018-06-05 19:24 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-02 18:20 - 2018-06-05 19:24 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-02 18:16 - 2018-06-02 18:42 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-06-02 18:16 - 2018-06-02 18:10 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-06-02 18:16 - 2018-06-02 18:10 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-06-02 18:16 - 2018-06-02 18:10 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-06-02 18:16 - 2018-06-02 18:10 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-06-02 18:16 - 2018-06-02 18:10 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-06-02 18:16 - 2018-06-02 18:10 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2018-06-02 18:16 - 2018-06-02 18:10 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-06-02 18:16 - 2018-06-02 18:10 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-06-02 18:16 - 2018-06-02 18:10 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-06-02 18:16 - 2018-06-02 18:10 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-06-02 18:15 - 2018-06-09 12:16 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-02 18:15 - 2018-06-09 12:15 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-02 18:15 - 2018-06-09 12:15 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-02 18:15 - 2018-06-09 10:40 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-02 18:15 - 2018-06-03 16:29 - 000000000 ___RD C:\Program Files (x86)
2018-06-02 18:15 - 2018-06-03 00:55 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-02 18:15 - 2018-06-02 18:44 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-02 18:15 - 2018-06-02 18:42 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\Provisioning
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\Program Files\Windows Defender
2018-06-02 18:15 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\com
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\IME
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\Help
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files\Common Files\system
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 __RSD C:\WINDOWS\media
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\ias
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\Cursors
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\addins
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Web
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Vss
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\tracing
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\TAPI
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SystemResources
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SystemApps
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\ras
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\IME
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\System
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SKB
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\security
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\schemas
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SchCache
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Resources
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\rescache
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\PLA
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Performance
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\InputMethod
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Globalization
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Branding
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files\Windows Security
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files\windows nt
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files\Common Files\Services
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-06-02 18:15 - 2018-06-02 15:32 - 000000000 ____D C:\WINDOWS\Registration
2018-06-02 18:15 - 2018-06-02 15:31 - 000000000 __RHD C:\Users\Public\Libraries
2018-06-02 18:15 - 2018-06-02 15:30 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-06-02 18:15 - 2018-06-02 15:19 - 000000000 ____D C:\WINDOWS\system32\spool
2018-06-02 18:15 - 2018-06-02 15:17 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-02 18:15 - 2018-06-02 15:09 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-02 18:15 - 2018-06-02 15:08 - 000000000 ____D C:\WINDOWS\appcompat
2018-06-02 18:15 - 2018-06-02 15:02 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-06-02 18:15 - 2018-06-02 14:58 - 000000000 ____D C:\ProgramData\USOPrivate
2018-06-02 18:15 - 2018-06-02 14:55 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-06-02 18:15 - 2018-06-02 14:55 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-02 18:15 - 2018-06-02 14:46 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-06-02 18:12 - 2018-06-09 12:04 - 000000000 ____D C:\WINDOWS\INF
2018-06-02 18:01 - 2018-06-09 12:18 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-02 17:49 - 2018-06-09 15:26 - 087818240 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-06-02 17:49 - 2018-06-09 15:26 - 000028672 _____ C:\WINDOWS\system32\config\SAM
2018-06-02 17:49 - 2018-06-09 15:25 - 043515904 _____ C:\WINDOWS\system32\config\SYSTEM
2018-06-02 17:49 - 2018-06-09 15:25 - 000057344 _____ C:\WINDOWS\system32\config\SECURITY
2018-
Zyrus Campbell

#6 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,159 posts

Posted 10 June 2018 - 06:52 AM

Hello Zyrus Campbell and welcome back!

 

I apologize for dropping the ball with this. Life caught up with me and I hadn't touched the laptop in over a month.

There is no problem at all. Okay, let's continue.

 

I see you ran FRST from E:\

 

Also, the FRST.txt log that you post is not complete and you did not post the content of the Addition.txt log as well.

 

Please move the executable FRST file to your computer Desktop and run a new scan. Then copy and paste the entire content of the two logs (FRST.txt and Addition.txt) for my review.

 

