[RESOLVED] reponse to hacked computer
Page 1 of 3 123 LastLast
Results 1 to 15 of 39

Thread: [RESOLVED] reponse to hacked computer

  1. #1
    Join Date
    Jan 2019
    Posts
    31

    Resolved [RESOLVED] reponse to hacked computer

    Hey.
    Addition.txtFRST.txt

    Here are the files from that day 1/8/2019. Uploading this because I had someone attempted to stop my debit cards one day, I might've been targeted back in May 2018. I reported it to the FBI.

    Here's also a script of NETSTAT IP addresses from today just at 1840pm, not sure what it's useful for.

    Proto Local Address Foreign Address State
    TCP 10.3.114.210:54194 edge-star-shv-01-atl3:https ESTABLISHED
    TCP 10.3.114.210:54195 108.177.122.188:5228 ESTABLISHED
    TCP 10.3.114.210:54201 edge-star-shv-01-atl3:https ESTABLISHED
    TCP 10.3.114.210:54207 ec2-54-149-188-75:https ESTABLISHED
    TCP 10.3.114.210:54211 edge-star-shv-01-atl3:https ESTABLISHED
    TCP 10.3.114.210:54220 edge-star-mini-shv-01-atl3:https ESTABLISHED
    TCP 10.3.114.210:54267 108-174-11-65:https ESTABLISHED
    TCP 10.3.114.210:54278 52.173.28.179:https ESTABLISHED
    TCP 10.3.114.210:54312 nyc04-008:http ESTABLISHED
    TCP 10.3.114.210:55464 a104-118-220-22:https CLOSE_WAIT
    TCP 10.3.114.210:55690 ec2-34-210-203-79:https CLOSE_WAIT
    TCP 10.3.114.210:55691 ec2-34-210-203-79:https CLOSE_WAIT
    TCP 10.3.114.210:55692 ec2-34-210-203-79:https CLOSE_WAIT
    TCP 10.3.114.210:56208 52.96.28.2:https TIME_WAIT
    TCP 10.3.114.210:56222 108.177.122.190:https ESTABLISHED
    TCP 10.3.114.210:56409 40.97.29.226:https ESTABLISHED
    TCP 10.3.114.210:56413 edge-star-mini-shv-01-atl3:https ESTABLISHED
    TCP 10.3.114.210:57762 server-13-249-122-48:https CLOSE_WAIT
    TCP 10.3.114.210:57821 64.86.206.88:http TIME_WAIT
    TCP 10.3.114.210:57822 64.86.206.88:http TIME_WAIT

  2. #2
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Please complete all steps listed here: http://discussions.virtualdr.com/sho...d-4-28-2013%29

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ===============================

    Please observe forum rules. All logs have to be pasted not attached or linked.

  3. #3
    Join Date
    Jan 2019
    Posts
    31

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please observe forum rules. All logs have to be pasted not attached or linked.