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#7 Zyrus Campbell

Zyrus Campbell

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 10 June 2018 - 11:56 AM

Ok, I misunderstood. Here are the results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by zC (administrator) on ZC (10-06-2018 13:40:43)
Running from C:\Users\zC\Desktop
Loaded Profiles: zC (Available Profiles: zC)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPServiceHost.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA America Information Systems.) C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383328 2018-02-27] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-03] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [GoogleChromeAutoLaunch_6C7EC2962F8CF0594194777D57CC6533] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1458008 2018-05-25] (Google Inc.)
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\RunOnce: [Uninstall 18.065.0329.0002_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\zC\AppData\Local\Microsoft\OneDrive\18.065.0329.0002_1\amd64"
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\RunOnce: [Uninstall 18.065.0329.0002_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\zC\AppData\Local\Microsoft\OneDrive\18.065.0329.0002_1"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-18]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-18]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4c218fd7-ed11-40a1-8d67-cb9906afe954}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C2
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-04-11] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-04-11] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-06-09] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-04-11] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-04-11] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default [2018-06-10]
CHR Extension: (Slides) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-03]
CHR Extension: (E*TRADE Browser Trading) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgjomjdnhlppcidahijhehhfgneaolh [2018-06-09]
CHR Extension: (SEOquake) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2018-06-09]
CHR Extension: (Word Search Puzzle) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl [2018-06-09]
CHR Extension: (Docs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-03]
CHR Extension: (Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-03]
CHR Extension: (YouTube) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-03]
CHR Extension: (8-Ball Pool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2018-06-09]
CHR Extension: (Finance Toolbar - Real Time Stock Tracker) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cichbngoomgnobmmjpagmbkimbamigie [2018-06-09]
CHR Extension: (__MSG_browserActionTitle__) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkkaggocmafajhbcbknhcgnbmagjohi [2018-06-09]
CHR Extension: (Word Search) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2018-06-09]
CHR Extension: (Avast SafePrice) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-09]
CHR Extension: (Sheets) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-06-09]
CHR Extension: (Page Analytics (by Google)) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2018-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-09]
CHR Extension: (Google Calendar) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-06-09]
CHR Extension: (Save to Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2018-06-09]
CHR Extension: (Bookmark Manager) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2018-06-09]
CHR Extension: (Avast Online Security) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-06-09]
CHR Extension: (eCannabis.com News) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hleklbkjnimndonegalbakabcdhmhpbo [2018-06-09]
CHR Extension: (Google Keep - notes and lists) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-06-09]
CHR Extension: (SMhack - Social Media Management Tool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imggkmfffdfkcdekembcmkogdjgdicge [2018-06-09]
CHR Extension: (Unifeed | Social networks in one hub) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjhhjplnmadgnhoiofenklhhpijiojh [2018-06-09]
CHR Extension: (Cisco WebEx Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-06-09]
CHR Extension: (Reload All Tabs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpdljdpanfecnpindkbnikegohoobci [2018-06-09]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-06-09]
CHR Extension: (Stock Portfolio) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdoambecilccimhbonfabmoomaegehni [2018-06-09]
CHR Extension: (Google Hangouts) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-03]
CHR Extension: (Gmail) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-07] () [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-06-03] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-06-03] (AVAST Software)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-12] (WildTangent)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-06-05] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-04-09] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [697288 2017-12-19] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1669328 2018-04-02] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1061528 2018-03-06] (McAfee, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [287240 2018-03-29] (Synaptics Incorporated)
R2 taisregispinger; C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2202680 2015-05-28] (TOSHIBA America Information Systems.)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27016 2018-02-27] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\System32\drivers\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2018-02-27] (Advanced Micro Devices, Inc. )
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-06-03] (AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-06-03] (AVAST Software)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-06-03] (AVAST Software)
S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-06-03] (AVAST Software)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-06-03] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-06-03] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-06-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-06-03] (AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-06-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-03] (AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-06-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-06-03] (AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-06-03] (AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-06-03] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2018-02-27] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-09] (Malwarebytes)
R2 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-28] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543632 2018-01-22] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-01-22] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2018-02-27] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010624 2018-02-27] (Realtek )
R3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [53768 2018-03-29] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [42600 2018-02-27] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [44952 2018-02-27] (Toshiba Client Solutions Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-10 13:40 - 2018-06-10 13:42 - 000023634 _____ C:\Users\zC\Desktop\FRST.txt
2018-06-10 13:39 - 2018-06-09 12:18 - 002413056 _____ (Farbar) C:\Users\zC\Desktop\FRST64.exe
2018-06-10 10:27 - 2018-06-10 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-06-10 10:16 - 2018-06-09 10:21 - 000450575 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20180610-101658.backup
2018-06-09 14:18 - 2018-06-09 14:18 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-09 12:05 - 2018-06-09 12:05 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-06-09 10:41 - 2018-06-09 10:41 - 000000000 ____D C:\Users\zC\AppData\Roaming\Google
2018-06-09 10:38 - 2018-06-09 10:38 - 000001381 _____ C:\Users\zC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk
2018-06-09 10:28 - 2018-06-10 10:27 - 000003344 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3369261439-609741471-2718208431-1001
2018-06-09 10:28 - 2018-06-09 10:28 - 000003442 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-06-03 23:32 - 2018-06-03 23:32 - 000000000 ____D C:\ProgramData\AMD
2018-06-03 20:37 - 2018-06-09 12:08 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-06-03 20:37 - 2018-06-09 10:49 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-06-03 20:23 - 2018-06-09 10:28 - 000000000 ____D C:\Program Files\Common Files\AV
2018-06-03 18:03 - 2015-07-10 07:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180603-180309.backup
2018-06-03 16:48 - 2018-06-03 17:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-03 16:48 - 2018-06-03 16:48 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-03 16:47 - 2018-06-03 16:47 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-03 15:40 - 2018-06-03 15:40 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-03 15:40 - 2018-06-03 15:40 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-03 15:38 - 2018-06-09 10:40 - 000000000 ____D C:\Users\zC\AppData\Local\Google
2018-06-03 15:38 - 2018-06-03 16:10 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-03 15:38 - 2018-06-03 16:10 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-03 15:38 - 2018-06-03 15:40 - 000000000 ____D C:\Program Files (x86)\Google
2018-06-03 15:34 - 2018-06-03 15:34 - 000001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-06-03 15:34 - 2018-06-03 15:34 - 000001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-06-03 15:34 - 2018-06-03 15:34 - 000000000 ____D C:\Users\zC\AppData\Roaming\AVAST Software
2018-06-03 15:34 - 2018-06-03 15:34 - 000000000 ____D C:\Users\zC\AppData\Local\CEF
2018-06-03 15:29 - 2018-06-09 13:16 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-06-03 15:28 - 2018-06-03 15:26 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000381552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000159120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000111360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-06-03 15:28 - 2018-06-03 15:26 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-06-03 15:28 - 2018-06-03 15:24 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-06-03 15:28 - 2018-06-03 15:23 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-06-03 15:28 - 2018-06-03 15:23 - 000234560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-06-03 15:28 - 2018-06-03 15:23 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-06-03 15:28 - 2018-06-03 15:23 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-06-03 15:28 - 2018-06-03 15:23 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-06-03 15:26 - 2018-06-03 15:26 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-06-03 15:26 - 2018-06-03 15:26 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-06-03 15:20 - 2018-06-03 15:20 - 000000013 __RSH C:\WINDOWS\system32\Drivers\fbd.sys
2018-06-03 15:19 - 2018-06-03 15:19 - 000000000 ____D C:\Program Files\AVAST Software
2018-06-03 15:18 - 2018-06-03 17:56 - 000000000 ____D C:\ProgramData\AVAST Software
2018-06-03 14:52 - 2018-06-09 14:18 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-03 14:52 - 2018-06-03 14:52 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-03 14:52 - 2018-06-03 14:52 - 000001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-06-03 14:52 - 2018-06-03 14:52 - 000001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-03 14:52 - 2018-06-03 14:52 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-03 14:52 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2018-06-03 14:51 - 2018-06-09 13:10 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-06-03 14:51 - 2018-06-03 18:01 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-06-03 14:51 - 2018-06-03 14:51 - 000000000 ____D C:\Users\zC\AppData\Local\DBG
2018-06-03 14:51 - 2018-06-03 14:51 - 000000000 ____D C:\Users\zC\AppData\Local\Comms
2018-06-03 14:33 - 2018-06-03 14:35 - 000000000 ____D C:\Users\zC\AppData\Local\MicrosoftEdge
2018-06-03 14:17 - 2018-06-03 14:17 - 000000000 ____D C:\Users\zC\AppData\Roaming\Macromedia
2018-06-03 14:17 - 2018-05-04 05:37 - 000278448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Notifier.exe
2018-06-03 01:04 - 2018-06-10 10:27 - 000002365 _____ C:\Users\zC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-03 00:59 - 2018-06-03 01:02 - 000000000 ____D C:\Users\zC\AppData\Roaming\DropboxOEM
2018-06-03 00:59 - 2018-06-03 00:59 - 000000000 ____D C:\Users\zC\AppData\Local\DropboxOEM
2018-06-03 00:57 - 2018-06-03 00:57 - 000000000 ____D C:\Users\zC\AppData\Local\Publishers
2018-06-03 00:56 - 2018-06-03 17:43 - 000000000 ____D C:\Users\zC\AppData\Local\Packages
2018-06-03 00:56 - 2018-06-03 00:56 - 000000000 ____D C:\Users\zC\AppData\Roaming\Adobe
2018-06-03 00:56 - 2018-06-03 00:56 - 000000000 ____D C:\Users\zC\AppData\Local\VirtualStore
2018-06-03 00:55 - 2018-06-03 00:55 - 000000020 ___SH C:\Users\zC\ntuser.ini
2018-06-03 00:55 - 2018-06-03 00:55 - 000000000 ____D C:\Users\zC\AppData\Local\ConnectedDevicesPlatform
2018-06-02 18:44 - 2018-06-03 01:04 - 000000000 ____D C:\ProgramData\TOSHIBA
2018-06-02 18:42 - 2018-06-09 11:01 - 000000000 ____D C:\Windows.old
2018-06-02 18:42 - 2018-06-02 18:43 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-06-02 18:42 - 2018-06-02 15:40 - 000000000 ____D C:\WINDOWS\Panther
2018-06-02 18:39 - 2018-06-02 18:40 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-06-02 18:37 - 2018-06-02 18:37 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-06-02 18:34 - 2018-06-02 18:35 - 000000000 ____D C:\WINDOWS\AMDTAs
2018-06-02 18:33 - 2018-06-02 18:33 - 000000000 ____D C:\Program Files\Synaptics
2018-06-02 18:32 - 2018-06-02 18:32 - 000000000 ____D C:\WINDOWS\Setup
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-06-02 18:27 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files\MSBuild
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-06-02 18:27 - 2018-06-02 18:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-06-02 18:27 - 2018-06-02 15:19 - 000000000 ____D C:\WINDOWS\OCR
2018-06-02 18:24 - 2018-06-03 00:56 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\0409
2018-06-02 18:24 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-06-02 18:20 - 2018-06-05 19:24 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-02 18:20 - 2018-06-05 19:24 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-02 18:16 - 2018-06-02 18:42 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-06-02 18:16 - 2018-06-02 18:10 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-06-02 18:16 - 2018-06-02 18:10 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-06-02 18:16 - 2018-06-02 18:10 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-06-02 18:16 - 2018-06-02 18:10 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-06-02 18:16 - 2018-06-02 18:10 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-06-02 18:16 - 2018-06-02 18:10 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2018-06-02 18:16 - 2018-06-02 18:10 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-06-02 18:16 - 2018-06-02 18:10 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-06-02 18:16 - 2018-06-02 18:10 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-06-02 18:16 - 2018-06-02 18:10 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-06-02 18:15 - 2018-06-09 12:59 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-02 18:15 - 2018-06-09 12:58 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-02 18:15 - 2018-06-09 12:33 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-06-02 18:15 - 2018-06-09 10:40 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-02 18:15 - 2018-06-03 16:29 - 000000000 ___RD C:\Program Files (x86)
2018-06-02 18:15 - 2018-06-03 00:55 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-02 18:15 - 2018-06-02 18:44 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-02 18:15 - 2018-06-02 18:42 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\WINDOWS\Provisioning
2018-06-02 18:15 - 2018-06-02 18:31 - 000000000 ____D C:\Program Files\Windows Defender
2018-06-02 18:15 - 2018-06-02 18:27 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\system32\com
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\IME
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\WINDOWS\Help
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files\Common Files\system
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-02 18:15 - 2018-06-02 18:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 __RSD C:\WINDOWS\media
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\ias
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\Cursors
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\WINDOWS\addins
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-06-02 18:15 - 2018-06-02 18:16 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Web
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Vss
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\tracing
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\TAPI
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SystemResources
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SystemApps
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\ras
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\IME
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\System
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SKB
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\security
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\schemas
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\SchCache
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Resources
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\rescache
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\PLA
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Performance
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\InputMethod
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Globalization
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\WINDOWS\Branding
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files\Windows Security
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files\windows nt
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files\Common Files\Services
2018-06-02 18:15 - 2018-06-02 18:15 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-06-02 18:15 - 2018-06-02 15:32 - 000000000 ____D C:\WINDOWS\Registration
2018-06-02 18:15 - 2018-06-02 15:31 - 000000000 __RHD C:\Users\Public\Libraries
2018-06-02 18:15 - 2018-06-02 15:30 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-06-02 18:15 - 2018-06-02 15:19 - 000000000 ____D C:\WINDOWS\system32\spool
2018-06-02 18:15 - 2018-06-02 15:17 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-02 18:15 - 2018-06-02 15:09 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-02 18:15 - 2018-06-02 15:08 - 000000000 ____D C:\WINDOWS\appcompat
2018-06-02 18:15 - 2018-06-02 15:02 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-06-02 18:15 - 2018-06-02 14:58 - 000000000 ____D C:\ProgramData\USOPrivate
2018-06-02 18:15 - 2018-06-02 14:55 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-06-02 18:15 - 2018-06-02 14:55 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-02 18:15 - 2018-06-02 14:46 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-06-02 18:12 - 2018-06-09 12:04 - 000000000 ____D C:\WINDOWS\INF
2018-06-02 18:01 - 2018-06-09 12:27 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-02 17:49 - 2018-06-09 15:26 - 000028672 _____ C:\WINDOWS\system32\config\SAM
2018-06-02 17:49 - 2018-06-09 13:08 - 088080384 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-06-02 17:49 - 2018-06-09 13:08 - 043515904 _____ C:\WINDOWS\system32\config\SYSTEM
2018-06-02 17:49 - 2018-06-09 13:08 - 005242880 _____ C:\WIND
Zyrus Campbell