  5. #5
    Join Date
    Jan 2019
    Posts
    31
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
    Ran by Cosmos (15-02-2019 18:43:50)
    Running from C:\Users\Cosmos\Downloads\Antivirus\FRST
    Windows 10 Home Version 1803 17134.590 (X64) (2019-01-06 00:11:25)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-236146839-932208297-861440787-500 - Administrator - Disabled)
    Cosmos (S-1-5-21-236146839-932208297-861440787-1001 - Administrator - Enabled) => C:\Users\Cosmos
    DefaultAccount (S-1-5-21-236146839-932208297-861440787-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-236146839-932208297-861440787-1000 - Limited - Enabled) => C:\Users\defaultuser0
    Guest (S-1-5-21-236146839-932208297-861440787-501 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-236146839-932208297-861440787-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: COMODO Antivirus (Disabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3038 - Acer Incorporated)
    Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3025 - Acer Incorporated)
    Active Directory Authentication Library for SQL Server (HKLM\...\{52D1FCFD-1052-4D75-B3FB-9906901AFD98}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20091 - Adobe Systems Incorporated)
    Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
    Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
    Anki (HKLM-x32\...\Anki) (Version: - )
    Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
    Atom (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\atom) (Version: 1.34.0 - GitHub Inc.)
    Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
    Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.9.20.0 - Canon Inc.)
    Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.9.0.0 - Canon Inc.)
    ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
    COMODO Antivirus (HKLM\...\{1FCECDE0-7D34-4FA9-9EA3-03792F8CD585}) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.) Hidden
    COMODO Antivirus (HKLM\...\COMODO Internet Security) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.)
    Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 70.0.3538.110 - Comodo)
    Core FTP Server(x64) (HKLM-x32\...\CoreFTPServer(x64)) (Version: - )
    DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
    Dolby Audio X2 Windows API SDK (HKLM\...\{AA950AA4-CD9B-4D81-B6C0-BFABB7A24261}) (Version: 0.7.5.65 - Dolby Laboratories, Inc.)
    Dolby Audio X2 Windows APP (HKLM\...\{DBC4388A-9417-41DB-85CF-DF4993B84D5A}) (Version: 0.7.5.67 - Dolby Laboratories, Inc.)
    DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
    ELAN FingerPrinter 1.6.5.1_X64_WHQL (HKLM\...\ElanFP) (Version: 1.6.5.1 - ELAN Microelectronic Corp.)
    ELAN HIDI2C Filter Driver X64 13.6.7.2_WHQL (HKLM\...\Elantech) (Version: 13.6.7.2 - ELAN Microelectronic Corp.)
    Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
    FileZilla Client 3.40.0 (HKLM-x32\...\FileZilla Client) (Version: 3.40.0 - Tim Kosse)
    Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community)
    heroku (HKLM-x32\...\heroku) (Version: - Heroku)
    icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
    icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
    icecap_collectionresources (HKLM-x32\...\{1D117EF7-C5DC-45A4-836B-282D8C2C5ADA}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    icecap_collectionresources (HKLM-x32\...\{4B691388-E031-4268-A096-95173D1E6E0F}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    icecap_collectionresources (HKLM-x32\...\{9725C7F1-2D22-4FD0-B25F-A0CBDB6B2743}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    icecap_collectionresources (HKLM-x32\...\{C29CE78F-0FFD-4A53-8DDA-91CDBEC56143}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    icecap_collectionresources (HKLM-x32\...\{C60AE9CA-7FB1-46CB-9615-524FC2B304AC}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    icecap_collectionresourcesx64 (HKLM-x32\...\{2CC48522-BEEE-4F86-987F-703C76FF5BFF}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    icecap_collectionresourcesx64 (HKLM-x32\...\{5A86972C-9DB5-40AA-B4EB-0ACE96AFDF88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    icecap_collectionresourcesx64 (HKLM-x32\...\{5EBFBBAD-EBA7-4D7B-A121-A6661944E6BD}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    icecap_collectionresourcesx64 (HKLM-x32\...\{75D686C3-277D-4FAB-AD2C-FC71FE6BDF63}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    icecap_collectionresourcesx64 (HKLM-x32\...\{94387177-969C-437D-8297-1B5D7D058283}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
    IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden
    IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden
    Intel Extreme Tuning Utility (HKLM-x32\...\{275588D7-6C9D-4FB0-BBAE-2FA3F7C2DADB}) (Version: 6.4.1.25 - Intel Corporation) Hidden
    Intel Extreme Tuning Utility (HKLM-x32\...\{6a0def1c-f6f2-4a5d-81f6-a1b858352c8b}) (Version: 6.4.1.25 - Intel Corporation)
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
    Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
    Intel® Hardware Accelerated Execution Manager (HKLM\...\{22676F90-06C7-4DC0-96C2-FAE79AB306F4}) (Version: 6.2.0 - Intel Corporation)
    IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
    Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.3.447691.139 - Comodo)
    Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
    JetBrains PyCharm Community Edition 2018.3.4 (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\PyCharm Community Edition 2018.3.4) (Version: 183.5429.31 - JetBrains s.r.o.)
    Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden
    Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{4DFD6FF3-9A29-4F31-AEE1-D44E016C5AD4}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
    Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
    Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation)
    Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation)
    Microsoft .NET Core SDK 2.1.503 (x64) (HKLM-x32\...\{ce5280a9-88d6-42e4-90bc-8399a3f94460}) (Version: 2.1.503 - Microsoft Corporation)
    Microsoft .NET Core SDK 2.2.103 (x64) (HKLM-x32\...\{730ee99f-7165-41f7-b107-ced51cbb0c19}) (Version: 2.2.103 - Microsoft Corporation)
    Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
    Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
    Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
    Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation)
    Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11231.20130 - Microsoft Corporation)
    Microsoft Office 365 - fi-fi (HKLM\...\O365HomePremRetail - fi-fi) (Version: 16.0.11231.20130 - Microsoft Corporation)
    Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
    Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27024 (HKLM-x32\...\{5fb2083a-f3cc-4b78-93ff-bd9788b5de01}) (Version: 14.16.27024.1 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語 (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - JPN) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1095.110 - Microsoft Corporation)
    Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
    Mozilla Firefox 65.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.1 (x64 en-US)) (Version: 65.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
    MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    Node.js (HKLM\...\{662F5082-4F0A-4EC3-A055-00C8AEB514F1}) (Version: 11.6.0 - Node.js Foundation)
    Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.3 - Notepad++ Team)
    NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
    NVIDIA Graphics Driver 369.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 369.32 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040B-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
    Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
    Pakiet zbiorczy funkcji IntelliSense platformy Microsoft .NET Framework Cumulative Intellisense Pack dla programu Visual Studio (Polski) (HKLM-x32\...\{BCCDC1D3-999C-445B-826F-5B5548F19858}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
    Python 3.7.1 (64-bit) (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\{8a84877c-26dd-4b77-8117-80eaec80127c}) (Version: 3.7.1150.0 - Python Software Foundation)
    Python 3.7.1 (Anaconda3 2018.12 64-bit) (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\Python 3.7.1 (Anaconda3 2018.12 64-bit)) (Version: 2018.12 - Anaconda, Inc.)
    Python 3.7.1 Add to Path (64-bit) (HKLM\...\{6846E653-89AC-47BC-8E11-FB9991EC90AA}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Core Interpreter (64-bit debug) (HKLM\...\{CB1033C4-D22C-4448-AC3B-42AAAE2EDDF1}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Core Interpreter (64-bit symbols) (HKLM\...\{E4F701CA-F776-4664-9C9E-34C018C1011F}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Core Interpreter (64-bit) (HKLM\...\{3CDB402E-5970-4DCB-8EE8-D50517AB55AE}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Development Libraries (64-bit debug) (HKLM\...\{7576F61D-0D5A-4DF4-82D2-0185AD2D897B}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Development Libraries (64-bit) (HKLM\...\{61D00EE1-616D-4782-A8C5-EDD436BE9766}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Documentation (64-bit) (HKLM\...\{C66332A3-9916-4CA0-89B3-88E4F0789207}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Executables (64-bit debug) (HKLM\...\{3C0EF30A-F618-47A4-81B5-AA011D8AEFB3}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Executables (64-bit symbols) (HKLM\...\{C4F72D80-B361-40E9-A93A-34016B272E8B}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Executables (64-bit) (HKLM\...\{C3B089F9-4BA6-45A6-91A2-C5938F8702F8}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 pip Bootstrap (64-bit) (HKLM\...\{ED677B31-8BF6-49FA-9B99-A63CD45D316A}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Standard Library (64-bit debug) (HKLM\...\{493D405E-30BD-441B-8280-3E2873738177}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Standard Library (64-bit symbols) (HKLM\...\{F9FF5FDE-DFF4-48AE-B9E6-0940E0F37FA3}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Standard Library (64-bit) (HKLM\...\{7627B8B4-82DD-4BD2-B33B-465E41693F0D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Tcl/Tk Support (64-bit debug) (HKLM\...\{10C3C9C5-29B0-4D4B-861B-99EC3C5D63FA}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Tcl/Tk Support (64-bit symbols) (HKLM\...\{D27E5799-8F28-4823-B4BB-C841CA8BEC6D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Tcl/Tk Support (64-bit) (HKLM\...\{00FB4D96-77D4-4043-950E-8FA816BCAD7D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Test Suite (64-bit debug) (HKLM\...\{FFB7B7F3-47C3-4B39-A020-45F06D2A74B5}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Test Suite (64-bit symbols) (HKLM\...\{3FCFD9C6-8FE8-41AF-A952-27BBA93DC9B9}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Test Suite (64-bit) (HKLM\...\{A1CFED46-5F31-4813-A494-681BBB2B6E23}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python 3.7.1 Utility Scripts (64-bit) (HKLM\...\{96DEF82E-CD26-4AB5-A7FB-81E1B6D1DE91}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
    Python Launcher (HKLM-x32\...\{C3A1C6B1-9096-47A7-AB5C-09114002A996}) (Version: 3.7.6501.0 - Python Software Foundation)
    Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10393 - Qualcomm Atheros)
    Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.281 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7977 - Realtek Semiconductor Corp.)
    SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
    sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden
    sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
    sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{05830493-65CA-41E3-8A0F-BDFC531F99FE}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
    sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{1322D9E4-4DFA-4AB0-A24F-33E6DB089C60}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
    sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{17172919-AC0E-414E-A9F0-BD568DDCADDF}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
    sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{438AE7AE-E30E-4680-BF81-D6A0CBAB212C}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
    sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
    sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{E244D430-2740-46E6-8998-156213B3B63E}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
    sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
    SQL Server vNext CTP1.6 用 Microsoft System CLR Types (HKLM\...\{AB624C7B-A7AF-42F0-A49F-C804305DDFDA}) (Version: 15.0.600.33 - Microsoft Corporation)
    SQL Server vNext CTP1.6 用 Microsoft System CLR Types (HKLM-x32\...\{07DB40AF-A6A1-41FF-9C0E-58E72F820351}) (Version: 15.0.600.33 - Microsoft Corporation)
    Storage Backup Software (HKLM-x32\...\{DE033B8F-24D8-4E97-B6EE-3CFC7A0E0637}) (Version: 1.21.7820 - Toshiba Electronic Devices & Storage Corporation)
    Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
    Symbility Mobile Claims (HKLM-x32\...\{04B8E460-7E0B-4BD8-89A8-DAC7E2242D8F}) (Version: 6.2.30 - Symbility Solutions Inc.)
    TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
    Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
    Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
    Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
    Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
    uTorrent Web (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\utweb) (Version: 0.21.0 - BitTorrent, Inc.)
    vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
    vcpp_crt.redist.clickonce (HKLM-x32\...\{3073DDA2-99E5-47A6-9AFA-3F6CA9C44BB5}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
    vcpp_crt.redist.clickonce (HKLM-x32\...\{543CB640-A910-4AF4-BC48-9345AC92B68D}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
    vcpp_crt.redist.clickonce (HKLM-x32\...\{77B667B9-36B3-4712-AD45-28EA1A278D8B}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
    vcpp_crt.redist.clickonce (HKLM-x32\...\{BC5378F6-57FC-41B3-90AA-B893FB79568A}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
    vcpp_crt.redist.clickonce (HKLM-x32\...\{F38A24D5-EC2F-4F7C-8632-AEE11B2075A2}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
    Visual Studio Build Tools 2017 (2) (HKLM-x32\...\9ceefa81) (Version: 15.9.28307.222 - Microsoft Corporation)
    Visual Studio Community 2017 (3) (HKLM-x32\...\d3e461ca) (Version: 15.9.28307.344 - Microsoft Corporation)
    Visual Studio Enterprise 2017 (HKLM-x32\...\32fd9a58) (Version: 15.9.28307.222 - Microsoft Corporation)
    VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
    VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
    VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
    VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
    vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
    vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
    vs_communitymsires (HKLM-x32\...\{0C4329B3-294C-4143-8BA9-8FA8F5C7E0C4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_communitymsires (HKLM-x32\...\{5297D80E-CD92-48D8-9DB0-301AB3205772}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_communitymsires (HKLM-x32\...\{C1A2852D-7FED-42BC-BE13-402E6D4942E5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_communitymsires (HKLM-x32\...\{CEF65212-694E-4F0B-ADB5-17CE0C2AE213}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_communitymsires (HKLM-x32\...\{F1AD1FA8-F605-4E03-A837-89CB3EA8309A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
    vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
    vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
    vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
    vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
    vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
    vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
    vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
    vs_minshellmsires (HKLM-x32\...\{0D3A6730-43CE-4AF6-BDF7-4D0660296C60}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_minshellmsires (HKLM-x32\...\{284D88E1-21B6-4FA2-A606-4E49412F74E8}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_minshellmsires (HKLM-x32\...\{871BE104-8114-4C84-9809-D3F2DAB18E06}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_minshellmsires (HKLM-x32\...\{F9101D24-E2B7-44A6-B4E6-2121D7FF6461}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_minshellmsires (HKLM-x32\...\{FA276C24-AD78-43FE-A70B-86715B5C5C46}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
    vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
    Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
    WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
    Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
    Wireshark 2.6.6 64-bit (HKLM-x32\...\Wireshark) (Version: 2.6.6 - The Wireshark developer community, hxxps://www.wireshark.org)
    Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
    Workflow Manager Client 1.0 (HKLM\...\{831D3854-30D1-4A11-927C-8E94B8091949}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
    Workflow Manager Client 1.0 (HKLM\...\{B0290897-30B9-4938-9241-FC2CD5960B7C}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
    Workflow Manager Client 1.0 (HKLM\...\{D3A2C0A9-7709-4E97-AFC6-48895E902F28}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
    Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{232B4812-B522-4AD5-9AE2-86176D045CE3}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
    Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{9B4F2C44-56AC-4350-8A1F-C3AA5713102A}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
    Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
    Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{FA24E637-426B-4FE5-9423-CC89455DBAD3}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
    Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
    Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden
    Накопительный пакет обновления Microsoft .NET Framework Intellisense для Visual Studio (Русский) (HKLM-x32\...\{694ED65F-4C12-4339-B86D-F9C829D2265A}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
    Пакет SDK Microsoft .NET Framework 4.6.1 (Русский) (HKLM-x32\...\{76380480-8AA4-454B-B063-3EB82302CFEE}) (Version: 4.6.01055 - Microsoft Corporation) Hidden
    Пакет SDK для Microsoft .NET Framework 4.7.2 (Русский) (HKLM-x32\...\{50BC45B5-FDC0-461D-B588-F05BBA4B3755}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
    Языковой пакет Microsoft Visual Studio 2010 Tools для среды выполнения Office (x64) - RUS (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - RUS) (Version: 10.0.50903 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
    ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxDTCM.dll [2016-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0632831C-CDB7-4641-91F6-37559E7EF00C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
    Task: {06C998A5-2188-4432-8911-1621D044C76F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {1205FE87-4158-4F50-9221-C298DE0830D6} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe (Acer Incorporated -> )
    Task: {12C90C16-6E1A-474A-8054-03495B34C7FB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {1A0C4240-96AC-4DCC-AD68-09AB150BD30B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {203D1865-1648-49B4-81EF-66560BFA1AF4} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
    Task: {2EA13A09-5D95-40C4-9E85-2924853C372B} - System32\Tasks\CareCenter\SunJavaUpdateSched_Reg_HKLMWow6432Run => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Windows -> Microsoft Corporation)
    Task: {3FD0BCA6-8B63-41C0-A47F-19D1562984BF} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Comodo Security Solutions, Inc. -> COMODO)
    Task: {477B58BD-2B2C-4CD8-BF20-F10132881E4B} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe (Acer Incorporated -> Acer Incorporated)
    Task: {477FE246-AEF6-4203-9056-A61873A73079} - System32\Tasks\S-1-5-21-236146839-932208297-861440787-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
    Task: {48AB4008-A15C-41A8-A1A3-4AE34F9E3E73} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
    Task: {50BF38A2-D9D2-4011-AA99-F68A088F8473} - System32\Tasks\CareCenter\Send to OneNote.lnk_FolderAppdata_S-1-5-21-236146839-932208297-861440787-1001 => C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
    Task: {520E01C0-15AF-4DEE-B05D-52C31C1FFA50} - System32\Tasks\CareCenter\AvastUI.exe_Reg_HKLMWow6432Run => C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software s.r.o. -> AVAST Software)
    Task: {6575E4F4-D03C-4ED9-9ED4-447B48052E4C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {6ABAD0E3-128F-48D3-9CD5-C32609A95705} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {6EC73586-EB3A-43BB-BE2B-2433D829202F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Comodo Security Solutions, Inc. -> COMODO)
    Task: {79D3F6C7-001A-48FB-845A-8C3DEE0C65C4} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
    Task: {86443143-BDFD-4E81-AD57-F4A54513452C} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe (Intel(R) Software -> Intel Corporation)
    Task: {87FB609E-674A-4922-A106-7202FDD4C934} - System32\Tasks\Study Anki => C:\Program Files\Anki\anki.exe (Ankitects Pty Ltd -> )
    Task: {8AEADED1-F142-476A-93B3-B065AB23E426} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {8BC787A9-27D8-4EEC-A76F-5D16D5F69DF8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
    Task: {8D917383-5314-430F-B4EC-6A2A87782560} - System32\Tasks\CareCenter\DAX2_APP_Reg_HKLMRun => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe (Dolby Laboratories, Inc. -> )
    Task: {8FEE4E97-F844-484E-8ACC-6BF8993A38CB} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
    Task: {96320278-5E30-417E-B908-72C54D05B4F7} - System32\Tasks\CareCenter\RtHDVBg_Dolby_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {9CDE652B-EE0E-4E98-BF6F-86A033D71EF7} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Acer Incorporated -> )
    Task: {ADB687BD-B239-4565-9B04-60B9428E7D7A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
    Task: {AF8DFFA3-D74B-4F19-A4CF-765128E220C3} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
    Task: {BA374E01-9AAE-4C6E-B032-292E75CC6478} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {C582DC9E-8BB4-478F-A486-4131D8136729} - System32\Tasks\CareCenter\RTHDVCPL_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    Task: {C8862AF8-0B87-40EA-BBC2-A14C1A9D3BFA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
    Task: {CA61BF83-0799-4500-A25E-350C6D2EF357} - System32\Tasks\Git for Windows Updater => C:\Program Files\Git\git-bash.exe (Johannes Schindelin -> The Git Development Community)
    Task: {E40F7419-3704-495F-AD2B-4689783941CD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
    Task: {EA0F0D87-C32E-4C4D-9270-078C8FECCD76} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {EB2D6D65-BE15-471F-A6C1-7B3104E71E5F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
    Task: {F103F416-6170-4745-8D1D-8251DD2B95DB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
    Task: {FB66066A-5ED5-4BC7-AB64-9F62C8DB7FFF} - System32\Tasks\User Boot Experience Task => C:\OEM\Preload\FUBService\FUBService.exe (Acer Incorporated -> )

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

  6. #6
    Join Date
    Jan 2019
    Posts
    31
    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Cosmos\Anaconda3\Scripts\activate.bat C:\Users\Cosmos\Anaconda3

    ==================== Loaded Modules (Whitelisted) ==============

    2016-09-19 11:53 - 2016-09-19 11:53 - 001299920 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2.dll
    2019-02-12 15:56 - 2019-02-12 15:56 - 000654216 _____ () c:\program files\avast software\avast\streamback.dll
    2019-02-12 15:56 - 2019-02-12 15:56 - 000321928 _____ () C:\Program Files\AVAST Software\Avast\serialization.dll
    2019-01-13 15:26 - 2018-11-15 11:01 - 002712432 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 ____N () C:\Windows\System32\InputHost.dll
    2019-01-25 08:34 - 2019-01-25 08:34 - 000054440 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll
    2018-12-12 19:16 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2019-01-27 12:48 - 2019-01-27 12:48 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 000364032 ____N () C:\Windows\ShellExperiences\ImeStatusNotification.dll
    2019-02-13 15:47 - 2019-02-05 21:25 - 002185728 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-12-12 19:16 - 2018-12-08 02:33 - 002060288 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
    2018-12-12 19:16 - 2018-12-08 02:34 - 000755200 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
    2019-02-12 15:46 - 2019-02-12 15:46 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2019-02-06 22:28 - 2019-02-06 22:28 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2018-04-12 04:24 - 2018-04-12 04:24 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
    2019-01-15 13:58 - 2019-01-15 13:58 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2019-02-06 22:28 - 2019-02-06 22:28 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2019-02-06 22:28 - 2019-02-06 22:28 - 009338368 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2016-09-19 04:02 - 2016-09-19 04:02 - 000163336 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    2016-09-19 07:13 - 2016-09-19 07:13 - 000849928 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
    2018-05-28 20:00 - 2018-05-28 20:00 - 004696880 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
    2019-01-08 01:25 - 2019-01-08 01:25 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2019-01-31 11:59 - 2019-01-31 11:59 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
    2019-01-15 13:49 - 2019-01-15 13:49 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2019-01-31 11:59 - 2019-01-31 11:59 - 001757696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
    2019-01-31 11:33 - 2019-01-31 11:34 - 000015872 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.exe
    2019-01-31 11:33 - 2019-01-31 11:34 - 006290944 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.dll
    2019-01-31 11:33 - 2019-01-31 11:34 - 002361528 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
    2019-01-15 13:53 - 2019-01-15 13:53 - 004217344 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1811.3241.0_x64__8wekyb3d8bbwe\Time.exe
    2019-01-15 13:49 - 2019-01-15 13:49 - 004380232 _____ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18003.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2019-01-15 13:53 - 2019-01-15 13:53 - 000957440 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1811.3241.0_x64__8wekyb3d8bbwe\TimeControls.dll
    2019-01-15 13:53 - 2019-01-15 13:53 - 000754688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1811.3241.0_x64__8wekyb3d8bbwe\TimeBackground.dll
    2019-02-12 15:45 - 2019-02-12 15:45 - 000017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
    2019-02-12 15:45 - 2019-02-12 15:45 - 016974848 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
    2019-01-13 21:54 - 2019-01-13 21:54 - 005391752 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
    2018-04-12 04:21 - 2018-04-12 04:21 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2019-01-15 13:49 - 2019-01-15 13:49 - 004220928 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
    2019-01-15 13:56 - 2019-01-15 13:57 - 001436760 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
    2018-07-11 12:53 - 2018-06-15 12:30 - 001308672 _____ () C:\WINDOWS\system32\FaceProcessor.dll
    2018-07-11 12:52 - 2018-06-15 12:55 - 000542888 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 001348664 ____N () C:\WINDOWS\system32\FaceTrackerInternal.dll
    2016-09-19 07:13 - 2016-09-19 07:13 - 000072712 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2Toast.exe
    2019-02-06 12:25 - 2019-02-06 12:26 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2019-02-06 12:25 - 2019-02-06 12:26 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2019-01-15 13:54 - 2019-01-15 13:55 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2019-02-06 12:25 - 2019-02-06 12:26 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2019-01-18 17:22 - 2019-01-18 17:23 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
    2019-02-06 12:25 - 2019-02-06 12:26 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2019-02-06 12:25 - 2019-02-06 12:26 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2019-01-15 13:54 - 2019-01-15 13:55 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2019-01-15 13:54 - 2019-01-15 13:55 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2019-01-15 13:55 - 2019-01-15 13:55 - 000016384 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.exe
    2019-01-15 13:55 - 2019-01-15 13:55 - 034701824 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.dll
    2018-04-12 04:22 - 2018-04-12 04:22 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-04-12 04:22 - 2018-04-12 04:22 - 001651112 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\winsdkfb.dll
    2019-02-06 22:28 - 2019-02-06 22:28 - 025359360 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\Music.UI.exe
    2019-02-06 22:28 - 2019-02-06 22:28 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
    2018-04-12 04:24 - 2018-04-12 04:24 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
    2019-01-15 13:58 - 2019-01-15 13:58 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2019-02-06 22:28 - 2019-02-06 22:28 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2019-01-06 20:09 - 2019-01-06 20:09 - 000020480 _____ () C:\Program Files\WindowsApps\6F71D7A7.TouchVPN_1.1.5.0_x64__nsbqstbb9qxb6\Partner.Client.Universal.Touch.exe
    2019-01-06 20:09 - 2019-01-06 20:09 - 022004736 _____ () C:\Program Files\WindowsApps\6F71D7A7.TouchVPN_1.1.5.0_x64__nsbqstbb9qxb6\Partner.Client.Universal.Touch.dll
    2018-04-12 04:22 - 2018-04-12 04:22 - 000258560 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2016-08-30 03:19 - 2016-08-30 03:19 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2017-03-10 12:45 - 2019-02-04 21:19 - 000305488 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\IEAWSDC.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-236146839-932208297-861440787-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-236146839-932208297-861440787-1001\...\webcompanion.com -> hxxp://webcompanion.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 ____C C:\WINDOWS\system32\drivers\etc\hosts


    2019-02-12 18:42 - 2019-02-13 03:21 - 000000444 ____C C:\WINDOWS\system32\drivers\etc\hosts.ics


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Users\Cosmos\introcs\java\bin;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\nodejs\;C:\ProgramData\chocolatey\bin;C:\Program Files\Git\cmd
    HKU\S-1-5-21-236146839-932208297-861440787-1001\Control Panel\Desktop\\Wallpaper -> E:\Second HDD\Photos\Random Photos\Rayann-Elzein-IMG_9231_1420409331_lg.jpg
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    MSCONFIG\Services: CmdAgent => 2
    MSCONFIG\Services: cmdvirth => 3
    MSCONFIG\Services: DragonUpdater => 2
    MSCONFIG\Services: isesrv => 2
    HKLM\...\StartupApproved\Run: => "ShadowPlay"
    HKU\S-1-5-21-236146839-932208297-861440787-1001\...\StartupApproved\Run: => "Web Companion"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe (Microsoft Windows -> )
    FirewallRules: [{424C96A8-D73A-4237-9A0C-A756417DA3C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{A52E2A55-DC99-467E-8358-543B4D8260C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{430B4723-50D3-4B4C-945D-FD8A45A90693}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{F08B9643-C2EC-46E3-B50C-DFA89F1B7487}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{16CDBD14-5A1D-469D-93B7-DDA7DDA8CD07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{96C4747E-43AA-46C6-9C1C-6CCC7F6A9389}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{CBA2F644-F0B2-4E3E-8942-B0CA4938BE21}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{06E5BFAA-D5C7-4196-9BCB-DFF8C9356389}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{4F4BF54C-0CB3-4A4A-974F-18A82C286CF0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [TCP Query User{B0028E51-5E4A-4ADA-A2D5-301AE42F9D14}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
    FirewallRules: [UDP Query User{749405AF-0A77-4732-ABE7-99BFD81D26EB}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
    FirewallRules: [{67352F15-A428-403E-95B0-5A34E725BC79}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{1F1BF54E-2996-4C20-A82B-D6A7588081BC}] => (Allow) C:\Users\Cosmos\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.)
    FirewallRules: [{93FFFDED-55E9-47AF-80B8-E61EEF59360C}] => (Allow) C:\Users\Cosmos\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.)
    FirewallRules: [{AE212A2D-31D0-47AB-BC8F-F792E642C251}] => (Allow) LPort=12292
    FirewallRules: [{CC34F753-BFBD-429F-9241-38515E3CB885}] => (Allow) C:\Program Files (x86)\TOSHIBA\Storage Backup Software\TosHDDBkupSvc.exe (Toshiba Electronic Devices & Storage Corporation -> Toshiba Electronic Devices & Storage Corporation)
    FirewallRules: [{24BBCEF2-2237-4302-BAC9-9D4A9131C6B8}] => (Allow) C:\Program Files (x86)\TOSHIBA\Storage Backup Software\TosHDDBkup.exe (Toshiba Electronic Devices & Storage Corporation -> Toshiba Electronic Devices & Storage Corporation)
    FirewallRules: [{352615CC-5A06-424E-B338-3DAE89AC7E18}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
    FirewallRules: [{9C0C74B5-2CE7-4E64-A472-CE528F1094C1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
    FirewallRules: [{076D0156-66D1-4F61-B1ED-48D06D18D1F7}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{66C59C54-233C-4844-8C9F-4CCBC62BBD12}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)

    ==================== Restore Points =========================

    12-02-2019 00:45:15 Windows Update
    15-02-2019 03:34:07 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/15/2019 02:25:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: XboxApp.exe, version: 44.44.1808.7002, time stamp: 0x5b69e9d4
    Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17134.556, time stamp: 0xd94c4e1e
    Exception code: 0xc000027b
    Fault offset: 0x00000000006a6082
    Faulting process id: 0x20e0
    Faulting application start time: 0x01d4c50caa9f7543
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.exe
    Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
    Report Id: e9eb3ccc-3395-4a26-bfe2-6f41d4240bbd
    Faulting package full name: Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: Microsoft.XboxApp

    Error: (02/15/2019 02:25:25 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-N0KELHM)
    Description: httphttp-2147467263

    Error: (02/15/2019 01:55:10 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-N0KELHM)
    Description: httphttp-2147467263

    Error: (02/15/2019 12:15:12 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-N0KELHM)
    Description: httphttp-2147467263

    Error: (02/14/2019 09:32:53 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (02/14/2019 09:32:08 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {809e5625-fb2a-4312-8fbb-a294ae3939ac}

    Error: (02/14/2019 09:31:36 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-N0KELHM)
    Description: Application or service 'ServiceHub.Host.CLR.x86' could not be shut down.

    Error: (02/14/2019 09:31:36 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-N0KELHM)
    Description: Application or service 'ServiceHub.Host.CLR.x86' could not be shut down.


    System errors:
    =============
    Error: (02/15/2019 06:41:56 PM) (Source: NetBT) (EventID: 4311) (User: )
    Description: Initialization failed because the driver device could not be created.
    Use the string "%2" to identify the interface for which initialization
    failed. It represents the MAC address of the failed interface or the
    Globally Unique Interface Identifier (GUID) if NetBT was unable to
    map from GUID to MAC address. If neither the MAC address nor the GUID were
    available, the string represents a cluster device name.

    Error: (02/15/2019 03:42:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/15/2019 05:24:03 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N0KELHM)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user DESKTOP-N0KELHM\Cosmos SID (S-1-5-21-236146839-932208297-861440787-1001) from address LocalHost (Using LRPC) running in the application container 6F71D7A7.TouchVPN_1.1.5.0_x64__nsbqstbb9qxb6 SID (S-1-15-2-869163059-1331596548-2745378679-3168885343-456563130-3781732990-1292954759). This security permission can be modified using the Component Services administrative tool.

    Error: (02/15/2019 05:23:56 AM) (Source: NetBT) (EventID: 4311) (User: )
    Description: Initialization failed because the driver device could not be created.
    Use the string "%2" to identify the interface for which initialization
    failed. It represents the MAC address of the failed interface or the
    Globally Unique Interface Identifier (GUID) if NetBT was unable to
    map from GUID to MAC address. If neither the MAC address nor the GUID were
    available, the string represents a cluster device name.

    Error: (02/15/2019 05:23:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N0KELHM)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user DESKTOP-N0KELHM\Cosmos SID (S-1-5-21-236146839-932208297-861440787-1001) from address LocalHost (Using LRPC) running in the application container 6F71D7A7.TouchVPN_1.1.5.0_x64__nsbqstbb9qxb6 SID (S-1-15-2-869163059-1331596548-2745378679-3168885343-456563130-3781732990-1292954759). This security permission can be modified using the Component Services administrative tool.

    Error: (02/15/2019 03:40:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (02/15/2019 03:35:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (02/15/2019 03:34:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070641: 2019-02 Update for Windows 10 Version 1803 for x64-based Systems (KB4023057).


    Windows Defender:
    ===================================
    Date: 2019-01-06 23:47:07.195
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {377EE1DE-9490-40B8-A1CF-FF6638FEE9BF}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-06 23:17:03.855
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {E15F9372-0AF4-4C34-840A-52B0623DFAA4}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-06 23:06:28.211
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {A2C0CC0B-40DA-4D44-A546-E372476924A8}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-06 22:52:26.538
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {4BBA57FB-A797-4D32-9531-BAAA54AF0ED7}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-06 22:34:01.358
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {4D3E20E4-D3D9-4AB6-A6F3-9636CD67CC13}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    CodeIntegrity:
    ===================================

    Date: 2019-02-15 18:44:27.626
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-02-15 18:40:45.320
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-02-15 18:27:38.809
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-02-15 15:40:29.306
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-02-15 15:27:28.724
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-02-15 15:12:28.627
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-02-15 15:11:35.819
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2019-02-15 15:09:42.110
    Description:
    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
    Percentage of memory in use: 72%
    Total physical RAM: 12156.13 MB
    Available physical RAM: 3358.08 MB
    Total Virtual: 33660.13 MB
    Available Virtual: 21160.36 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:237.36 GB) (Free:102.65 GB) NTFS
    Drive d: (EOS_DIGITAL) (Removable) (Total:59.45 GB) (Free:34.72 GB) exFAT
    Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:518.8 GB) NTFS

    \\?\Volume{e96ac4ba-4f7e-4ae9-ad2f-807f58b3dd67}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.61 GB) NTFS
    \\?\Volume{9a045f29-b0cc-48d7-9fae-1a0b7661c5be}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: 65034BF4)

    Partition: GPT.

    ========================================================
    Disk: 1 (Protective MBR) (Size: 59.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A9E8F1B8)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    FRST produces 2 logs.
    You posted only one.