#8 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,159 posts

Posted 10 June 2018 - 04:34 PM

Zyrus Campbell,

 

I used the Reset option to keep my files and it seems to have.

The fact that the Operating System had been reset contributed to eliminate the initial infection. Still and once you chose to reset the system by maintaining all data files, that could not be enough to clean all infected items. That's why I asked you to run a new scan with FRST and post a new set of logs for my review.

 

The Farbar tool (FRST.exe file) produces two files which are the FRST.txt and Addition.txt.

 

You can find those logs in the same location as FRST.exe file, which is on the Desktop.

 

Please open the FRST.txt file and copy/paste its whole content in to your reply.

 

Then locate and open the Addition.txt file and copy/paste its whole content in your reply.

 

Make sure you select the entire content of each file.

 

You can post the content of both in the same reply. 

 

Finally and before you add your reply please check it out to see if any of the content is cut off by clicking on the 'Preview Post' button.
 

Please let me know if anything is unclear.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#9 Zyrus Campbell

Zyrus Campbell

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 16 June 2018 - 07:47 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by zC (administrator) on ZC (16-06-2018 21:21:33)
Running from C:\Users\zC\Desktop
Loaded Profiles: zC (Available Profiles: zC)
Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPServiceHost.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA America Information Systems.) C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MSGSDK\msgrunner.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\zC\AppData\Local\Google\Chrome\User Data\SwReporter\30.158.200\software_reporter_tool.exe
(Google) C:\Users\zC\AppData\Local\Google\Chrome\User Data\SwReporter\30.158.200\software_reporter_tool.exe
(Google) C:\Users\zC\AppData\Local\Google\Chrome\User Data\SwReporter\30.158.200\software_reporter_tool.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18383328 2018-02-27] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-24] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-03] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [GoogleChromeAutoLaunch_6C7EC2962F8CF0594194777D57CC6533] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1458008 2018-05-25] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-18]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-18]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{4c218fd7-ed11-40a1-8d67-cb9906afe954}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C2
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-05-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-05-08] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-06-14] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-05-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-05-08] ()
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default [2018-06-16]
CHR Extension: (Slides) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-03]
CHR Extension: (E*TRADE Browser Trading) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgjomjdnhlppcidahijhehhfgneaolh [2018-06-09]
CHR Extension: (SEOquake) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2018-06-09]
CHR Extension: (Word Search Puzzle) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl [2018-06-09]
CHR Extension: (Docs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-03]
CHR Extension: (Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-03]
CHR Extension: (YouTube) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-03]
CHR Extension: (8-Ball Pool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2018-06-09]
CHR Extension: (Finance Toolbar - Real Time Stock Tracker) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cichbngoomgnobmmjpagmbkimbamigie [2018-06-16]
CHR Extension: (__MSG_browserActionTitle__) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkkaggocmafajhbcbknhcgnbmagjohi [2018-06-09]
CHR Extension: (Word Search) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2018-06-09]
CHR Extension: (Avast SafePrice) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-06-09]
CHR Extension: (Sheets) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-03]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-06-09]
CHR Extension: (Page Analytics (by Google)) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2018-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-09]
CHR Extension: (Google Calendar) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2018-06-09]
CHR Extension: (Save to Google Drive) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2018-06-09]
CHR Extension: (Bookmark Manager) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2018-06-09]
CHR Extension: (Avast Online Security) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-06-09]
CHR Extension: (eCannabis.com News) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hleklbkjnimndonegalbakabcdhmhpbo [2018-06-09]
CHR Extension: (Google Keep - notes and lists) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2018-06-16]
CHR Extension: (SMhack - Social Media Management Tool) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imggkmfffdfkcdekembcmkogdjgdicge [2018-06-09]
CHR Extension: (Unifeed | Social networks in one hub) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbjhhjplnmadgnhoiofenklhhpijiojh [2018-06-09]
CHR Extension: (Cisco Webex Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-06-16]
CHR Extension: (Reload All Tabs) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpdljdpanfecnpindkbnikegohoobci [2018-06-09]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-06-16]
CHR Extension: (Stock Portfolio) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdoambecilccimhbonfabmoomaegehni [2018-06-09]
CHR Extension: (Google Hangouts) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-03]
CHR Extension: (Gmail) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\zC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-07] () [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-06-03] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-06-03] (AVAST Software)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-03] (McAfee, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-12] (WildTangent)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-06-05] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-05-16] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [697288 2017-12-19] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, LLC)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1676024 2018-05-01] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
S2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1047448 2018-05-07] (McAfee, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [287240 2018-03-29] (Synaptics Incorporated)
R2 taisregispinger; C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2202680 2015-05-28] (TOSHIBA America Information Systems.)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [27016 2018-02-27] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\System32\drivers\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2018-02-27] (Advanced Micro Devices, Inc. )
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-06-03] (AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-06-03] (AVAST Software)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-06-03] (AVAST Software)
S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-06-03] (AVAST Software)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-06-03] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-06-03] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-06-03] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-06-03] (AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-06-03] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-03] (AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-06-03] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-06-03] (AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-06-03] (AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-06-03] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2018-02-27] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-16] (Malwarebytes)
R2 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-02-28] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543624 2018-04-30] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108432 2018-04-30] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, LLC)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2018-02-27] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010624 2018-02-27] (Realtek )
R3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [53768 2018-03-29] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [42600 2018-02-27] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [44952 2018-02-27] (Toshiba Client Solutions Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-16 21:16 - 2018-06-16 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-06-14 09:48 - 2018-06-16 15:19 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-06-14 09:47 - 2018-06-14 09:47 - 000002135 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2018-06-14 09:46 - 2018-06-15 16:30 - 000000000 ____D C:\ProgramData\Adobe
2018-06-14 09:26 - 2018-06-14 09:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-06-12 01:23 - 2018-06-12 01:23 - 000000000 ____D C:\ProgramData\phpDesigner
2018-06-12 01:22 - 2018-06-12 01:23 - 000000000 ____D C:\Users\zC\AppData\Roaming\phpDesigner
2018-06-12 01:22 - 2018-06-12 01:22 - 000000000 ____D C:\Users\zC\AppData\Local\Notepad++
2018-06-12 01:20 - 2018-06-15 17:14 - 000000000 ____D C:\Users\zC\AppData\Roaming\Notepad++
2018-06-12 01:20 - 2018-06-12 01:22 - 000000000 ____D C:\Program Files (x86)\Notepad++
2018-06-12 00:41 - 2018-06-16 15:19 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-06-12 00:13 - 2018-06-14 09:49 - 000000000 ____D C:\Users\zC\AppData\Local\Adobe
2018-06-12 00:10 - 2018-06-14 09:47 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-06-11 23:25 - 2018-06-11 23:25 - 000000000 ____D C:\Users\zC\AppData\Roaming\Nitro
2018-06-11 22:11 - 2018-06-11 22:11 - 000002016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2018-06-11 22:11 - 2018-06-11 22:11 - 000002004 _____ C:\Users\Public\Desktop\Nitro Pro 9.lnk
2018-06-11 22:11 - 2018-06-11 22:11 - 000000000 ____D C:\ProgramData\Nitro
2018-06-11 22:11 - 2018-06-11 22:11 - 000000000 ____D C:\Program Files\Nitro
2018-06-11 22:11 - 2018-06-11 22:11 - 000000000 ____D C:\Program Files\Common Files\Nitro
2018-06-11 22:11 - 2018-06-11 22:11 - 000000000 ____D C:\Program Files (x86)\Nitro
2018-06-11 22:11 - 2014-05-19 13:26 - 000029704 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalmon9.dll
2018-06-11 22:11 - 2014-05-19 13:26 - 000017928 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalui9.dll
2018-06-11 22:08 - 2018-06-11 22:08 - 000000000 ____D C:\Users\zC\AppData\Roaming\Downloaded Installations