  8. #8
    Join Date
    Jan 2019
    Posts
    31
    Sorry!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
    Ran by Cosmos (administrator) on DESKTOP-N0KELHM (15-02-2019 18:42:47)
    Running from C:\Users\Cosmos\Downloads\Antivirus\FRST
    Loaded Profiles: Cosmos (Available Profiles: defaultuser0 & Cosmos)
    Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxCUIService.exe
    (Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\IntelCpHDCPSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Toshiba Electronic Devices & Storage Corporation) C:\Program Files (x86)\TOSHIBA\Storage Backup Software\TosHDDBkupSvc.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\IntelCpHeciSvc.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxEM.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxext.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
    () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1811.3241.0_x64__8wekyb3d8bbwe\Time.exe
    () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
    (Microsoft Corporation) C:\Windows\HelpPane.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxOutlook.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\plugins\ColorIntelligence\CACE.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxext.exe
    () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2Toast.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Windows\System32\IME\shared\ImeBroker.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\Music.UI.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    () C:\Program Files\WindowsApps\6F71D7A7.TouchVPN_1.1.5.0_x64__nsbqstbb9qxb6\Partner.Client.Universal.Touch.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
    HKU\S-1-5-21-236146839-932208297-861440787-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    HKU\S-1-5-21-236146839-932208297-861440787-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe [726864 2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
    Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
    Startup: C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-02-14]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\..\Interfaces\{2EEEE076-F2FA-46A9-942E-70ED200204C8}: [NameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{46D72490-E6CD-4C06-AD4B-122C7770EA54}: [NameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{7DABEE12-949B-4A07-A6CF-7B5A10D80893}: [NameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{855061C6-C34F-4F69-8CA4-5D2C6AA760A8}: [NameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{9FAAB16B-BA73-46A8-A583-C8EA2F3E8B31}: [NameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{ABFA52FE-2B4E-4B41-8D47-64D05EFD7CCD}: [NameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{c5e81bab-cd9f-478e-99ba-64ab89bd76e3}: [DhcpNameServer] 209.18.47.63 209.18.47.61
    Tcpip\..\Interfaces\{f2308bda-f462-438b-8517-2a617de8ff9f}: [DhcpNameServer] 10.66.184.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-236146839-932208297-861440787-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://weather.com/
    HKU\S-1-5-21-236146839-932208297-861440787-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
    SearchScopes: HKU\S-1-5-21-236146839-932208297-861440787-1001 -> DefaultScope {CE82ECFF-5ACE-4A9B-93C0-3061D7C90A95} URL =
    SearchScopes: HKU\S-1-5-21-236146839-932208297-861440787-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D020219-N0700A9FCDBB39EF&form=CONBDF&conlogo=CT3335799&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-236146839-932208297-861440787-1001 -> {87390958-03D4-4406-944A-86362636AB19} URL =
    SearchScopes: HKU\S-1-5-21-236146839-932208297-861440787-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=10555005_11.0.0.6744_i_ds
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-13] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-07] ()
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-07] ()
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)

  9. #9
    Join Date
    Jan 2019
    Posts
    31
    FireFox:
    ========
    FF DefaultProfile: zmdhmrev.default
    FF ProfilePath: C:\Users\Cosmos\AppData\Roaming\Mozilla\Firefox\Profiles\zmdhmrev.default [2019-02-15]
    FF Homepage: Mozilla\Firefox\Profiles\zmdhmrev.default -> hxxp://www.bing.com/?pc=COSP&ptag=D020219-N0600A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
    FF NewTab: Mozilla\Firefox\Profiles\zmdhmrev.default -> hxxp://www.bing.com/?pc=COSP&ptag=D020219-N0600A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
    FF Extension: (Firefox Lightbeam) - C:\Users\Cosmos\AppData\Roaming\Mozilla\Firefox\Profiles\zmdhmrev.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2019-02-12]
    FF Extension: (Avast Online Security) - C:\Users\Cosmos\AppData\Roaming\Mozilla\Firefox\Profiles\zmdhmrev.default\Extensions\wrc@avast.com.xpi [2019-01-08]
    FF Extension: (Web of Trust) - C:\Users\Cosmos\AppData\Roaming\Mozilla\Firefox\Profiles\zmdhmrev.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2019-01-07]
    FF SearchPlugin: C:\Users\Cosmos\AppData\Roaming\Mozilla\Firefox\Profiles\zmdhmrev.default\searchplugins\bing-lavasoft-ff59.xml [2019-02-01]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-07] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-07] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-01-13] (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems Inc.)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-27] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [369264 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2019-02-05] (Microsoft Windows -> Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013496 2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
    S4 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10747264 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
    S4 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
    R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163336 2016-09-19] (Dolby Laboratories, Inc. -> )
    S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2276616 2018-12-05] (Comodo Security Solutions, Inc. -> Comodo)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
    R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26576 2016-09-19] (Intel(R) CN -> Intel Corporation)
    S4 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1199816 2018-04-24] (Comodo Security Solutions, Inc. -> COMODO)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [466224 2018-03-09] (Acer Incorporated -> Acer Incorporated)
    R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [508208 2018-03-09] (Acer Incorporated -> Acer Incorporated)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] (Microsoft Windows -> )
    S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286720 2018-09-07] (Microsoft Windows -> Microsoft Corporation)
    R2 toshddbkupsvc; C:\Program Files (x86)\TOSHIBA\Storage Backup Software\TosHDDBkupSvc.exe [2136568 2018-06-20] (Toshiba Electronic Devices & Storage Corporation -> Toshiba Electronic Devices & Storage Corporation)
    S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation -> Microsoft Corporation)
    R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18736 2018-09-06] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [225680 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196072 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320696 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57960 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
    R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167304 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [519872 2019-02-13] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034432 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474456 2019-02-15] (AVAST Software s.r.o. -> AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216784 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [379952 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
    S3 BrSerIb; C:\WINDOWS\System32\drivers\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
    S3 BrSerId; C:\WINDOWS\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
    S3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
    S3 BrUsbSIb; C:\WINDOWS\System32\drivers\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
    S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [17944 2018-05-23] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
    R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [44056 2018-05-23] (Comodo Security Solutions, Inc. -> COMODO)
    R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [832032 2018-05-23] (Comodo Security Solutions, Inc. -> COMODO)
    S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
    R3 ETDI2C; C:\WINDOWS\System32\drivers\ETDI2C.sys [217688 2016-08-17] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
    S0 ijbsgx; no ImagePath
    R2 IntelHaxm; C:\WINDOWS\system32\DRIVERS\IntelHaxm.sys [126064 2017-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37104 2018-05-09] (Intel Corporation -> Intel Corporation)
    R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [63200 2017-12-12] (Comodo Security Solutions, Inc. -> COMODO)
    R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-02-15] (Malwarebytes Corporation -> Malwarebytes)
    R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_8ed00d842392588b\nvlddmkm.sys [17213832 2018-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [45152 2018-10-04] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2360048 2018-08-29] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
    R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
    R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-04] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
    S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [236048 2018-12-18] (Oracle Corporation -> Oracle Corporation)
    R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel(R) Software -> Intel Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [51536 2018-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-15 12:48 - 2019-02-15 14:26 - 000000000 ___DC C:\Users\Cosmos\Documents\Main
    2019-02-15 04:37 - 2019-02-15 04:37 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
    2019-02-15 04:31 - 2019-02-15 04:37 - 000000000 ___DC C:\Users\Cosmos\Anaconda3
    2019-02-15 04:27 - 2019-02-15 04:30 - 644094168 ____C (Anaconda, Inc.) C:\Users\Cosmos\Downloads\Anaconda3-2018.12-Windows-x86_64.exe
    2019-02-15 04:22 - 2019-02-15 04:24 - 684396431 ____C C:\Users\Cosmos\Downloads\Anaconda3-2018.12-MacOSX-x86_64.pkg
    2019-02-15 04:10 - 2019-02-15 05:24 - 3011225138 ____C C:\Users\Cosmos\Downloads\Windows_7_64-bit_Professional_x64.iso.t8mcc7z.partial
    2019-02-15 04:10 - 2019-02-15 04:10 - 000000000 ____C C:\Users\Cosmos\Downloads\Windows_7_64-bit_Professional_x64.iso
    2019-02-15 02:02 - 2019-02-15 13:02 - 000000000 ___DC C:\Users\Cosmos\Documents\Sound recordings
    2019-02-15 00:11 - 2019-02-15 00:11 - 000002951 ____C C:\Users\Cosmos\AppData\LocalLow\wbkAF05.tmp
    2019-02-14 23:48 - 2019-02-14 23:48 - 000031000 ____C C:\Users\Cosmos\Downloads\font-awesome.min.css
    2019-02-14 23:13 - 2019-02-15 00:11 - 000002951 ____C C:\Users\Cosmos\Desktop\Welcome to Japnese Suicide Forest (2).html
    2019-02-14 23:12 - 2019-02-14 23:39 - 000000366 ____C C:\Users\Cosmos\Desktop\Welcome to Japnese Suicide Forest.html
    2019-02-14 22:59 - 2019-02-14 22:59 - 000019222 ____C C:\Users\Cosmos\Desktop\later.txt
    2019-02-14 21:34 - 2019-02-14 21:34 - 000000000 ___DC C:\Users\Cosmos\PycharmProjects
    2019-02-14 21:33 - 2019-02-14 21:33 - 000000000 ___DC C:\Users\Cosmos\.PyCharmCE2018.3
    2019-02-14 19:40 - 2019-02-14 19:40 - 000000547 ____C C:\Users\Cosmos\Desktop\accounts via email.txt
    2019-02-14 19:40 - 2019-02-14 19:40 - 000000014 ____C C:\Users\Cosmos\Desktop\widgit!!!.txt
    2019-02-14 13:02 - 2019-02-15 03:30 - 000261032 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-02-14 13:01 - 2019-02-14 13:01 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
    2019-02-14 13:00 - 2019-02-14 21:33 - 000001246 ____C C:\Users\Cosmos\Desktop\JetBrains PyCharm Community Edition 2018.3.4 x64.lnk
    2019-02-14 13:00 - 2019-02-14 13:00 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\JetBrains
    2019-02-14 12:52 - 2019-02-14 12:52 - 000000000 ___DC C:\Users\Cosmos\Documents\CoffeeCup Software
    2019-02-14 02:26 - 2019-02-14 19:39 - 000000000 ___DC C:\Users\Cosmos\Desktop\SQL
    2019-02-14 02:24 - 2019-02-14 02:24 - 000001324 ____C C:\Users\Cosmos\Desktop\Medical Coding.html
    2019-02-14 00:50 - 2019-02-14 00:50 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Macromedia
    2019-02-13 22:05 - 2019-02-13 22:05 - 000001036 ____C C:\Users\Cosmos\Desktop\Structured Query Language.txt
    2019-02-13 19:49 - 2019-02-13 20:15 - 218616696 ____C C:\Users\Cosmos\Downloads\pycharm-community-2018.3.4.exe
    2019-02-13 15:47 - 2019-02-06 02:54 - 004527584 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2019-02-13 15:47 - 2019-02-06 02:53 - 001634704 ____C (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-02-13 15:47 - 2019-02-06 02:35 - 000058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2019-02-13 15:47 - 2019-02-06 02:32 - 003648512 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-02-13 15:47 - 2019-02-06 02:30 - 004052992 ____C (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-02-13 15:47 - 2019-02-06 02:30 - 001662464 ____C (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-02-13 15:47 - 2019-02-06 02:30 - 001364992 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-02-13 15:47 - 2019-02-06 02:11 - 001454648 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2019-02-13 15:47 - 2019-02-06 01:57 - 000044032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2019-02-13 15:47 - 2019-02-06 01:52 - 004053504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2019-02-13 15:47 - 2019-02-06 01:52 - 002891776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-02-13 15:47 - 2019-02-06 01:52 - 001470976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2019-02-13 15:47 - 2019-02-05 22:01 - 001989040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-02-13 15:47 - 2019-02-05 22:01 - 001221432 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-02-13 15:47 - 2019-02-05 22:01 - 001029944 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-02-13 15:47 - 2019-02-05 22:01 - 000720480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2019-02-13 15:47 - 2019-02-05 22:01 - 000566568 ____C (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-02-13 15:47 - 2019-02-05 22:01 - 000134968 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-02-13 15:47 - 2019-02-05 22:01 - 000076088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-02-13 15:47 - 2019-02-05 22:01 - 000033576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
    2019-02-13 15:47 - 2019-02-05 22:00 - 009084432 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-02-13 15:47 - 2019-02-05 22:00 - 007520112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-02-13 15:47 - 2019-02-05 22:00 - 006572416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-02-13 15:47 - 2019-02-05 22:00 - 002719760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-02-13 15:47 - 2019-02-05 22:00 - 002465792 ____C (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-02-13 15:47 - 2019-02-05 22:00 - 002421264 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-02-13 15:47 - 2019-02-05 22:00 - 001257904 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-02-13 15:47 - 2019-02-05 22:00 - 001140680 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-02-13 15:47 - 2019-02-05 22:00 - 001130568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2019-02-13 15:47 - 2019-02-05 22:00 - 001098272 ____C (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2019-02-13 15:47 - 2019-02-05 22:00 - 000945680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
    2019-02-13 15:47 - 2019-02-05 22:00 - 000899728 ____C (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2019-02-13 15:47 - 2019-02-05 22:00 - 000466960 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2019-02-13 15:47 - 2019-02-05 22:00 - 000376120 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2019-02-13 15:47 - 2019-02-05 22:00 - 000043536 ____C (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
    2019-02-13 15:47 - 2019-02-05 22:00 - 000038792 ____C (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
    2019-02-13 15:47 - 2019-02-05 21:59 - 001922064 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
    2019-02-13 15:47 - 2019-02-05 21:59 - 001457248 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-02-13 15:47 - 2019-02-05 21:59 - 000983128 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-02-13 15:47 - 2019-02-05 21:59 - 000144288 ____C (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
    2019-02-13 15:47 - 2019-02-05 21:52 - 022014464 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-02-13 15:47 - 2019-02-05 21:45 - 019404288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-02-13 15:47 - 2019-02-05 21:42 - 003711488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-02-13 15:47 - 2019-02-05 21:41 - 025853952 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-02-13 15:47 - 2019-02-05 21:41 - 005307392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-02-13 15:47 - 2019-02-05 21:40 - 005792256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-02-13 15:47 - 2019-02-05 21:40 - 000021504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
    2019-02-13 15:47 - 2019-02-05 21:38 - 000608768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-02-13 15:47 - 2019-02-05 21:38 - 000561152 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2019-02-13 15:47 - 2019-02-05 21:37 - 004515840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-02-13 15:47 - 2019-02-05 21:37 - 000578560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-02-13 15:47 - 2019-02-05 21:33 - 022714880 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-02-13 15:47 - 2019-02-05 21:29 - 004865536 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-02-13 15:47 - 2019-02-05 21:28 - 000046080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2019-02-13 15:47 - 2019-02-05 21:28 - 000039936 ____C (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
    2019-02-13 15:47 - 2019-02-05 21:27 - 000894464 ____C (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-02-13 15:47 - 2019-02-05 21:27 - 000808448 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-02-13 15:47 - 2019-02-05 21:27 - 000358912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
    2019-02-13 15:47 - 2019-02-05 21:27 - 000266752 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2019-02-13 15:47 - 2019-02-05 21:26 - 007599616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-02-13 15:47 - 2019-02-05 21:26 - 000726528 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-02-13 15:47 - 2019-02-05 21:26 - 000324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
    2019-02-13 15:47 - 2019-02-05 21:26 - 000174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2019-02-13 15:47 - 2019-02-05 21:26 - 000154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-02-13 15:47 - 2019-02-05 21:25 - 000736256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2019-02-13 15:47 - 2019-02-05 21:25 - 000507392 ____C (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2019-02-13 15:47 - 2019-02-05 21:24 - 004937728 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-02-13 15:47 - 2019-02-05 21:24 - 000466432 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2019-02-13 15:47 - 2019-02-05 21:23 - 000393216 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2019-02-13 15:47 - 2019-02-05 21:22 - 000960512 ____C (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2019-02-13 15:47 - 2019-02-05 21:22 - 000885760 ____C (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2019-02-13 15:47 - 2019-02-05 21:21 - 000093696 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
    2019-02-13 15:47 - 2019-02-05 20:04 - 000001314 ____C C:\WINDOWS\system32\tcbres.wim
    2019-02-13 15:47 - 2019-01-12 03:56 - 001008640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2019-02-13 15:47 - 2019-01-11 21:28 - 000352768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-02-13 15:47 - 2019-01-09 13:08 - 000309560 ____C (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2019-02-13 15:47 - 2019-01-09 12:57 - 000720536 ____C (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2019-02-13 15:47 - 2019-01-09 12:42 - 004716032 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2019-02-13 15:47 - 2019-01-09 12:41 - 012730368 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-02-13 15:47 - 2019-01-09 12:41 - 000064000 ____C (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-02-13 15:47 - 2019-01-09 12:40 - 000171520 ____C (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
    2019-02-13 15:47 - 2019-01-09 12:36 - 001054720 ____C (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
    2019-02-13 15:47 - 2019-01-09 12:35 - 002919936 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2019-02-13 15:47 - 2019-01-09 05:14 - 000607744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2019-02-13 15:47 - 2019-01-09 04:55 - 011919872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-02-13 15:47 - 2019-01-09 04:55 - 000150016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
    2019-02-13 15:47 - 2019-01-09 03:55 - 001285432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2019-02-13 15:47 - 2019-01-09 03:48 - 000527368 ____C (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2019-02-13 15:47 - 2019-01-09 00:59 - 000611848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2019-02-13 15:47 - 2019-01-09 00:44 - 000078688 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
    2019-02-13 15:47 - 2019-01-09 00:43 - 006043496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2019-02-13 15:47 - 2019-01-09 00:43 - 004789944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-02-13 15:47 - 2019-01-09 00:43 - 002253480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-02-13 15:47 - 2019-01-09 00:43 - 001981280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2019-02-13 15:47 - 2019-01-09 00:43 - 001620264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2019-02-13 15:47 - 2019-01-09 00:43 - 000607376 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2019-02-13 15:47 - 2019-01-09 00:43 - 000581592 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2019-02-13 15:47 - 2019-01-09 00:43 - 000287640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2019-02-13 15:47 - 2019-01-09 00:43 - 000129088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2019-02-13 15:47 - 2019-01-09 00:43 - 000127744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
    2019-02-13 15:47 - 2019-01-09 00:43 - 000071456 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
    2019-02-13 15:47 - 2019-01-09 00:42 - 001035232 ____C (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-02-13 15:47 - 2019-01-09 00:42 - 000092704 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
    2019-02-13 15:47 - 2019-01-09 00:40 - 002765336 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-02-13 15:47 - 2019-01-09 00:40 - 001063224 ____C (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2019-02-13 15:47 - 2019-01-09 00:40 - 000432952 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2019-02-13 15:47 - 2019-01-09 00:40 - 000226104 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2019-02-13 15:47 - 2019-01-09 00:40 - 000090872 ____C (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
    2019-02-13 15:47 - 2019-01-09 00:39 - 007436016 ____C (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-02-13 15:47 - 2019-01-09 00:39 - 004404720 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-02-13 15:47 - 2019-01-09 00:39 - 002571632 ____C (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-02-13 15:47 - 2019-01-09 00:39 - 001943128 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2019-02-13 15:47 - 2019-01-09 00:39 - 000789696 ____C (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2019-02-13 15:47 - 2019-01-09 00:39 - 000713264 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2019-02-13 15:47 - 2019-01-09 00:39 - 000349656 ____C (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2019-02-13 15:47 - 2019-01-09 00:39 - 000269624 ____C (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-02-13 15:47 - 2019-01-09 00:39 - 000260800 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2019-02-13 15:47 - 2019-01-09 00:39 - 000175416 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
    2019-02-13 15:47 - 2019-01-09 00:39 - 000164192 ____C (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
    2019-02-13 15:47 - 2019-01-09 00:39 - 000085472 ____C (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
    2019-02-13 15:47 - 2019-01-09 00:33 - 016597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2019-02-13 15:47 - 2019-01-09 00:32 - 013878272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2019-02-13 15:47 - 2019-01-09 00:29 - 008188928 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2019-02-13 15:47 - 2019-01-09 00:29 - 002500096 ____C (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
    2019-02-13 15:47 - 2019-01-09 00:27 - 004710912 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-02-13 15:47 - 2019-01-09 00:27 - 004384256 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-02-13 15:47 - 2019-01-09 00:27 - 001587712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2019-02-13 15:47 - 2019-01-09 00:26 - 006661632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2019-02-13 15:47 - 2019-01-09 00:26 - 003396608 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-02-13 15:47 - 2019-01-09 00:26 - 002966016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2019-02-13 15:47 - 2019-01-09 00:25 - 000161792 ____C (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
    2019-02-13 15:47 - 2019-01-09 00:24 - 000209408 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2019-02-13 15:47 - 2019-01-09 00:24 - 000174080 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
    2019-02-13 15:47 - 2019-01-09 00:24 - 000157184 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
    2019-02-13 15:47 - 2019-01-09 00:23 - 002368000 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-02-13 15:47 - 2019-01-09 00:23 - 001708544 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2019-02-13 15:47 - 2019-01-09 00:23 - 001361408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2019-02-13 15:47 - 2019-01-09 00:23 - 001189888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2019-02-13 15:47 - 2019-01-09 00:23 - 000898560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2019-02-13 15:47 - 2019-01-09 00:23 - 000145920 ____C (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2019-02-13 15:47 - 2019-01-09 00:23 - 000100864 ____C (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
    2019-02-13 15:47 - 2019-01-09 00:23 - 000067072 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
    2019-02-13 15:47 - 2019-01-09 00:22 - 001551360 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-02-13 15:47 - 2019-01-09 00:22 - 001395200 ____C (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2019-02-13 15:47 - 2019-01-09 00:22 - 000624640 ____C (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2019-02-13 15:47 - 2019-01-09 00:22 - 000392704 ____C (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
    2019-02-13 15:47 - 2019-01-09 00:22 - 000333824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-02-13 15:47 - 2019-01-09 00:22 - 000266752 ____C (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
    2019-02-13 15:47 - 2019-01-09 00:22 - 000138752 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
    2019-02-13 15:47 - 2019-01-09 00:22 - 000126976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
    2019-02-13 15:47 - 2019-01-09 00:21 - 002173440 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-02-13 15:47 - 2019-01-09 00:21 - 000197632 ____C (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
    2019-02-13 15:47 - 2019-01-09 00:21 - 000106496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
    2019-02-13 15:47 - 2019-01-09 00:20 - 001000448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2019-02-13 15:47 - 2019-01-09 00:20 - 000916480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2019-02-13 15:47 - 2019-01-09 00:20 - 000607232 ____C (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2019-02-13 15:47 - 2019-01-09 00:20 - 000135680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
    2019-02-13 15:47 - 2019-01-09 00:19 - 000678400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2019-02-13 15:47 - 2019-01-09 00:19 - 000507392 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-02-13 15:47 - 2019-01-09 00:19 - 000316928 ____C (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
    2019-02-13 15:47 - 2019-01-09 00:19 - 000251904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-02-13 15:47 - 2019-01-09 00:18 - 000195584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
    2019-02-13 15:47 - 2019-01-08 23:34 - 000806320 ____C C:\WINDOWS\SysWOW64\locale.nls
    2019-02-13 15:47 - 2019-01-08 23:34 - 000806320 ____C C:\WINDOWS\system32\locale.nls