2018-06-11 21:52 - 2018-05-03 02:36 - 025254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-11 21:52 - 2018-05-03 02:16 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-11 21:52 - 2018-04-15 17:26 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-11 21:52 - 2018-04-15 16:34 - 006482664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-11 21:52 - 2018-03-01 23:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-06-11 21:52 - 2018-02-10 02:14 - 004504464 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-11 21:51 - 2018-05-03 03:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-11 21:51 - 2018-05-03 03:36 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-11 21:51 - 2018-05-03 03:34 - 021356824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-11 21:51 - 2018-05-03 02:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-11 21:51 - 2018-05-03 01:57 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-11 21:51 - 2018-05-03 01:53 - 006060544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-11 21:51 - 2018-04-15 17:48 - 005859248 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-06-11 21:51 - 2018-04-15 16:12 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-11 21:51 - 2018-04-15 16:07 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-11 21:51 - 2018-03-01 03:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-11 21:50 - 2018-05-03 02:17 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-06-11 21:50 - 2018-04-15 16:12 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-11 21:50 - 2018-04-15 16:04 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-11 21:50 - 2018-04-15 16:03 - 003177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-11 21:50 - 2018-03-29 23:28 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-06-11 21:50 - 2018-03-13 01:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-06-11 21:50 - 2018-03-13 01:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-06-11 21:50 - 2018-03-01 01:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-06-11 21:50 - 2018-03-01 01:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-11 21:50 - 2018-03-01 01:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-11 21:50 - 2018-02-10 02:03 - 001619808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-06-11 21:49 - 2018-05-03 03:54 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-06-11 21:49 - 2018-05-03 03:53 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-11 21:49 - 2018-05-03 03:52 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-06-11 21:49 - 2018-05-03 03:50 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-06-11 21:49 - 2018-05-03 02:31 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-11 21:49 - 2018-05-03 02:25 - 020290248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-11 21:49 - 2018-05-03 02:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-11 21:49 - 2018-05-03 02:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-11 21:49 - 2018-05-03 02:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-11 21:49 - 2018-05-03 02:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-11 21:49 - 2018-05-03 02:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-11 21:49 - 2018-05-03 02:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-11 21:49 - 2018-05-03 01:59 - 018924544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-11 21:49 - 2018-05-03 01:58 - 006467072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-06-11 21:49 - 2018-05-03 01:52 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-11 21:49 - 2018-04-15 17:38 - 003180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-11 21:49 - 2018-04-15 17:32 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-06-11 21:49 - 2018-04-15 17:26 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-11 21:49 - 2018-04-15 16:47 - 001490856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-11 21:49 - 2018-04-15 16:36 - 002386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-11 21:49 - 2018-04-15 16:34 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-11 21:49 - 2018-04-15 16:08 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-11 21:49 - 2018-04-15 16:07 - 012689920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-06-11 21:49 - 2018-04-15 16:07 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-11 21:49 - 2018-04-15 16:06 - 013660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-06-11 21:49 - 2018-04-15 16:06 - 011924480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-11 21:49 - 2018-04-15 16:05 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-11 21:49 - 2018-04-15 16:04 - 001236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-11 21:49 - 2018-04-15 16:03 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-11 21:49 - 2018-04-15 16:03 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-06-11 21:49 - 2018-04-15 16:03 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-06-11 21:49 - 2018-04-15 16:02 - 004814336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-11 21:49 - 2018-04-15 16:02 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-06-11 21:49 - 2018-04-15 16:00 - 002223616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-11 21:49 - 2018-03-30 00:51 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-06-11 21:49 - 2018-03-29 23:27 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-11 21:49 - 2018-03-29 23:26 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-11 21:49 - 2018-03-29 23:26 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-06-11 21:49 - 2018-03-29 23:25 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-06-11 21:49 - 2018-03-29 23:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-06-11 21:49 - 2018-03-29 23:21 - 002511360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-11 21:49 - 2018-03-13 01:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-06-11 21:49 - 2018-03-13 01:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-06-11 21:49 - 2018-03-13 01:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-06-11 21:49 - 2018-03-13 00:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-06-11 21:49 - 2018-03-01 03:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-06-11 21:49 - 2018-03-01 01:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-11 21:49 - 2018-02-10 02:16 - 002406456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-11 21:49 - 2018-02-10 02:10 - 000614160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-11 21:49 - 2018-02-10 02:08 - 003010248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-11 21:49 - 2018-02-10 02:07 - 004506576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-11 21:49 - 2018-02-10 02:06 - 004486904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-11 21:49 - 2018-02-10 02:04 - 006791984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-11 21:49 - 2018-02-10 01:17 - 002255112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-11 21:49 - 2018-02-10 01:07 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2018-06-11 21:49 - 2018-02-10 01:06 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-11 21:49 - 2018-02-10 00:40 - 004498432 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-06-11 21:49 - 2018-02-08 23:35 - 004959688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2018-06-11 21:49 - 2018-02-01 23:36 - 003903944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2018-06-11 21:48 - 2018-05-03 03:54 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-06-11 21:48 - 2018-05-03 03:53 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-06-11 21:48 - 2018-05-03 03:52 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-11 21:48 - 2018-05-03 03:52 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-06-11 21:48 - 2018-05-03 03:50 - 000423328 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-06-11 21:48 - 2018-05-03 03:50 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-06-11 21:48 - 2018-05-03 03:48 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-06-11 21:48 - 2018-05-03 03:48 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-06-11 21:48 - 2018-05-03 03:45 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-11 21:48 - 2018-05-03 03:41 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-06-11 21:48 - 2018-05-03 03:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-11 21:48 - 2018-05-03 03:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-11 21:48 - 2018-05-03 03:35 - 002472864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-11 21:48 - 2018-05-03 02:39 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-06-11 21:48 - 2018-05-03 02:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-11 21:48 - 2018-05-03 02:19 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-11 21:48 - 2018-05-03 02:18 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-06-11 21:48 - 2018-05-03 02:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-11 21:48 - 2018-05-03 02:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-06-11 21:48 - 2018-05-03 02:09 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-06-11 21:48 - 2018-05-03 02:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-11 21:48 - 2018-05-03 02:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-06-11 21:48 - 2018-05-03 02:09 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-06-11 21:48 - 2018-05-03 02:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-11 21:48 - 2018-05-03 02:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-11 21:48 - 2018-05-03 02:05 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-11 21:48 - 2018-05-03 01:56 - 002677248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-11 21:48 - 2018-05-03 01:53 - 007813120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-06-11 21:48 - 2018-05-03 01:52 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-11 21:48 - 2018-04-15 18:07 - 001463344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-06-11 21:48 - 2018-04-15 18:04 - 000779952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-06-11 21:48 - 2018-04-15 17:51 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-11 21:48 - 2018-04-15 17:50 - 001925760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-11 21:48 - 2018-04-15 17:49 - 001954056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-11 21:48 - 2018-04-15 17:49 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-06-11 21:48 - 2018-04-15 17:48 - 001638424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-11 21:48 - 2018-04-15 17:38 - 000979360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-06-11 21:48 - 2018-04-15 17:32 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-11 21:48 - 2018-04-15 17:30 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-06-11 21:48 - 2018-04-15 17:29 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-11 21:48 - 2018-04-15 17:26 - 002711176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-11 21:48 - 2018-04-15 17:25 - 001430768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-06-11 21:48 - 2018-04-15 17:23 - 001101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-11 21:48 - 2018-04-15 16:47 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-11 21:48 - 2018-04-15 16:47 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-11 21:48 - 2018-04-15 16:47 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-11 21:48 - 2018-04-15 16:47 - 001323336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-06-11 21:48 - 2018-04-15 16:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-06-11 21:48 - 2018-04-15 16:47 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-06-11 21:48 - 2018-04-15 16:38 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-06-11 21:48 - 2018-04-15 16:38 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-11 21:48 - 2018-04-15 16:35 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-11 21:48 - 2018-04-15 16:34 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-11 21:48 - 2018-04-15 16:34 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-06-11 21:48 - 2018-04-15 16:16 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-11 21:48 - 2018-04-15 16:15 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-11 21:48 - 2018-04-15 16:11 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-11 21:48 - 2018-04-15 16:10 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-11 21:48 - 2018-04-15 16:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2018-06-11 21:48 - 2018-04-15 16:08 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-11 21:48 - 2018-04-15 16:08 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.Schema.Shell.dll