  10. #10
    Join Date
    Jan 2019
    Posts
    31
    2019-02-13 15:47 - 2019-01-08 04:08 - 000868864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2019-02-13 15:47 - 2019-01-07 22:06 - 001311744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2019-02-13 15:47 - 2019-01-07 22:06 - 000313344 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
    2019-02-13 15:47 - 2019-01-07 22:06 - 000000072 ____C C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
    2019-02-13 06:22 - 2019-02-13 06:22 - 000519872 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
    2019-02-13 00:57 - 2019-02-13 14:11 - 002256896 ____C C:\Users\Cosmos\Documents\Assest Tracking.accdb
    2019-02-13 00:57 - 2017-12-21 15:05 - 000566546 ____C C:\Users\Cosmos\Documents\Asset tracking.accdt
    2019-02-12 22:09 - 2019-02-15 18:43 - 000003542 ____C C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2019-02-12 22:09 - 2019-02-12 22:09 - 000002457 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-02-12 22:09 - 2019-02-12 22:09 - 000002128 ____C C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2019-02-12 22:08 - 2019-02-12 22:08 - 000000000 ___DC C:\Program Files (x86)\Adobe
    2019-02-12 22:07 - 2019-02-13 22:00 - 000000000 ___DC C:\ProgramData\Adobe
    2019-02-12 22:05 - 2019-02-12 23:53 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Adobe
    2019-02-12 21:47 - 2019-02-12 21:47 - 000000000 ___HC C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2019-02-12 18:42 - 2019-02-13 03:21 - 000000444 ____C C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2019-02-12 18:22 - 2019-02-12 18:22 - 000000000 ___DC C:\Users\Cosmos\obj
    2019-02-12 17:30 - 2019-02-12 17:39 - 000000000 ___DC C:\Users\Cosmos\myWebApp
    2019-02-12 17:25 - 2019-02-12 17:25 - 000002003 ____C C:\Users\Cosmos\Startup.cs
    2019-02-12 17:25 - 2019-02-12 17:25 - 000000628 ____C C:\Users\Cosmos\Program.cs
    2019-02-12 17:25 - 2019-02-12 17:25 - 000000413 ____C C:\Users\Cosmos\Cosmos.csproj
    2019-02-12 17:25 - 2019-02-12 17:25 - 000000146 ____C C:\Users\Cosmos\appsettings.Development.json
    2019-02-12 17:25 - 2019-02-12 17:25 - 000000105 ____C C:\Users\Cosmos\appsettings.json
    2019-02-12 17:25 - 2019-02-12 17:25 - 000000000 ___DC C:\Users\Cosmos\wwwroot
    2019-02-12 17:25 - 2019-02-12 17:25 - 000000000 ___DC C:\Users\Cosmos\Properties
    2019-02-12 17:25 - 2019-02-12 17:25 - 000000000 ___DC C:\Users\Cosmos\Pages
    2019-02-12 16:27 - 2019-02-13 13:39 - 000000000 ___DC C:\Users\Cosmos\Documents\OneNote Notebooks
    2019-02-12 15:56 - 2019-02-12 15:56 - 000362888 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2019-02-12 12:18 - 2019-02-15 14:45 - 000000000 ___DC C:\Users\Cosmos\Documents\Reporting
    2019-02-12 12:18 - 2019-02-12 12:18 - 000000000 ___DC C:\Users\Cosmos\Documents\work for yusuf
    2019-02-11 17:58 - 2019-02-11 17:58 - 000000931 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
    2019-02-11 17:58 - 2019-02-11 17:58 - 000000000 ___DC C:\Program Files\Sublime Text 3
    2019-02-11 17:55 - 2019-02-11 17:55 - 000001958 ____C C:\Users\Public\Desktop\Storage Backup Software.lnk
    2019-02-11 17:55 - 2019-02-11 17:55 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
    2019-02-11 17:55 - 2019-02-11 17:55 - 000000000 ___DC C:\Program Files (x86)\TOSHIBA
    2019-02-11 17:53 - 2019-02-11 17:54 - 009475672 ____C (Toshiba Electronic Devices & Storage Corporation) C:\Users\Cosmos\Downloads\StorageBackupSoftware_1.21.7820.exe
    2019-02-11 17:52 - 2019-02-11 17:52 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\U3
    2019-02-11 15:00 - 2017-12-21 15:32 - 000935105 ____C C:\Users\Cosmos\Documents\Task management.accdt
    2019-02-11 00:56 - 2019-02-13 00:15 - 000000388 ____C C:\Users\Cosmos\Desktop\future wife - nurse.txt
    2019-02-10 18:29 - 2018-04-10 21:10 - 007242240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0011.dll
    2019-02-10 18:29 - 2018-04-10 21:10 - 002454528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0011.dll
    2019-02-10 18:29 - 2018-04-10 21:10 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70011.dll
    2019-02-10 18:29 - 2018-04-10 21:09 - 007702016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0011.dll
    2019-02-10 18:29 - 2018-04-10 21:05 - 007406080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0011.dll
    2019-02-10 18:29 - 2018-04-10 21:05 - 000712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70011.dll
    2019-02-10 18:29 - 2017-10-29 18:10 - 000002060 _____ C:\WINDOWS\system32\noise.jpn
    2019-02-09 15:53 - 2019-02-09 15:53 - 000000000 ___DC C:\Users\Cosmos\Desktop\Italiana
    2019-02-08 22:18 - 2019-02-08 22:18 - 000000160 ____C C:\Users\Cosmos\Desktop\ol and li.html
    2019-02-08 22:02 - 2019-02-08 22:03 - 000588153 ____C C:\Users\Cosmos\Downloads\13455212.txt
    2019-02-08 18:40 - 2019-02-15 14:29 - 000000000 ___DC C:\Users\Cosmos\Documents\Prior to 2 Feb 2019
    2019-02-08 18:39 - 2019-02-15 14:45 - 000000000 ___DC C:\Users\Cosmos\Documents\2 Feb 2019
    2019-02-08 18:39 - 2019-02-08 18:39 - 000000084 ____C C:\Users\Cosmos\Desktop\remmebering watersheds.txt
    2019-02-08 18:00 - 2019-02-08 18:00 - 000018927 ____C C:\Users\Cosmos\AppData\LocalLow\wbk762D.tmp
    2019-02-08 15:18 - 2019-02-08 15:18 - 000000149 ____C C:\Users\Cosmos\Desktop\writing a book.txt
    2019-02-07 21:30 - 2019-02-07 21:30 - 000000503 ____C C:\Users\Cosmos\Desktop\genius!.txt
    2019-02-07 10:58 - 2019-02-12 12:52 - 000000605 ____C C:\Users\Cosmos\Desktop\test website.html
    2019-02-07 10:57 - 2019-02-15 00:12 - 000000715 ____C C:\Users\Cosmos\Desktop\test html.html
    2019-02-07 09:02 - 2019-02-07 12:13 - 000000000 ___DC C:\Users\Cosmos\Documents\Visual Studio 2017
    2019-02-07 00:56 - 2019-02-07 00:56 - 051108160 ____C C:\Users\Cosmos\Downloads\eclipse-inst-win64.exe
    2019-02-07 00:50 - 2019-02-07 00:51 - 000000000 ___DC C:\Users\Cosmos\Desktop\Java
    2019-02-07 00:49 - 2019-02-07 00:49 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Sun
    2019-02-07 00:48 - 2019-02-07 00:48 - 000099192 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2019-02-07 00:48 - 2019-02-07 00:48 - 000000000 ___DC C:\ProgramData\Oracle
    2019-02-07 00:48 - 2019-02-07 00:48 - 000000000 ___DC C:\Program Files (x86)\Java
    2019-02-07 00:47 - 2019-02-07 00:47 - 001962336 ____C (Oracle Corporation) C:\Users\Cosmos\Downloads\JavaSetup8u201.exe
    2019-02-07 00:46 - 2019-02-07 00:46 - 014467050 ____C C:\Users\Cosmos\Downloads\drjava-beta-20160913-225446.exe
    2019-02-07 00:43 - 2019-02-08 14:48 - 000001208 ____C C:\Users\Cosmos\.drjava
    2019-02-07 00:43 - 2019-02-07 00:43 - 000001918 ____C C:\Users\Cosmos\AppData\Local\1
    2019-02-07 00:43 - 2019-02-07 00:43 - 000000958 ____C C:\Users\Cosmos\Desktop\DrJava.lnk
    2019-02-07 00:43 - 2019-02-07 00:43 - 000000879 ____C C:\Users\Cosmos\Desktop\Command Prompt.lnk
    2019-02-07 00:42 - 2019-02-08 14:38 - 000000000 ___DC C:\Users\Cosmos\introcs
    2019-02-07 00:42 - 2019-02-07 00:42 - 000358912 ____C (Princeton University) C:\Users\Cosmos\Downloads\introcs.exe
    2019-02-07 00:42 - 2019-02-07 00:42 - 000167936 ____C C:\Users\Cosmos\AppData\Local\unzip.exe
    2019-02-07 00:42 - 2019-02-07 00:42 - 000015173 ____C C:\Users\Cosmos\AppData\Local\introcs.ps1
    2019-02-07 00:29 - 2019-02-07 00:29 - 000000000 ___DC C:\WINDOWS\nn-NO
    2019-02-06 12:27 - 2019-02-06 12:27 - 000000000 ____C C:\Users\Cosmos\netstat
    2019-02-06 12:08 - 2019-02-15 14:43 - 000000000 ___DC C:\Users\Cosmos\Documents\Networking Folder
    2019-02-05 22:44 - 2019-02-05 22:44 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Microsoft Corporation
    2019-02-05 22:44 - 2019-02-05 22:44 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Xamarin
    2019-02-05 21:01 - 2017-07-12 18:40 - 000126064 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
    2019-02-05 21:00 - 2019-02-05 21:00 - 000000000 ___DC C:\Program Files (x86)\Xamarin
    2019-02-05 21:00 - 2019-02-05 21:00 - 000000000 ___DC C:\Program Files (x86)\Android
    2019-02-05 20:56 - 2019-02-05 20:56 - 000000000 ___DC C:\WINDOWS\symbols
    2019-02-05 20:56 - 2019-02-05 20:56 - 000000000 ___DC C:\Program Files\Windows Identity Foundation
    2019-02-05 20:56 - 2019-02-05 20:56 - 000000000 ___DC C:\Program Files\Microsoft Identity Extensions
    2019-02-05 20:56 - 2019-02-05 20:56 - 000000000 ___DC C:\Program Files (x86)\Workflow Manager Tools
    2019-02-05 20:56 - 2019-02-05 20:56 - 000000000 ___DC C:\Program Files (x86)\Open XML SDK
    2019-02-05 20:54 - 2019-02-07 18:55 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6
    2019-02-05 20:42 - 2019-02-05 20:42 - 000000000 ___DC C:\Program Files\Microsoft ASP.NET Core Runtime Package Store
    2019-02-05 20:38 - 2019-02-05 20:38 - 000001796 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017 (3).lnk
    2019-02-05 20:33 - 2019-02-05 20:33 - 000001491 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 (3).lnk
    2019-02-05 19:12 - 2019-02-05 19:14 - 008905825 ____C C:\Users\Cosmos\Downloads\Brown Simple Church Newsletter.pdf
    2019-02-05 17:44 - 2019-02-05 17:44 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office -työkalut
    2019-02-05 17:24 - 2019-02-05 17:24 - 000000000 ___DC C:\Users\Cosmos\Documents\node
    2019-02-05 15:36 - 2019-02-05 15:36 - 000000600 ____C C:\Users\Cosmos\AppData\Local\PUTTY.RND
    2019-02-05 15:27 - 2019-02-05 15:27 - 000000000 ___DC C:\ProgramData\Mozilla
    2019-02-05 14:38 - 2019-01-16 20:01 - 000000601 ____C C:\Users\Cosmos\Desktop\Core FTP Server(x64).lnk
    2019-02-05 13:26 - 2019-02-05 13:26 - 000000000 ___DC C:\Users\Cosmos\Documents\Custom Office Templates
    2019-02-04 01:15 - 2019-02-14 21:27 - 000000000 ___DC C:\Users\Cosmos\Documents\Outlook Files
    2019-02-04 01:14 - 2019-02-15 03:36 - 000469876 ____C C:\WINDOWS\system32\perfh006.dat
    2019-02-04 01:14 - 2019-02-15 03:36 - 000080688 ____C C:\WINDOWS\system32\perfc006.dat
    2019-02-04 01:14 - 2019-02-03 14:13 - 000312234 ____C C:\WINDOWS\system32\perfi006.dat
    2019-02-04 01:14 - 2019-02-03 14:13 - 000041338 ____C C:\WINDOWS\system32\perfd006.dat
    2019-02-04 01:13 - 2019-02-04 01:13 - 000000000 ___DC C:\WINDOWS\SysWOW64\da
    2019-02-04 01:13 - 2019-02-04 01:13 - 000000000 ___DC C:\WINDOWS\system32\da
    2019-02-03 23:58 - 2019-02-04 13:25 - 000001399 ____C C:\Users\Cosmos\Desktop\xplorephotographyAbout.html
    2019-02-03 23:16 - 2019-02-08 22:19 - 000000000 ___DC C:\Users\Cosmos\Documents\My Web Sites
    2019-02-03 23:16 - 2019-02-03 23:16 - 000000000 ___DC C:\Users\Cosmos\Documents\IISExpress
    2019-02-03 17:54 - 2019-02-03 17:55 - 007954904 ____C (Tim Kosse) C:\Users\Cosmos\Downloads\FileZilla_3.40.0_win64-setup.exe
    2019-02-03 14:44 - 2019-02-05 22:25 - 000000000 ___DC C:\Users\Cosmos\Desktop\Saved Ebay Messages 2-3-2019
    2019-02-03 14:08 - 2018-04-10 21:10 - 007046144 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0006.dll
    2019-02-02 20:36 - 2019-02-07 18:56 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Package Cache
    2019-02-02 20:36 - 2019-02-06 18:29 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
    2019-02-02 00:51 - 2019-02-15 18:43 - 000003818 ____C C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2019-02-01 22:44 - 2019-02-05 18:05 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\uTorrent Web
    2019-02-01 22:44 - 2019-02-01 22:44 - 000001888 ____C C:\Users\Cosmos\Desktop\uTorrent Web.lnk
    2019-02-01 22:44 - 2019-02-01 22:44 - 000001874 ____C C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
    2019-01-31 15:33 - 2019-02-01 11:38 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Wireshark
    2019-01-31 15:16 - 2019-01-31 15:16 - 000001831 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
    2019-01-31 14:51 - 2019-01-31 14:51 - 000000000 ___DC C:\Program Files (x86)\WinPcap
    2019-01-31 14:50 - 2019-01-31 15:16 - 000000000 ___DC C:\Program Files\Wireshark
    2019-01-29 23:13 - 2019-01-29 23:15 - 146827472 ____C (Microsoft Corporation) C:\Users\Cosmos\Downloads\dotnet-sdk-2.2.103-win-x64.exe
    2019-01-29 23:09 - 2019-01-29 23:09 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\ASP.NET
    2019-01-29 17:22 - 2019-01-29 18:51 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Notepad++
    2019-01-29 17:22 - 2019-01-29 17:22 - 000000881 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
    2019-01-29 17:22 - 2019-01-29 17:22 - 000000869 ____C C:\Users\Public\Desktop\Notepad++.lnk
    2019-01-29 17:22 - 2019-01-29 17:22 - 000000000 ___DC C:\Program Files\Notepad++
    2019-01-25 21:29 - 2019-01-25 21:29 - 000906016 ____C (O&O Software GmbH) C:\Users\Cosmos\Downloads\OOSU10.exe
    2019-01-25 14:23 - 2019-01-25 14:23 - 000132787 ____C C:\Users\Cosmos\Downloads\CCS_Content_Outline_Update_090718.pdf
    2019-01-23 23:09 - 2019-01-24 19:14 - 000000000 ___DC C:\WINDOWS\Minidump
    2019-01-23 19:51 - 2019-01-23 19:51 - 000002685 ____C C:\Users\Public\Desktop\Intel(R) Extreme Tuning Utility.lnk
    2019-01-23 19:51 - 2010-05-26 11:41 - 002526056 ____C (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
    2019-01-23 19:51 - 2010-05-26 11:41 - 002106216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
    2019-01-23 19:50 - 2019-01-23 19:50 - 000000000 ___DC C:\WINDOWS\System32\Tasks\Intel
    2019-01-23 19:50 - 2019-01-23 19:50 - 000000000 ___DC C:\Program Files\Microsoft SQL Server Compact Edition
    2019-01-23 19:50 - 2019-01-23 19:50 - 000000000 ___DC C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2019-01-21 00:20 - 2019-01-21 00:20 - 000002368 ____C C:\Users\Cosmos\Desktop\Symbility Mobile Claims.lnk
    2019-01-21 00:20 - 2019-01-21 00:20 - 000002324 ____C C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symbility Mobile Claims.lnk
    2019-01-20 01:20 - 2019-01-20 01:20 - 000000000 ___DC C:\Users\Cosmos\app
    2019-01-19 10:32 - 2019-02-05 17:44 - 000002513 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
    2019-01-19 10:32 - 2019-02-05 17:44 - 000002504 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
    2019-01-19 10:32 - 2019-02-05 17:44 - 000002484 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
    2019-01-19 10:32 - 2019-02-05 17:44 - 000002475 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
    2019-01-19 10:32 - 2019-02-05 17:44 - 000002473 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
    2019-01-19 10:32 - 2019-02-05 17:44 - 000002449 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2019-01-19 10:32 - 2019-02-05 17:44 - 000002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
    2019-01-18 21:53 - 2019-01-31 15:33 - 000000000 ___DC C:\Program Files (x86)\Project64 2.3
    2019-01-17 18:51 - 2019-01-17 18:51 - 000002181 ____C C:\Users\Public\Desktop\Comodo Dragon.lnk
    2019-01-17 18:51 - 2019-01-17 18:51 - 000002118 ____C C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
    2019-01-17 18:51 - 2019-01-17 18:51 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2019-01-17 18:50 - 2019-01-17 18:50 - 000000000 ___DC C:\Program Files\Microsoft Silverlight
    2019-01-17 18:50 - 2019-01-17 18:50 - 000000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
    2019-01-17 18:44 - 2019-01-17 18:44 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\{698D6723-22C4-44EF-9F61-87B43E6B8160}
    2019-01-16 20:04 - 2019-02-11 20:26 - 000000000 ___DC C:\ftp
    2019-01-16 20:01 - 2019-02-08 14:35 - 000000000 ___DC C:\Program Files\CoreFTPServer
    2019-01-16 20:01 - 2019-01-16 20:01 - 002223668 ____C C:\Users\Cosmos\Downloads\CoreFTPServer64.exe
    2019-01-16 20:01 - 2019-01-16 20:01 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP Server (x64)