2018-06-11 21:48 - 2018-04-15 16:07 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-11 21:48 - 2018-04-15 16:06 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-06-11 21:48 - 2018-04-15 16:05 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-06-11 21:48 - 2018-04-15 16:04 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-11 21:48 - 2018-04-15 16:04 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-11 21:48 - 2018-04-15 16:04 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-06-11 21:48 - 2018-04-15 16:04 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-06-11 21:48 - 2018-04-15 16:04 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-06-11 21:48 - 2018-04-15 16:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-06-11 21:48 - 2018-04-15 16:03 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-06-11 21:48 - 2018-04-15 16:03 - 004248064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-11 21:48 - 2018-04-15 16:03 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-06-11 21:48 - 2018-04-15 16:03 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-06-11 21:48 - 2018-04-15 16:03 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-11 21:48 - 2018-04-15 16:02 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-11 21:48 - 2018-04-15 16:00 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2018-06-11 21:48 - 2018-03-30 08:34 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-11 21:48 - 2018-03-30 01:05 - 000015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-06-11 21:48 - 2018-03-30 01:03 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-06-11 21:48 - 2018-03-30 01:03 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-06-11 21:48 - 2018-03-30 01:01 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-06-11 21:48 - 2018-03-30 01:01 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-06-11 21:48 - 2018-03-30 00:58 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-11 21:48 - 2018-03-30 00:57 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-11 21:48 - 2018-03-30 00:54 - 000461728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-06-11 21:48 - 2018-03-30 00:53 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-11 21:48 - 2018-03-30 00:53 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-06-11 21:48 - 2018-03-30 00:52 - 000727456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-06-11 21:48 - 2018-03-30 00:52 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-11 21:48 - 2018-03-30 00:52 - 000428960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-06-11 21:48 - 2018-03-30 00:50 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-06-11 21:48 - 2018-03-30 00:48 - 000614304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-06-11 21:48 - 2018-03-29 23:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-06-11 21:48 - 2018-03-29 23:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-06-11 21:48 - 2018-03-29 23:35 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-06-11 21:48 - 2018-03-29 23:35 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-11 21:48 - 2018-03-29 23:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-06-11 21:48 - 2018-03-29 23:31 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-06-11 21:48 - 2018-03-29 23:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-06-11 21:48 - 2018-03-29 23:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-11 21:48 - 2018-03-29 23:28 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-06-11 21:48 - 2018-03-29 23:28 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-06-11 21:48 - 2018-03-29 23:28 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-06-11 21:48 - 2018-03-29 23:28 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-11 21:48 - 2018-03-29 23:28 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-06-11 21:48 - 2018-03-29 23:27 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-06-11 21:48 - 2018-03-29 23:27 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-06-11 21:48 - 2018-03-29 23:27 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-11 21:48 - 2018-03-29 23:26 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-06-11 21:48 - 2018-03-29 23:26 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-06-11 21:48 - 2018-03-29 23:26 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-06-11 21:48 - 2018-03-29 23:25 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-06-11 21:48 - 2018-03-29 23:25 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-06-11 21:48 - 2018-03-29 23:24 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-06-11 21:48 - 2018-03-29 23:23 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-11 21:48 - 2018-03-29 23:21 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-11 21:48 - 2018-03-13 02:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-11 21:48 - 2018-03-13 01:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-06-11 21:48 - 2018-03-13 01:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-06-11 21:48 - 2018-03-13 01:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-06-11 21:48 - 2018-03-13 01:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-06-11 21:48 - 2018-03-13 01:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-06-11 21:48 - 2018-03-13 01:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-06-11 21:48 - 2018-03-13 01:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-06-11 21:48 - 2018-03-13 01:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-06-11 21:48 - 2018-03-13 01:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-11 21:48 - 2018-03-13 01:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-06-11 21:48 - 2018-03-13 01:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-06-11 21:48 - 2018-03-13 01:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-06-11 21:48 - 2018-03-13 01:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-06-11 21:48 - 2018-03-13 01:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-11 21:48 - 2018-03-13 00:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-06-11 21:48 - 2018-03-13 00:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-06-11 21:48 - 2018-03-13 00:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-06-11 21:48 - 2018-03-13 00:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-11 21:48 - 2018-03-01 03:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-06-11 21:48 - 2018-03-01 03:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-06-11 21:48 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-11 21:48 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-11 21:48 - 2018-03-01 01:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-06-11 21:48 - 2018-03-01 01:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-06-11 21:48 - 2018-03-01 01:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-06-11 21:48 - 2018-03-01 01:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-11 21:48 - 2018-03-01 01:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-06-11 21:48 - 2018-02-21 20:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-11 21:48 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-11 21:48 - 2018-02-10 02:19 - 001133888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-11 21:48 - 2018-02-10 02:14 - 001002592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-06-11 21:48 - 2018-02-10 02:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-06-11 21:48 - 2018-02-10 02:08 - 000687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-06-11 21:48 - 2018-02-10 02:06 - 000824896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-06-11 21:48 - 2018-02-10 02:06 - 000594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-11 21:48 - 2018-02-10 02:04 - 001426672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-11 21:48 - 2018-02-10 02:04 - 001254144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-11 21:48 - 2018-02-10 02:04 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-11 21:48 - 2018-02-10 02:04 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-11 21:48 - 2018-02-10 02:03 - 000722616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-06-11 21:48 - 2018-02-10 01:18 - 001384288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-11 21:48 - 2018-02-10 01:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-06-11 21:48 - 2018-02-10 01:09 - 002338776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-11 21:48 - 2018-02-10 01:09 - 000559976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-06-11 21:48 - 2018-02-10 01:08 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-11 21:48 - 2018-02-10 01:06 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-11 21:48 - 2018-02-10 01:05 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-11 21:48 - 2018-02-10 01:05 - 001149272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-11 21:48 - 2018-02-10 00:50 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-11 21:48 - 2018-02-10 00:40 - 001234432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll
2018-06-11 21:48 - 2018-02-10 00:40 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-11 21:48 - 2018-02-10 00:39 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-06-11 21:48 - 2018-02-10 00:38 - 002184192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-06-11 21:48 - 2018-02-10 00:38 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-11 21:48 - 2018-02-10 00:37 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-06-11 21:48 - 2018-02-10 00:37 - 003419136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-06-11 21:48 - 2018-02-10 00:37 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-11 21:48 - 2018-02-10 00:36 - 001759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-06-11 21:48 - 2018-02-10 00:35 - 000943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-11 21:48 - 2018-02-10 00:35 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-11 21:48 - 2018-02-10 00:35 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-11 21:48 - 2018-02-10 00:34 - 002983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-06-11 21:48 - 2018-02-10 00:33 - 001936384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-06-11 21:48 - 2018-02-09 22:59 - 000804240 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-06-11 21:48 - 2018-02-09 22:59 - 000804240 _____ C:\WINDOWS\system32\locale.nls
2018-06-11 21:48 - 2018-02-08 23:35 - 001234888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2018-06-11 21:48 - 2018-01-01 07:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-11 21:48 - 2018-01-01 07:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-11 21:47 - 2018-05-03 03:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-06-11 21:47 - 2018-05-03 03:56 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-11 21:47 - 2018-05-03 03:56 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-11 21:47 - 2018-05-03 03:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-11 21:47 - 2018-05-03 03:50 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-11 21:47 - 2018-05-03 03:48 - 000793960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-06-11 21:47 - 2018-05-03 03:47 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-11 21:47 - 2018-05-03 03:45 - 000711936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-11 21:47 - 2018-05-03 03:43 - 000702568 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2018-06-11 21:47 - 2018-05-03 03:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-06-11 21:47 - 2018-05-03 03:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-11 21:47 - 2018-05-03 03:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-11 21:47 - 2018-05-03 03:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-06-11 21:47 - 2018-05-03 03:36 - 000247200 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-11 21:47 - 2018-05-03 03:35 - 000358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-11 21:47 - 2018-05-03 03:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-11 21:47 - 2018-05-03 02:44 - 000595448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2018-06-11 21:47 - 2018-05-03 02:43 - 000594056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-06-11 21:47 - 2018-05-03 02:29 - 000285144 _____ (Micros
Zyrus Campbell

#10 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,159 posts

Posted 17 June 2018 - 03:14 PM

Hello Zyrus Campbell,

 

You have not yet posted the content of the Addition.txt log that is located in your computer Desktop.

 

Please post it for my review so I can suggest more instructions.

 

Also, what issues or concerns are you still having on this computer at this point?

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#11 Zyrus Campbell

Zyrus Campbell

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 18 June 2018 - 08:20 AM

Is there a character limit on the post reply? I could've sworn that I copy/pasted both results in my replies... oh well. Here should be the Additions results.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by zC (16-06-2018 21:26:00)
Running from C:\Users\zC\Desktop
Windows 10 Home Version 1709 16299.431 (X64) (2018-06-02 19:40:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3369261439-609741471-2718208431-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3369261439-609741471-2718208431-503 - Limited - Disabled)
Guest (S-1-5-21-3369261439-609741471-2718208431-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3369261439-609741471-2718208431-504 - Limited - Disabled)
zC (S-1-5-21-3369261439-609741471-2718208431-1001 - Administrator - Enabled) => C:\Users\zC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-7c78cbb8-548d-4732-9905-083c4a7edf71) (Version: 3.0.2.118 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{FE3EC7E3-39A4-E7A5-63C5-03068F3B0118}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-fb816ede-d200-4a07-8a8b-3fb80fd7e16f) (Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth® Link (HKLM\...\{3F3DCC8C-2C93-4082-A6DE-BBDC74804FA0}) (Version: 4.3.03 - Toshiba Corporation)
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-eb09279a-4e0a-4c1c-a760-64d29d29300f) (Version: 3.0.2.48 - WildTangent) Hidden
CyberLink PhotoDirector 5 (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6312.0 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6312.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5509.05 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-6624cf8c-879f-4f9e-8cdf-8963e24be1b2) (Version: 3.0.2.48 - WildTangent) Hidden
Designer (HKLM-x32\...\{85785744-60E1-4827-A04A-E8DBCE7D218E}) (Version: 6.1 - Adobe Systems Incorporated)
Family Vacation 2: Road Trip (HKLM-x32\...\WTA-e04f2aaa-db0a-4442-8f5d-e5fb8d078dc6) (Version: 3.0.2.59 - WildTangent) Hidden
Get Dropbox (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.62 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Home Makeover (HKLM-x32\...\WTA-582df650-45ec-4e18-a4c5-e7eafb474b1a) (Version: 3.0.2.59 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-c49d6919-82c3-45b9-929b-93243aa78e6d) (Version: 3.0.2.118 - WildTangent) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R12 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.203 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{77A90BCD-4667-3CA8-E4B0-741A58CF1D9F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Plagiarii (HKLM-x32\...\WTA-78e1833c-e83b-4853-aa75-1ee87cbc804b) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-3d2c9b1d-834c-4cb8-94ed-9f412cc512fb) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.29089 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8264 - Realtek Semiconductor Corp.)
Rory's Restaurant (HKLM-x32\...\WTA-96607a8f-e278-4cc4-bd98-333f354dda2d) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-e02f28f7-3487-442b-adfa-53ff427d5578) (Version: 3.0.2.126 - WildTangent) Hidden
SocialSafe (HKLM-x32\...\SocialSafe 7.0.6) (Version: 7.0.6 - Social Safe Limited)
Spotify (HKLM-x32\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.182 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.8 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.3 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.1.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B02384B3-8C5B-4927-A190-E767C8FCFD25}) (Version: v3.0.0.1 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{D4D9182B-E935-4B0B-B6E5-0AD75DA8B08D}) (Version: 2.0.0.0 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 2.00.0005 - Toshiba Corporation)
TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.1.2 - TOSHIBA)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.11.16 - WildTangent) Hidden
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11545 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-03] (AVAST Software)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-18] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-03] (AVAST Software)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-05-08] (McAfee, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2014-05-19] (Nitro PDF)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-07-07] (WinZip Computing, S.L.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-03] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-07-07] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-07-07] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-03] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2018-05-08] (McAfee, Inc.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-07-07] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FBFAA5A-E4D9-4F49-8B19-9F5FFB674FDB} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-06-14] (McAfee, Inc.)
Task: {14F7D0B3-0100-42C0-AF20-F07C9E197FB4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {19D91679-4967-40DC-A169-5D4C5CCFF69B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {29228D27-EBBD-44D1-9B8D-53803049AADC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-03] (Google Inc.)
Task: {2E4062C4-E63D-4797-9341-FA9414266C94} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-06-03] (AVAST Software)
Task: {6456C1E6-6F2F-40E2-9D9C-7EE82AB689B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {64C4BB7F-9917-435C-86C5-D065B3051AE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-03] (Google Inc.)
Task: {80225317-51CF-4836-BA3D-F41BAE9EFA05} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-04] (McAfee, Inc.)
Task: {997E37D5-BAEB-4917-A8B0-0A9FF96E5FC6} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [2015-07-08] (Toshiba Corporation)
Task: {A15EAC31-9CC4-4B89-80DA-40F954BB8D41} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {AC661747-8B48-4F05-9567-B337E86C9FEE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {B13A073E-AB32-404B-8A1B-6C45A4EFCC59} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe [2018-05-04] (Microsoft Corporation)
Task: {C12CB744-CA98-43AA-BA7B-D3C3B01E579A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {EE491CD1-4D9F-43EF-A5EA-77D732E5F488} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {F2BE281A-D75C-4945-8B5F-D299E99C7AF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {FB71370B-9EC4-4341-8416-D6FB7509A1B7} - System32\Tasks\McAfee\McAfee Idle Detection Task
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\zC\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
 
ShortcutWithArgument: C:\Users\zC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-09-18 04:26 - 2014-04-14 21:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2018-06-03 14:52 - 2018-06-09 14:18 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-07-07 00:37 - 2015-07-07 00:37 - 000138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2018-03-18 19:40 - 2018-03-18 19:40 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-06-11 21:52 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-06-11 21:49 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 000020904 _____ () C:\Program Files\TOSHIBA\System Setting\SmoothView.dll
2018-06-03 15:25 - 2018-06-03 15:25 - 000482520 _____ () c:\program files\avast software\avast\streamback.dll
2018-06-15 16:52 - 2018-06-15 16:52 - 005841040 _____ () c:\program files\avast software\avast\defs\18061504\algo.dll
2018-06-03 15:25 - 2018-06-03 15:25 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-06-03 15:33 - 2018-06-03 15:33 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-06-03 15:23 - 2018-06-03 15:23 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-06-03 15:25 - 2018-06-03 15:25 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-06-03 15:25 - 2018-06-03 15:25 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-06-03 15:34 - 2018-06-03 15:34 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-06-03 15:23 - 2018-06-03 15:23 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-06-03 15:40 - 2018-05-25 15:59 - 003867480 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.62\libglesv2.dll
2018-06-03 15:40 - 2018-05-25 15:59 - 000085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.62\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 07:04 - 2018-06-16 15:34 - 000450575 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15459 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Innovation\Bishop Tree.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{616993D2-BA13-4989-8439-32D4271CD63E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{39D484D0-F8CA-477B-938B-B84BA18272B4}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{673F28F8-61B6-4679-ACF8-8137608D5F84}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{1E065349-C772-496A-BE34-5911E9BD643C}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{8BABD5C1-585F-4A16-8C16-54A82C0BBB8D}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{1900F0B3-D466-4A3D-8518-78A664733F7C}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{6BA1B1DB-15FE-41AC-A2E8-CEDEE1C143E1}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{9C3F0B56-56FB-4DF4-989C-3D6BA4DC5C7C}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{45A812E0-AC52-4C2C-B4B7-BC95A3C321C9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{1441AD0E-3F26-4890-A1CA-0FA3C44577F2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{78BEAD42-F833-4A81-8CBB-DDD0CF467AEC}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{1E408FBA-48F5-4CDB-B064-7D19DB4B9010}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
03-06-2018 16:44:10 Windows Update
09-06-2018 12:14:51 Windows Update
12-06-2018 00:08:31 Installed Designer.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/16/2018 02:26:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 18.91.506.6, time stamp: 0x5b115b0b
Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0xac8afc81
Exception code: 0xc0000374
Fault offset: 0x000da849
Faulting process id: 0xe0c
Faulting application start time: 0x01d403d430c9dca2
Faulting application path: C:\Users\zC\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0d03fbf0-cadd-408f-91dc-3cc98ddb8234
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/11/2018 10:20:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\zC\Desktop\hdd\Apps\Antivirus\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.125_none_15cbcf8893620c09.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.125_none_5d79065fa7de350f.manifest.
 
Error: (06/10/2018 09:44:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\zC\Downloads\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/09/2018 12:10:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.16299.98 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2404
 
Start Time: 01d4000c0f2071c7
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
 
Report Id: 552d1304-27dc-412a-b09b-b33c8a7a95a0
 
Faulting package full name: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: CortanaUI
 
Error: (06/09/2018 12:09:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ZC)
Description: Package Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
 
Error: (06/09/2018 12:08:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ZC)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (06/03/2018 11:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.16299.125, time stamp: 0xfeba44fb
Faulting module name: twinui.pcshell.dll, version: 10.0.16299.64, time stamp: 0xb927010b
Exception code: 0xc0000005
Fault offset: 0x000000000012782b
Faulting process id: 0x1700
Faulting application start time: 0x01d3fb682bdc2a35
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\system32\twinui.pcshell.dll
Report Id: 08f0a7df-c972-4e6b-9827-2834e3418588
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/03/2018 10:20:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\zC\Downloads\vcredist_arm.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (06/16/2018 09:18:39 PM) (Source: DCOM) (EventID: 10016) (User: ZC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user ZC\zC SID (S-1-5-21-3369261439-609741471-2718208431-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2018 09:14:27 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
 
Error: (06/16/2018 03:40:59 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.
 
Error: (06/16/2018 03:38:46 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.
 
Error: (06/16/2018 03:38:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
 
Error: (06/16/2018 03:38:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2018 03:38:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/16/2018 03:34:12 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server Windows.Internal.StateRepository.ApplicationExtension did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2018-06-16 15:36:49.047
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-06-16 15:36:49.047
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-06-16 15:36:49.047
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-06-16 15:36:49.047
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2018-06-16 15:36:49.047
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
CodeIntegrity:
===================================
 
Date: 2018-06-03 14:53:03.399
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-03 14:53:03.343
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-03 14:53:03.304
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-03 14:53:03.209
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-03 14:53:03.152
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-03 14:53:03.112
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-03 14:53:03.034
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 50%
Total physical RAM: 5081.26 MB
Available physical RAM: 2512.18 MB
Total Virtual: 7257.26 MB
Available Virtual: 4786.82 MB
 
==================== Drives ================================
 
Drive c: (TI10718300D) (Fixed) (Total:697.42 GB) (Free:107.72 GB) NTFS
 
\\?\Volume{b5a7abd1-33e0-440e-b7a4-c337a9030e37}\ (ESP) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
\\?\Volume{05e8381e-5786-4e0b-9542-884615c5c0b7}\ () (Fixed) (Total:0.95 GB) (Free:0.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Zyrus Campbell

#12 Zyrus Campbell

Zyrus Campbell

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 18 June 2018 - 08:25 AM

To answer your question... for the most part, everything seems to be working ok. Haven't really had any issues yet. Is there any other program I should run to see if it finds anything that needs removing?

 

Thanks again.


Zyrus Campbell

#13 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,159 posts

Posted 19 June 2018 - 07:16 AM

Alright, please proceed with the following instructions:

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [GoogleChromeAutoLaunch_6C7EC2962F8CF0594194777D57CC6533] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1458008 2018-05-25] (Google Inc.)
U3 mfeavfk01; no ImagePath
U3 aswbdisk; no ImagePath
AlternateDataStreams: C:\Windows:nlsPreferences [386]
EmptyTemp:
End::

Save the file as fixlist.txt in to the same location as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder as FRST is running from. Please post its content to your next reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Now I would like you to run an online scan with ESET Online Scanner. This scan can take several hours to complete but it's worth it.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop.
    • Close all your programs and browsers and disconnect any USB flash drives from the computer.
    • Please disable your Antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Right-click on esetonlinescanner_enu.exe and select Run as administrator.
    • Click Yes to accept the User Account Control security warning that may appear. It will open a window with the Terms of Use.
  • Click the Accept button.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your Antivirus program.


Please post the content of the Fixlog.txt and the ESET log (if it produced one).


Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#14 Zyrus Campbell

Zyrus Campbell

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 23 June 2018 - 10:15 AM

Here are the results...
 
Thanks again
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by zC (23-06-2018 11:39:19) Run:1
Running from C:\Users\zC\Desktop
Loaded Profiles: zC (Available Profiles: zC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3369261439-609741471-2718208431-1001\...\Run: [GoogleChromeAutoLaunch_6C7EC2962F8CF0594194777D57CC6533] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1458008 2018-05-25] (Google Inc.)
U3 mfeavfk01; no ImagePath
U3 aswbdisk; no ImagePath
AlternateDataStreams: C:\Windows:nlsPreferences [386]
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => removed successfully
"HKU\S-1-5-21-3369261439-609741471-2718208431-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_6C7EC2962F8CF0594194777D57CC6533" => removed successfully
mfeavfk01 => service not found.
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
C:\Windows => ":nlsPreferences" ADS removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 71726370 B
Java, Flash, Steam htmlcache => 907 B
Windows/system/drivers => 2102289 B
Edge => 25212596 B
Chrome => 409769670 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 260426 B
systemprofile32 => 0 B
LocalService => 39860 B
NetworkService => 288850206 B
zC => 238760316 B
 
RecycleBin => 7128 B
EmptyTemp: => 996.2 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-06-2018 12:01:23)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
 
==== End of Fixlog 12:01:24 ====

Zyrus Campbell

#15 Zyrus Campbell

Zyrus Campbell

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 24 June 2018 - 09:46 AM

Sorry, I ran the ESETScan but forgot to export the results. Running again.


Zyrus Campbell

#16 Zyrus Campbell

Zyrus Campbell

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 24 June 2018 - 03:09 PM

Just ran it again; I didn't see any option for "List Threats" or "Export".


Zyrus Campbell

#17 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,159 posts

Posted 26 June 2018 - 05:32 AM

Hello ZyrusCampbell,


The List threats option is only available if ESET Online Scanner found something. Otherwise it means your computer appears to be clean and free of malware!


Now it's time to search for updates. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to infect computers.

You can download, install and run a program like FileHippo Update Checker or UCheck to see what programs need to be updated.


After doing that you can now remove the tools we used in this clean-up by running DelFix.

Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following options :
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. I do not need to see it, just close and delete it. It can be found in C:\Delfix.txt

 

Are there any other issues or concerns with the computer?

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#18 Zyrus Campbell

Zyrus Campbell

    Member

  • Full Member
  • Pip
  • 35 posts

Posted 19 July 2018 - 04:57 PM

Sorry, took a couple more weeks off from using the laptop. Family stuff...

 

Anyway; from what I can tell, all seems much better now, thanks to your help. I really appreciate it. I'll go through these instructions and check for updates and what not.

 

Is there a post on this site with recommended spyware, malware, etc. software? I thought it would be pinned or something to that effect.

 

Thanks again!!


Zyrus Campbell

#19 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,159 posts

Posted 19 July 2018 - 05:06 PM

Hello Zyrus Campbell, welcome back!

 

Anyway; from what I can tell, all seems much better now, thanks to your help.

I'm glad to hear that. You're most welcome! :good:

 

 

Is there a post on this site with recommended spyware, malware, etc. software? I thought it would be pinned or something to that effect.

When you have done the updates and complete the instructions in my previous post I'll give you some recommendations and links for that.

 

Please keep me posted.

 

Android 8888

 


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#20 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,159 posts

Posted 05 November 2018 - 06:11 AM

Glad we could help.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a new topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button