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-15 18:43 - 2019-01-08 13:28 - 000002860 ____C C:\WINDOWS\System32\Tasks\Git for Windows Updater
    2019-02-15 18:43 - 2019-01-08 01:25 - 000000000 ___DC C:\WINDOWS\System32\Tasks\Avast Software
    2019-02-15 18:43 - 2019-01-07 17:24 - 000002686 ____C C:\WINDOWS\System32\Tasks\Study Anki
    2019-02-15 18:43 - 2019-01-06 20:17 - 000002276 ____C C:\WINDOWS\System32\Tasks\Quick Access
    2019-02-15 18:43 - 2019-01-05 21:31 - 000002908 ____C C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-236146839-932208297-861440787-1001
    2019-02-15 18:43 - 2019-01-05 19:09 - 000004362 ____C C:\WINDOWS\System32\Tasks\Software Update Application
    2019-02-15 18:43 - 2019-01-05 19:09 - 000003912 ____C C:\WINDOWS\System32\Tasks\ACCAgent
    2019-02-15 18:43 - 2019-01-05 19:09 - 000003178 ____C C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
    2019-02-15 18:43 - 2019-01-05 19:09 - 000002880 ____C C:\WINDOWS\System32\Tasks\ACC
    2019-02-15 18:43 - 2019-01-05 19:09 - 000002620 ____C C:\WINDOWS\System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2019-02-15 18:43 - 2019-01-05 19:09 - 000002388 ____C C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
    2019-02-15 18:43 - 2019-01-05 19:09 - 000002222 ____C C:\WINDOWS\System32\Tasks\User Boot Experience Task
    2019-02-15 18:42 - 2019-01-04 23:03 - 000000000 ___DC C:\FRST
    2019-02-15 18:40 - 2019-01-05 21:47 - 000000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
    2019-02-15 18:18 - 2019-01-08 01:24 - 000474456 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2019-02-15 15:44 - 2019-01-05 19:03 - 000000000 ___DC C:\WINDOWS\system32\SleepStudy
    2019-02-15 14:31 - 2019-01-08 16:48 - 000000499 ____C C:\Users\Cosmos\Desktop\website idea.txt
    2019-02-15 14:25 - 2019-01-10 15:51 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\CrashDumps
    2019-02-15 04:36 - 2018-11-23 23:11 - 000000000 ___DC C:\Users\Cosmos\lpthw
    2019-02-15 04:31 - 2019-01-05 19:08 - 000000000 ___DC C:\Users\Cosmos
    2019-02-15 04:16 - 2017-12-21 23:15 - 000000000 ___DC C:\Users\Cosmos\AppData\LocalLow\Mozilla
    2019-02-15 03:36 - 2019-01-05 21:57 - 000741750 ____C C:\WINDOWS\system32\perfh01F.dat
    2019-02-15 03:36 - 2019-01-05 21:57 - 000161336 ____C C:\WINDOWS\system32\perfc01F.dat
    2019-02-15 03:36 - 2019-01-05 21:56 - 000809320 ____C C:\WINDOWS\system32\perfh019.dat
    2019-02-15 03:36 - 2019-01-05 21:56 - 000168028 ____C C:\WINDOWS\system32\perfc019.dat
    2019-02-15 03:36 - 2019-01-05 21:54 - 000507892 ____C C:\WINDOWS\system32\perfh011.dat
    2019-02-15 03:36 - 2019-01-05 21:54 - 000147312 ____C C:\WINDOWS\system32\perfc011.dat
    2019-02-15 03:36 - 2019-01-05 21:52 - 000832216 ____C C:\WINDOWS\system32\perfh00C.dat
    2019-02-15 03:36 - 2019-01-05 21:52 - 000167602 ____C C:\WINDOWS\system32\perfc00C.dat
    2019-02-15 03:36 - 2019-01-05 21:50 - 000598130 ____C C:\WINDOWS\system32\perfh008.dat
    2019-02-15 03:36 - 2019-01-05 21:50 - 000108854 ____C C:\WINDOWS\system32\perfc008.dat
    2019-02-15 03:36 - 2019-01-05 21:49 - 000785774 ____C C:\WINDOWS\system32\perfh007.dat
    2019-02-15 03:36 - 2019-01-05 21:49 - 000167870 ____C C:\WINDOWS\system32\perfc007.dat
    2019-02-15 03:36 - 2019-01-05 21:46 - 000000000 ___DC C:\WINDOWS\INF
    2019-02-15 03:36 - 2019-01-05 19:14 - 006565410 ____C C:\WINDOWS\system32\PerfStringBackup.INI
    2019-02-15 03:30 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\AppReadiness
    2019-02-15 03:30 - 2017-12-22 13:31 - 000000000 _SHDC C:\Users\Cosmos\IntelGraphicsProfiles
    2019-02-15 03:29 - 2019-01-07 08:56 - 000000000 ___DC C:\Program Files\Mozilla Firefox
    2019-02-15 03:29 - 2019-01-07 08:56 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
    2019-02-15 03:29 - 2019-01-05 19:09 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
    2019-02-15 03:29 - 2019-01-05 19:04 - 000000000 ___DC C:\ProgramData\NVIDIA
    2019-02-15 02:15 - 2018-10-30 12:55 - 000005438 ____C C:\Users\Cosmos\.node_repl_history
    2019-02-14 22:55 - 2019-01-05 21:47 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-02-14 22:55 - 2019-01-05 19:15 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Packages
    2019-02-14 22:54 - 2019-01-06 20:08 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\PlaceholderTileLogoFolder
    2019-02-14 21:35 - 2019-01-05 21:51 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Visual Studio Setup
    2019-02-14 19:38 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\NDF
    2019-02-14 13:28 - 2019-01-07 08:56 - 000001009 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2019-02-14 13:26 - 2018-11-16 01:22 - 000000000 ___DC C:\Users\Cosmos\.p2
    2019-02-14 13:11 - 2019-01-08 01:24 - 000004264 ____C C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2019-02-14 13:01 - 2019-01-05 21:42 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-02-14 12:46 - 2019-01-05 19:03 - 000448824 ____C C:\WINDOWS\system32\FNTCACHE.DAT
    2019-02-14 03:38 - 2019-01-05 19:08 - 000000000 ___DC C:\Users\defaultuser0
    2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 __SDC C:\WINDOWS\SysWOW64\F12
    2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 __SDC C:\WINDOWS\system32\F12
    2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\TextInput
    2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\ShellExperiences
    2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\bcastdvr
    2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files\Windows Defender
    2019-02-14 03:36 - 2019-01-07 17:23 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Anki2
    2019-02-14 02:30 - 2019-01-07 17:10 - 000000000 ___DC C:\WINDOWS\System32\Tasks\CareCenter
    2019-02-13 21:39 - 2019-01-08 13:36 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\heroku
    2019-02-13 15:51 - 2019-01-05 21:44 - 000000000 ___DC C:\WINDOWS\CbsTemp
    2019-02-13 15:46 - 2019-01-14 20:07 - 000000000 ___DC C:\WINDOWS\system32\MRT
    2019-02-13 15:44 - 2019-01-14 20:07 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-02-12 23:08 - 2018-01-28 01:24 - 000000000 ___DC C:\Users\Cosmos\AppData\LocalLow\Adobe
    2019-02-12 17:25 - 2018-11-14 22:50 - 000000000 ___DC C:\Users\Cosmos\.dotnet
    2019-02-12 16:30 - 2017-03-10 12:59 - 006690768 ____C C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2019-02-12 15:56 - 2019-01-14 09:38 - 000225680 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
    2019-02-12 15:56 - 2019-01-08 01:24 - 001034432 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2019-02-12 15:56 - 2019-01-08 01:24 - 000474456 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.155027272603101
    2019-02-12 15:56 - 2019-01-08 01:24 - 000379952 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2019-02-12 15:56 - 2019-01-08 01:24 - 000320696 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
    2019-02-12 15:56 - 2019-01-08 01:24 - 000216784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2019-02-12 15:56 - 2019-01-08 01:24 - 000205400 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2019-02-12 15:56 - 2019-01-08 01:24 - 000196072 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
    2019-02-12 15:56 - 2019-01-08 01:24 - 000167304 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2019-02-12 15:56 - 2019-01-08 01:24 - 000112312 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2019-02-12 15:56 - 2019-01-08 01:24 - 000087944 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2019-02-12 15:56 - 2019-01-08 01:24 - 000057960 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
    2019-02-12 15:56 - 2019-01-08 01:24 - 000042288 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2019-02-12 15:56 - 2019-01-05 21:47 - 000000000 __HDC C:\WINDOWS\ELAMBKUP
    2019-02-12 15:38 - 2019-01-05 19:31 - 000000000 ___DC C:\ProgramData\Packages
    2019-02-11 17:55 - 2017-03-10 13:21 - 000000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
    2019-02-10 18:29 - 2019-01-05 21:58 - 000000000 ____D C:\WINDOWS\OCR
    2019-02-10 17:22 - 2019-01-05 19:08 - 000002366 ____C C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-02-10 17:22 - 2017-12-22 13:32 - 000000000 __RDC C:\Users\Cosmos\OneDrive
    2019-02-10 14:38 - 2019-01-05 19:17 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\ElevatedDiagnostics
    2019-02-09 01:21 - 2018-11-14 22:49 - 000005735 ____C C:\Users\Cosmos\.bash_history
    2019-02-07 18:29 - 2017-03-10 12:58 - 000000000 ___DC C:\ProgramData\Package Cache
    2019-02-07 00:48 - 2018-11-16 01:20 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2019-02-07 00:29 - 2019-01-05 21:58 - 000000000 ___DC C:\WINDOWS\SysWOW64\nn-NO
    2019-02-07 00:29 - 2019-01-05 21:58 - 000000000 ___DC C:\WINDOWS\system32\nn-NO
    2019-02-07 00:29 - 2019-01-05 21:47 - 000000000 __RDC C:\WINDOWS\ImmersiveControlPanel
    2019-02-07 00:29 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\oobe
    2019-02-07 00:29 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\PolicyDefinitions
    2019-02-07 00:29 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files\Windows Photo Viewer
    2019-02-07 00:29 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files (x86)\Windows Photo Viewer
    2019-02-07 00:08 - 2019-01-13 15:13 - 000000000 ___DC C:\Users\Cosmos\Downloads\Program Downloads
    2019-02-07 00:08 - 2019-01-07 08:56 - 000000000 ___DC C:\Users\Cosmos\Downloads\Antivirus
    2019-02-07 00:08 - 2019-01-05 21:48 - 000000000 ___DC C:\Users\Cosmos\Downloads\Programming
    2019-02-06 18:35 - 2018-12-01 14:16 - 000000000 ___DC C:\Users\Cosmos\Java Projects
    2019-02-05 21:01 - 2019-01-05 19:04 - 000000000 ___DC C:\Program Files\Intel
    2019-02-05 20:57 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files\Common Files\microsoft shared
    2019-02-05 20:42 - 2019-01-05 21:57 - 000000000 ___DC C:\Program Files\dotnet
    2019-02-05 20:23 - 2019-01-05 21:51 - 000001355 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
    2019-02-05 20:23 - 2019-01-05 21:51 - 000000000 ___DC C:\Program Files (x86)\Microsoft Visual Studio
    2019-02-05 18:00 - 2019-01-15 18:52 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\FileZilla
    2019-02-05 17:43 - 2017-03-10 12:45 - 000000000 ___DC C:\Program Files (x86)\Microsoft Office
    2019-02-05 15:36 - 2019-01-15 18:52 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\FileZilla
    2019-02-04 01:13 - 2019-01-05 21:58 - 000000000 ___DC C:\WINDOWS\SysWOW64\XPSViewer
    2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\SysWOW64\winrm
    2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\SysWOW64\WCN
    2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\SysWOW64\slmgr
    2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
    2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\system32\winrm
    2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\system32\WCN
    2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\system32\slmgr
    2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\system32\Printing_Admin_Scripts
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 __SDC C:\WINDOWS\SysWOW64\DiagSvcs
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 __SDC C:\WINDOWS\system32\DiagSvcs
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\SysWOW64\oobe
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\SysWOW64\MUI
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\SysWOW64\Dism
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\SysWOW64\com
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\WinBioPlugIns
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\Sysprep
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\MUI
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\migwiz
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\Dism
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\com
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\IME
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\Help
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files\Common Files\system
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files (x86)\Windows Defender
    2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2019-02-04 01:13 - 2019-01-05 21:42 - 000000000 ____D C:\WINDOWS\servicing
    2019-02-03 23:45 - 2019-01-05 19:15 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Publishers
    2019-02-03 17:55 - 2019-01-15 18:52 - 000001931 ____C C:\Users\Cosmos\Desktop\FileZilla Client.lnk
    2019-02-03 17:55 - 2019-01-15 18:52 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2019-02-03 17:55 - 2019-01-15 18:52 - 000000000 ___DC C:\Program Files\FileZilla FTP Client
    2019-02-02 17:53 - 2019-01-05 21:49 - 000835480 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-02-02 17:53 - 2019-01-05 21:49 - 000179600 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-02-02 12:12 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\LiveKernelReports
    2019-02-02 00:51 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\SysWOW64\Macromed
    2019-02-02 00:51 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\Macromed
    2019-02-01 19:52 - 2019-01-13 15:07 - 000500112 ____C C:\WINDOWS\system32\Drivers\fvstore.dat
    2019-01-31 15:33 - 2019-01-07 21:17 - 000000000 ___DC C:\Python27
    2019-01-31 15:31 - 2019-01-13 16:18 - 000000000 ___DC C:\ProgramData\VirtualBox
    2019-01-31 15:31 - 2018-12-07 01:36 - 000000000 ___DC C:\Users\Cosmos\VirtualBox VMs
    2019-01-31 15:31 - 2018-10-29 20:44 - 000000000 ___DC C:\Users\Cosmos\.VirtualBox
    2019-01-31 14:51 - 2018-11-18 23:22 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    2019-01-28 00:28 - 2019-01-08 01:41 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Atom
    2019-01-27 12:09 - 2019-01-13 14:15 - 001474832 ____C C:\WINDOWS\system32\Drivers\sfi.dat
    2019-01-25 16:47 - 2019-01-08 13:36 - 000000204 ____C C:\Users\Cosmos\_netrc
    2019-01-23 23:12 - 2017-03-10 12:59 - 000000000 ___DC C:\ProgramData\Intel
    2019-01-23 19:51 - 2017-03-10 12:59 - 000000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2019-01-23 19:50 - 2019-01-05 19:04 - 000000000 ___DC C:\Program Files (x86)\Intel
    2019-01-17 18:51 - 2019-01-12 11:33 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Comodo
    2019-01-17 18:51 - 2019-01-12 11:33 - 000000000 ___DC C:\Program Files (x86)\Comodo
    2019-01-17 18:51 - 2019-01-04 23:00 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    2019-01-17 18:43 - 2019-01-05 19:18 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\CareCenter
    2019-01-17 18:14 - 2019-01-14 20:06 - 000000000 ___DC C:\Program Files\rempl

    ==================== Files in the root of some directories =======

    2019-02-07 00:43 - 2019-02-07 00:43 - 000001918 ____C () C:\Users\Cosmos\AppData\Local\1
    2019-02-07 00:42 - 2019-02-07 00:42 - 000015173 ____C () C:\Users\Cosmos\AppData\Local\introcs.ps1
    2019-02-05 15:36 - 2019-02-05 15:36 - 000000600 ____C () C:\Users\Cosmos\AppData\Local\PUTTY.RND
    2019-01-11 22:53 - 2019-01-12 09:03 - 000007607 ____C () C:\Users\Cosmos\AppData\Local\resmon.resmoncfg
    2019-02-07 00:42 - 2019-02-07 00:42 - 000167936 ____C () C:\Users\Cosmos\AppData\Local\unzip.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\dllhost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2019-01-05 19:03

    ==================== End of FRST.txt ============================

  11. #11
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  12. #12
    Join Date
    Jan 2019
    Posts
    31
    RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.17134) 64 bits
    Started in : Normal mode
    User : Cosmos [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20190204_072850, Driver : Loaded
    Mode : Standard Scan, Delete -- Date : 2019/02/18 21:06:26 (Duration : 00:16:04)
    Switches : -refid 3

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1F1BF54E-2996-4C20-A82B-D6A7588081BC} -- [%_Cosmos_appdata%\uTorrent Web\utweb.exe] -> Deleted
    [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{93FFFDED-55E9-47AF-80B8-E61EEF59360C} -- [%_Cosmos_appdata%\uTorrent Web\utweb.exe] -> Deleted
    [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-236146839-932208297-861440787-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs -- -> Replaced (1)
    [PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-236146839-932208297-861440787-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs -- -> Replaced (1)
    [PUP.Gen1 (Potentially Malicious)] DriverSetupUtility -- %programdata%\DriverSetupUtility -> Deleted
    [PUP.Gen1 (Potentially Malicious)] DriverSetupUtility -- %ProgramFiles%\DriverSetupUtility -> Deleted
    [PUP.Gen1 (Potentially Malicious)] DriverSetupUtility -- %ProgramFiles%\DriverSetupUtility -> Found

  13. #13
    Join Date
    Jan 2019
    Posts
    31
    It found a few items that were not removed, no indication to restart computer, they are still in quarantine, unsure if I should delete or keep for now.

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 2/18/19
    Scan Time: 9:15 PM
    Log File: 438ba512-33ec-11e9-a5a7-5800e3780970.json

    -Software Information-
    Version: 3.6.1.2711
    Components Version: 1.0.508
    Update Package Version: 1.0.9322
    License: Free

    -System Information-
    OS: Windows 10 (Build 17134.590)
    CPU: x64
    File System: NTFS
    User: DESKTOP-N0KELHM\Cosmos

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 393327
    Threats Detected: 5
    Threats Quarantined: 5
    Time Elapsed: 7 min, 7 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 1
    PUP.Optional.Conduit, HKU\S-1-5-21-236146839-932208297-861440787-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [213], [236865],1.0.9322

    Registry Value: 2
    PUP.Optional.Conduit, HKU\S-1-5-21-236146839-932208297-861440787-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [213], [236865],1.0.9322
    PUP.Optional.Conduit, HKU\S-1-5-21-236146839-932208297-861440787-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Quarantined, [213], [236865],1.0.9322

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 2
    PUP.Optional.Conduit, C:\USERS\COSMOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZMDHMREV.DEFAULT\PREFS.JS, Replaced, [213], [301520],1.0.9322
    PUP.Optional.Conduit, C:\USERS\COSMOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZMDHMREV.DEFAULT\PREFS.JS, Replaced, [213], [303091],1.0.9322

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)
    Last edited by akhayyat17; February 18th, 2019 at 10:34 PM.

  14. #14
    Join Date
    Jan 2019
    Posts
    31
    placeholder for post below
    Last edited by akhayyat17; February 18th, 2019 at 11:10 PM.

  15. #15
    Join Date
    Jan 2019
    Posts
    31
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.7.0
    # -------------------------------
    # Build: 01-30-2019
    # Database: 2019-02-15.6 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 02-18-2019
    # Duration: 00:00:01
    # OS: Windows 10 Home
    # Cleaned: 14
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
    Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
    Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
    Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
    Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
    Deleted HKCU\Software\Lavasoft\Web Companion
    Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    Deleted http://www.bing.com/?pc=COSP&ptag=D0...logo=CT3335799


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [3228 octets] - [18/02/2019 21:46:57]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Thread Information

Users Browsing this Thread

There are currently 4 users browsing this thread. (0 members and 4 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •