-
February 8th, 2019, 08:00 PM
#1
[RESOLVED] reponse to hacked computer
Hey.
Addition.txtFRST.txt
Here are the files from that day 1/8/2019. Uploading this because I had someone attempted to stop my debit cards one day, I might've been targeted back in May 2018. I reported it to the FBI.
Here's also a script of NETSTAT IP addresses from today just at 1840pm, not sure what it's useful for.
Proto Local Address Foreign Address State
TCP 10.3.114.210:54194 edge-star-shv-01-atl3:https ESTABLISHED
TCP 10.3.114.210:54195 108.177.122.188:5228 ESTABLISHED
TCP 10.3.114.210:54201 edge-star-shv-01-atl3:https ESTABLISHED
TCP 10.3.114.210:54207 ec2-54-149-188-75:https ESTABLISHED
TCP 10.3.114.210:54211 edge-star-shv-01-atl3:https ESTABLISHED
TCP 10.3.114.210:54220 edge-star-mini-shv-01-atl3:https ESTABLISHED
TCP 10.3.114.210:54267 108-174-11-65:https ESTABLISHED
TCP 10.3.114.210:54278 52.173.28.179:https ESTABLISHED
TCP 10.3.114.210:54312 nyc04-008:http ESTABLISHED
TCP 10.3.114.210:55464 a104-118-220-22:https CLOSE_WAIT
TCP 10.3.114.210:55690 ec2-34-210-203-79:https CLOSE_WAIT
TCP 10.3.114.210:55691 ec2-34-210-203-79:https CLOSE_WAIT
TCP 10.3.114.210:55692 ec2-34-210-203-79:https CLOSE_WAIT
TCP 10.3.114.210:56208 52.96.28.2:https TIME_WAIT
TCP 10.3.114.210:56222 108.177.122.190:https ESTABLISHED
TCP 10.3.114.210:56409 40.97.29.226:https ESTABLISHED
TCP 10.3.114.210:56413 edge-star-mini-shv-01-atl3:https ESTABLISHED
TCP 10.3.114.210:57762 server-13-249-122-48:https CLOSE_WAIT
TCP 10.3.114.210:57821 64.86.206.88:http TIME_WAIT
TCP 10.3.114.210:57822 64.86.206.88:http TIME_WAIT
-
February 9th, 2019, 10:04 PM
#2
Welcome aboard
Please complete all steps listed here: http://discussions.virtualdr.com/sho...d-4-28-2013%29
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
===============================
Please observe forum rules. All logs have to be pasted not attached or linked.
-
February 16th, 2019, 07:23 PM
#3
-
February 16th, 2019, 07:32 PM
#4
Please observe forum rules. All logs have to be pasted not attached or linked.
-
February 17th, 2019, 04:26 PM
#5
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by Cosmos (15-02-2019 18:43:50)
Running from C:\Users\Cosmos\Downloads\Antivirus\FRST
Windows 10 Home Version 1803 17134.590 (X64) (2019-01-06 00:11:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-236146839-932208297-861440787-500 - Administrator - Disabled)
Cosmos (S-1-5-21-236146839-932208297-861440787-1001 - Administrator - Enabled) => C:\Users\Cosmos
DefaultAccount (S-1-5-21-236146839-932208297-861440787-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-236146839-932208297-861440787-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-236146839-932208297-861440787-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-236146839-932208297-861440787-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3038 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3025 - Acer Incorporated)
Active Directory Authentication Library for SQL Server (HKLM\...\{52D1FCFD-1052-4D75-B3FB-9906901AFD98}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20091 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
Atom (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\atom) (Version: 1.34.0 - GitHub Inc.)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.9.20.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.9.0.0 - Canon Inc.)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
COMODO Antivirus (HKLM\...\{1FCECDE0-7D34-4FA9-9EA3-03792F8CD585}) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.) Hidden
COMODO Antivirus (HKLM\...\COMODO Internet Security) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 70.0.3538.110 - Comodo)
Core FTP Server(x64) (HKLM-x32\...\CoreFTPServer(x64)) (Version: - )
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{AA950AA4-CD9B-4D81-B6C0-BFABB7A24261}) (Version: 0.7.5.65 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{DBC4388A-9417-41DB-85CF-DF4993B84D5A}) (Version: 0.7.5.67 - Dolby Laboratories, Inc.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3013 - Acer Incorporated)
ELAN FingerPrinter 1.6.5.1_X64_WHQL (HKLM\...\ElanFP) (Version: 1.6.5.1 - ELAN Microelectronic Corp.)
ELAN HIDI2C Filter Driver X64 13.6.7.2_WHQL (HKLM\...\Elantech) (Version: 13.6.7.2 - ELAN Microelectronic Corp.)
Entity Framework 6.2.0 Tools for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
FileZilla Client 3.40.0 (HKLM-x32\...\FileZilla Client) (Version: 3.40.0 - Tim Kosse)
Git version 2.20.1 (HKLM\...\Git_is1) (Version: 2.20.1 - The Git Development Community)
heroku (HKLM-x32\...\heroku) (Version: - Heroku)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{1D117EF7-C5DC-45A4-836B-282D8C2C5ADA}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{469961DF-482F-4213-ACD4-4AFD443F2A88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{4B691388-E031-4268-A096-95173D1E6E0F}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{9725C7F1-2D22-4FD0-B25F-A0CBDB6B2743}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{C29CE78F-0FFD-4A53-8DDA-91CDBEC56143}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{C60AE9CA-7FB1-46CB-9615-524FC2B304AC}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{12246E9A-D1A6-4D96-8CEA-CCFD064B16E2}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{2CC48522-BEEE-4F86-987F-703C76FF5BFF}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{5A86972C-9DB5-40AA-B4EB-0ACE96AFDF88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{5EBFBBAD-EBA7-4D7B-A121-A6661944E6BD}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{75D686C3-277D-4FAB-AD2C-FC71FE6BDF63}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{94387177-969C-437D-8297-1B5D7D058283}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden
Intel Extreme Tuning Utility (HKLM-x32\...\{275588D7-6C9D-4FB0-BBAE-2FA3F7C2DADB}) (Version: 6.4.1.25 - Intel Corporation) Hidden
Intel Extreme Tuning Utility (HKLM-x32\...\{6a0def1c-f6f2-4a5d-81f6-a1b858352c8b}) (Version: 6.4.1.25 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{22676F90-06C7-4DC0-96C2-FAE79AB306F4}) (Version: 6.2.0 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.3.447691.139 - Comodo)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
JetBrains PyCharm Community Edition 2018.3.4 (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\PyCharm Community Edition 2018.3.4) (Version: 183.5429.31 - JetBrains s.r.o.)
Kits Configuration Installer (HKLM-x32\...\{29B915AE-013F-151F-3E61-67F7363C3A09}) (Version: 10.1.17763.132 - Microsoft) Hidden
Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{4DFD6FF3-9A29-4F31-AEE1-D44E016C5AD4}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.503 (x64) (HKLM-x32\...\{ce5280a9-88d6-42e4-90bc-8399a3f94460}) (Version: 2.1.503 - Microsoft Corporation)
Microsoft .NET Core SDK 2.2.103 (x64) (HKLM-x32\...\{730ee99f-7165-41f7-b107-ced51cbb0c19}) (Version: 2.2.103 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft Office 365 - fi-fi (HKLM\...\O365HomePremRetail - fi-fi) (Version: 16.0.11231.20130 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27024 (HKLM-x32\...\{5fb2083a-f3cc-4b78-93ff-bd9788b5de01}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - 日本語 (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - JPN) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1095.110 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
Mozilla Firefox 65.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.1 (x64 en-US)) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{662F5082-4F0A-4EC3-A055-00C8AEB514F1}) (Version: 11.6.0 - Node.js Foundation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.3 - Notepad++ Team)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 369.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 369.32 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040B-0000-0000000FF1CE}) (Version: 16.0.11231.20130 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Pakiet zbiorczy funkcji IntelliSense platformy Microsoft .NET Framework Cumulative Intellisense Pack dla programu Visual Studio (Polski) (HKLM-x32\...\{BCCDC1D3-999C-445B-826F-5B5548F19858}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Python 3.7.1 (64-bit) (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\{8a84877c-26dd-4b77-8117-80eaec80127c}) (Version: 3.7.1150.0 - Python Software Foundation)
Python 3.7.1 (Anaconda3 2018.12 64-bit) (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\Python 3.7.1 (Anaconda3 2018.12 64-bit)) (Version: 2018.12 - Anaconda, Inc.)
Python 3.7.1 Add to Path (64-bit) (HKLM\...\{6846E653-89AC-47BC-8E11-FB9991EC90AA}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Core Interpreter (64-bit debug) (HKLM\...\{CB1033C4-D22C-4448-AC3B-42AAAE2EDDF1}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Core Interpreter (64-bit symbols) (HKLM\...\{E4F701CA-F776-4664-9C9E-34C018C1011F}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Core Interpreter (64-bit) (HKLM\...\{3CDB402E-5970-4DCB-8EE8-D50517AB55AE}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Development Libraries (64-bit debug) (HKLM\...\{7576F61D-0D5A-4DF4-82D2-0185AD2D897B}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Development Libraries (64-bit) (HKLM\...\{61D00EE1-616D-4782-A8C5-EDD436BE9766}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Documentation (64-bit) (HKLM\...\{C66332A3-9916-4CA0-89B3-88E4F0789207}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Executables (64-bit debug) (HKLM\...\{3C0EF30A-F618-47A4-81B5-AA011D8AEFB3}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Executables (64-bit symbols) (HKLM\...\{C4F72D80-B361-40E9-A93A-34016B272E8B}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Executables (64-bit) (HKLM\...\{C3B089F9-4BA6-45A6-91A2-C5938F8702F8}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 pip Bootstrap (64-bit) (HKLM\...\{ED677B31-8BF6-49FA-9B99-A63CD45D316A}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Standard Library (64-bit debug) (HKLM\...\{493D405E-30BD-441B-8280-3E2873738177}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Standard Library (64-bit symbols) (HKLM\...\{F9FF5FDE-DFF4-48AE-B9E6-0940E0F37FA3}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Standard Library (64-bit) (HKLM\...\{7627B8B4-82DD-4BD2-B33B-465E41693F0D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Tcl/Tk Support (64-bit debug) (HKLM\...\{10C3C9C5-29B0-4D4B-861B-99EC3C5D63FA}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Tcl/Tk Support (64-bit symbols) (HKLM\...\{D27E5799-8F28-4823-B4BB-C841CA8BEC6D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Tcl/Tk Support (64-bit) (HKLM\...\{00FB4D96-77D4-4043-950E-8FA816BCAD7D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Test Suite (64-bit debug) (HKLM\...\{FFB7B7F3-47C3-4B39-A020-45F06D2A74B5}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Test Suite (64-bit symbols) (HKLM\...\{3FCFD9C6-8FE8-41AF-A952-27BBA93DC9B9}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Test Suite (64-bit) (HKLM\...\{A1CFED46-5F31-4813-A494-681BBB2B6E23}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Utility Scripts (64-bit) (HKLM\...\{96DEF82E-CD26-4AB5-A7FB-81E1B6D1DE91}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C3A1C6B1-9096-47A7-AB5C-09114002A996}) (Version: 3.7.6501.0 - Python Software Foundation)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10393 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.281 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7977 - Realtek Semiconductor Corp.)
SDK ARM Additions (HKLM-x32\...\{0B5D6FB7-05A5-271B-5B99-82384219A471}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{4A5F6E94-7967-A333-8231-CA9AF35E03BD}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{97C50C96-8106-490D-B81F-768753C39B56}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{05830493-65CA-41E3-8A0F-BDFC531F99FE}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{1322D9E4-4DFA-4AB0-A24F-33E6DB089C60}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{17172919-AC0E-414E-A9F0-BD568DDCADDF}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{438AE7AE-E30E-4680-BF81-D6A0CBAB212C}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{74E057FF-92C8-4DD0-AF43-B220CD100733}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{E244D430-2740-46E6-8998-156213B3B63E}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{C83DFAD5-FF26-4ED8-B284-944463FA0E30}) (Version: 15.0.27207 - Microsoft Corporation) Hidden
SQL Server vNext CTP1.6 用 Microsoft System CLR Types (HKLM\...\{AB624C7B-A7AF-42F0-A49F-C804305DDFDA}) (Version: 15.0.600.33 - Microsoft Corporation)
SQL Server vNext CTP1.6 用 Microsoft System CLR Types (HKLM-x32\...\{07DB40AF-A6A1-41FF-9C0E-58E72F820351}) (Version: 15.0.600.33 - Microsoft Corporation)
Storage Backup Software (HKLM-x32\...\{DE033B8F-24D8-4E97-B6EE-3CFC7A0E0637}) (Version: 1.21.7820 - Toshiba Electronic Devices & Storage Corporation)
Sublime Text Build 3176 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Symbility Mobile Claims (HKLM-x32\...\{04B8E460-7E0B-4BD8-89A8-DAC7E2242D8F}) (Version: 6.2.30 - Symbility Solutions Inc.)
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3B588BBE-EB02-D1B2-5CD5-7DB85AD8A3E7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{D2DC1EDF-EE04-9B5F-BDD7-06645D859EC3}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
uTorrent Web (HKU\S-1-5-21-236146839-932208297-861440787-1001\...\utweb) (Version: 0.21.0 - BitTorrent, Inc.)
vcpp_crt.redist.clickonce (HKLM-x32\...\{16E08161-F78C-4FFC-8E12-F9BEA280795F}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{3073DDA2-99E5-47A6-9AFA-3F6CA9C44BB5}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{543CB640-A910-4AF4-BC48-9345AC92B68D}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{77B667B9-36B3-4712-AD45-28EA1A278D8B}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{BC5378F6-57FC-41B3-90AA-B893FB79568A}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{F38A24D5-EC2F-4F7C-8632-AEE11B2075A2}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Visual Studio Build Tools 2017 (2) (HKLM-x32\...\9ceefa81) (Version: 15.9.28307.222 - Microsoft Corporation)
Visual Studio Community 2017 (3) (HKLM-x32\...\d3e461ca) (Version: 15.9.28307.344 - Microsoft Corporation)
Visual Studio Enterprise 2017 (HKLM-x32\...\32fd9a58) (Version: 15.9.28307.222 - Microsoft Corporation)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codecoveragemsi (HKLM-x32\...\{B2DB38F7-4225-4EA6-A7B2-F9A0E089DD89}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_codeduitestframeworkmsi (HKLM-x32\...\{4379D9C7-B16D-486C-BC6D-43550A4C55EE}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{0C4329B3-294C-4143-8BA9-8FA8F5C7E0C4}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{5297D80E-CD92-48D8-9DB0-301AB3205772}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{C1A2852D-7FED-42BC-BE13-402E6D4942E5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{CEF65212-694E-4F0B-ADB5-17CE0C2AE213}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{F1AD1FA8-F605-4E03-A837-89CB3EA8309A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_cuitcommoncoremsi (HKLM-x32\...\{060D7518-16AC-41F1-9956-38CA636FCF7B}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_cuitextensionmsi (HKLM-x32\...\{88484E59-774D-4947-AF0E-4524D6C3147D}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_cuitextensionmsi_x64 (HKLM-x32\...\{184D5702-3AD2-4F0D-95E6-11E1C75A9298}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_enterprisemsi (HKLM-x32\...\{6E0FB913-0E76-44B5-B0D4-2B71A7984BD2}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{0D3A6730-43CE-4AF6-BDF7-4D0660296C60}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{284D88E1-21B6-4FA2-A606-4E49412F74E8}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{871BE104-8114-4C84-9809-D3F2DAB18E06}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{F9101D24-E2B7-44A6-B4E6-2121D7FF6461}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{FA276C24-AD78-43FE-A70B-86715B5C5C46}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_networkemulationmsi_x64 (HKLM-x32\...\{674BB892-7904-4B94-8077-9DA3D2CBFC70}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Wireshark 2.6.6 64-bit (HKLM-x32\...\Wireshark) (Version: 2.6.6 - The Wireshark developer community, hxxps://www.wireshark.org)
Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{831D3854-30D1-4A11-927C-8E94B8091949}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{B0290897-30B9-4938-9241-FC2CD5960B7C}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{D3A2C0A9-7709-4E97-AFC6-48895E902F28}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{232B4812-B522-4AD5-9AE2-86176D045CE3}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{9B4F2C44-56AC-4350-8A1F-C3AA5713102A}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{DD83B36A-ED10-4514-98E7-1EBD53D167D8}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{FA24E637-426B-4FE5-9423-CC89455DBAD3}) (Version: 2.1.11218.0 - Microsoft Corporation) Hidden
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Remoted iOS Simulator (HKLM-x32\...\{5DE98E3F-9A5C-48B7-B039-8E0FB2D68AEA}) (Version: 1.3.0.8 - Xamarin) Hidden
Накопительный пакет обновления Microsoft .NET Framework Intellisense для Visual Studio (Русский) (HKLM-x32\...\{694ED65F-4C12-4339-B86D-F9C829D2265A}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Пакет SDK Microsoft .NET Framework 4.6.1 (Русский) (HKLM-x32\...\{76380480-8AA4-454B-B063-3EB82302CFEE}) (Version: 4.6.01055 - Microsoft Corporation) Hidden
Пакет SDK для Microsoft .NET Framework 4.7.2 (Русский) (HKLM-x32\...\{50BC45B5-FDC0-461D-B588-F05BBA4B3755}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Языковой пакет Microsoft Visual Studio 2010 Tools для среды выполнения Office (x64) - RUS (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - RUS) (Version: 10.0.50903 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxDTCM.dll [2016-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0632831C-CDB7-4641-91F6-37559E7EF00C} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {06C998A5-2188-4432-8911-1621D044C76F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1205FE87-4158-4F50-9221-C298DE0830D6} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe (Acer Incorporated -> )
Task: {12C90C16-6E1A-474A-8054-03495B34C7FB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1A0C4240-96AC-4DCC-AD68-09AB150BD30B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {203D1865-1648-49B4-81EF-66560BFA1AF4} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {2EA13A09-5D95-40C4-9E85-2924853C372B} - System32\Tasks\CareCenter\SunJavaUpdateSched_Reg_HKLMWow6432Run => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Windows -> Microsoft Corporation)
Task: {3FD0BCA6-8B63-41C0-A47F-19D1562984BF} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {477B58BD-2B2C-4CD8-BF20-F10132881E4B} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe (Acer Incorporated -> Acer Incorporated)
Task: {477FE246-AEF6-4203-9056-A61873A73079} - System32\Tasks\S-1-5-21-236146839-932208297-861440787-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {48AB4008-A15C-41A8-A1A3-4AE34F9E3E73} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {50BF38A2-D9D2-4011-AA99-F68A088F8473} - System32\Tasks\CareCenter\Send to OneNote.lnk_FolderAppdata_S-1-5-21-236146839-932208297-861440787-1001 => C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Task: {520E01C0-15AF-4DEE-B05D-52C31C1FFA50} - System32\Tasks\CareCenter\AvastUI.exe_Reg_HKLMWow6432Run => C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {6575E4F4-D03C-4ED9-9ED4-447B48052E4C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6ABAD0E3-128F-48D3-9CD5-C32609A95705} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {6EC73586-EB3A-43BB-BE2B-2433D829202F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {79D3F6C7-001A-48FB-845A-8C3DEE0C65C4} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (Acer Incorporated -> )
Task: {86443143-BDFD-4E81-AD57-F4A54513452C} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe (Intel(R) Software -> Intel Corporation)
Task: {87FB609E-674A-4922-A106-7202FDD4C934} - System32\Tasks\Study Anki => C:\Program Files\Anki\anki.exe (Ankitects Pty Ltd -> )
Task: {8AEADED1-F142-476A-93B3-B065AB23E426} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8BC787A9-27D8-4EEC-A76F-5D16D5F69DF8} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {8D917383-5314-430F-B4EC-6A2A87782560} - System32\Tasks\CareCenter\DAX2_APP_Reg_HKLMRun => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe (Dolby Laboratories, Inc. -> )
Task: {8FEE4E97-F844-484E-8ACC-6BF8993A38CB} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {96320278-5E30-417E-B908-72C54D05B4F7} - System32\Tasks\CareCenter\RtHDVBg_Dolby_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {9CDE652B-EE0E-4E98-BF6F-86A033D71EF7} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (Acer Incorporated -> )
Task: {ADB687BD-B239-4565-9B04-60B9428E7D7A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {AF8DFFA3-D74B-4F19-A4CF-765128E220C3} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (Acer Incorporated -> Acer Incorporated)
Task: {BA374E01-9AAE-4C6E-B032-292E75CC6478} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C582DC9E-8BB4-478F-A486-4131D8136729} - System32\Tasks\CareCenter\RTHDVCPL_Reg_HKLMRun => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {C8862AF8-0B87-40EA-BBC2-A14C1A9D3BFA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CA61BF83-0799-4500-A25E-350C6D2EF357} - System32\Tasks\Git for Windows Updater => C:\Program Files\Git\git-bash.exe (Johannes Schindelin -> The Git Development Community)
Task: {E40F7419-3704-495F-AD2B-4689783941CD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO)
Task: {EA0F0D87-C32E-4C4D-9270-078C8FECCD76} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EB2D6D65-BE15-471F-A6C1-7B3104E71E5F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {F103F416-6170-4745-8D1D-8251DD2B95DB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_114_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {FB66066A-5ED5-4BC7-AB64-9F62C8DB7FFF} - System32\Tasks\User Boot Experience Task => C:\OEM\Preload\FUBService\FUBService.exe (Acer Incorporated -> )
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
-
February 17th, 2019, 04:30 PM
#6
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Cosmos\Anaconda3\Scripts\activate.bat C:\Users\Cosmos\Anaconda3
==================== Loaded Modules (Whitelisted) ==============
2016-09-19 11:53 - 2016-09-19 11:53 - 001299920 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2.dll
2019-02-12 15:56 - 2019-02-12 15:56 - 000654216 _____ () c:\program files\avast software\avast\streamback.dll
2019-02-12 15:56 - 2019-02-12 15:56 - 000321928 _____ () C:\Program Files\AVAST Software\Avast\serialization.dll
2019-01-13 15:26 - 2018-11-15 11:01 - 002712432 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 ____N () C:\Windows\System32\InputHost.dll
2019-01-25 08:34 - 2019-01-25 08:34 - 000054440 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 19:16 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-27 12:48 - 2019-01-27 12:48 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000364032 ____N () C:\Windows\ShellExperiences\ImeStatusNotification.dll
2019-02-13 15:47 - 2019-02-05 21:25 - 002185728 ____C () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-12 19:16 - 2018-12-08 02:33 - 002060288 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2018-12-12 19:16 - 2018-12-08 02:34 - 000755200 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSLoc_OneCore.DLL
2019-02-12 15:46 - 2019-02-12 15:46 - 028028416 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-02-06 22:28 - 2019-02-06 22:28 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-04-12 04:24 - 2018-04-12 04:24 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2019-01-15 13:58 - 2019-01-15 13:58 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-06 22:28 - 2019-02-06 22:28 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-02-06 22:28 - 2019-02-06 22:28 - 009338368 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2016-09-19 04:02 - 2016-09-19 04:02 - 000163336 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-09-19 07:13 - 2016-09-19 07:13 - 000849928 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2018-05-28 20:00 - 2018-05-28 20:00 - 004696880 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2019-01-08 01:25 - 2019-01-08 01:25 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-01-31 11:59 - 2019-01-31 11:59 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2019-01-15 13:49 - 2019-01-15 13:49 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 11:59 - 2019-01-31 11:59 - 001757696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2019-01-31 11:33 - 2019-01-31 11:34 - 000015872 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.exe
2019-01-31 11:33 - 2019-01-31 11:34 - 006290944 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.dll
2019-01-31 11:33 - 2019-01-31 11:34 - 002361528 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2019-01-15 13:53 - 2019-01-15 13:53 - 004217344 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1811.3241.0_x64__8wekyb3d8bbwe\Time.exe
2019-01-15 13:49 - 2019-01-15 13:49 - 004380232 _____ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18003.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-15 13:53 - 2019-01-15 13:53 - 000957440 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1811.3241.0_x64__8wekyb3d8bbwe\TimeControls.dll
2019-01-15 13:53 - 2019-01-15 13:53 - 000754688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1811.3241.0_x64__8wekyb3d8bbwe\TimeBackground.dll
2019-02-12 15:45 - 2019-02-12 15:45 - 000017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2019-02-12 15:45 - 2019-02-12 15:45 - 016974848 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2019-01-13 21:54 - 2019-01-13 21:54 - 005391752 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2018-04-12 04:21 - 2018-04-12 04:21 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2019-01-15 13:49 - 2019-01-15 13:49 - 004220928 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
2019-01-15 13:56 - 2019-01-15 13:57 - 001436760 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2018-07-11 12:53 - 2018-06-15 12:30 - 001308672 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2018-07-11 12:52 - 2018-06-15 12:55 - 000542888 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 001348664 ____N () C:\WINDOWS\system32\FaceTrackerInternal.dll
2016-09-19 07:13 - 2016-09-19 07:13 - 000072712 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2Toast.exe
2019-02-06 12:25 - 2019-02-06 12:26 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-02-06 12:25 - 2019-02-06 12:26 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2019-01-15 13:54 - 2019-01-15 13:55 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-02-06 12:25 - 2019-02-06 12:26 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-18 17:22 - 2019-01-18 17:23 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-02-06 12:25 - 2019-02-06 12:26 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-02-06 12:25 - 2019-02-06 12:26 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2019-01-15 13:54 - 2019-01-15 13:55 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2019-01-15 13:54 - 2019-01-15 13:55 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-15 13:55 - 2019-01-15 13:55 - 000016384 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.exe
2019-01-15 13:55 - 2019-01-15 13:55 - 034701824 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.dll
2018-04-12 04:22 - 2018-04-12 04:22 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-12 04:22 - 2018-04-12 04:22 - 001651112 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\winsdkfb.dll
2019-02-06 22:28 - 2019-02-06 22:28 - 025359360 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\Music.UI.exe
2019-02-06 22:28 - 2019-02-06 22:28 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-04-12 04:24 - 2018-04-12 04:24 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2019-01-15 13:58 - 2019-01-15 13:58 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-02-06 22:28 - 2019-02-06 22:28 - 006033408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-01-06 20:09 - 2019-01-06 20:09 - 000020480 _____ () C:\Program Files\WindowsApps\6F71D7A7.TouchVPN_1.1.5.0_x64__nsbqstbb9qxb6\Partner.Client.Universal.Touch.exe
2019-01-06 20:09 - 2019-01-06 20:09 - 022004736 _____ () C:\Program Files\WindowsApps\6F71D7A7.TouchVPN_1.1.5.0_x64__nsbqstbb9qxb6\Partner.Client.Universal.Touch.dll
2018-04-12 04:22 - 2018-04-12 04:22 - 000258560 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-08-30 03:19 - 2016-08-30 03:19 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-03-10 12:45 - 2019-02-04 21:19 - 000305488 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\IEAWSDC.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-236146839-932208297-861440787-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-236146839-932208297-861440787-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 ____C C:\WINDOWS\system32\drivers\etc\hosts
2019-02-12 18:42 - 2019-02-13 03:21 - 000000444 ____C C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Users\Cosmos\introcs\java\bin;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\nodejs\;C:\ProgramData\chocolatey\bin;C:\Program Files\Git\cmd
HKU\S-1-5-21-236146839-932208297-861440787-1001\Control Panel\Desktop\\Wallpaper -> E:\Second HDD\Photos\Random Photos\Rayann-Elzein-IMG_9231_1420409331_lg.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: CmdAgent => 2
MSCONFIG\Services: cmdvirth => 3
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: isesrv => 2
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKU\S-1-5-21-236146839-932208297-861440787-1001\...\StartupApproved\Run: => "Web Companion"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe (Microsoft Windows -> )
FirewallRules: [{424C96A8-D73A-4237-9A0C-A756417DA3C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A52E2A55-DC99-467E-8358-543B4D8260C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{430B4723-50D3-4B4C-945D-FD8A45A90693}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F08B9643-C2EC-46E3-B50C-DFA89F1B7487}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{16CDBD14-5A1D-469D-93B7-DDA7DDA8CD07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{96C4747E-43AA-46C6-9C1C-6CCC7F6A9389}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CBA2F644-F0B2-4E3E-8942-B0CA4938BE21}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{06E5BFAA-D5C7-4196-9BCB-DFF8C9356389}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4F4BF54C-0CB3-4A4A-974F-18A82C286CF0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B0028E51-5E4A-4ADA-A2D5-301AE42F9D14}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [UDP Query User{749405AF-0A77-4732-ABE7-99BFD81D26EB}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe (Node.js Foundation -> Node.js)
FirewallRules: [{67352F15-A428-403E-95B0-5A34E725BC79}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1F1BF54E-2996-4C20-A82B-D6A7588081BC}] => (Allow) C:\Users\Cosmos\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.)
FirewallRules: [{93FFFDED-55E9-47AF-80B8-E61EEF59360C}] => (Allow) C:\Users\Cosmos\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.)
FirewallRules: [{AE212A2D-31D0-47AB-BC8F-F792E642C251}] => (Allow) LPort=12292
FirewallRules: [{CC34F753-BFBD-429F-9241-38515E3CB885}] => (Allow) C:\Program Files (x86)\TOSHIBA\Storage Backup Software\TosHDDBkupSvc.exe (Toshiba Electronic Devices & Storage Corporation -> Toshiba Electronic Devices & Storage Corporation)
FirewallRules: [{24BBCEF2-2237-4302-BAC9-9D4A9131C6B8}] => (Allow) C:\Program Files (x86)\TOSHIBA\Storage Backup Software\TosHDDBkup.exe (Toshiba Electronic Devices & Storage Corporation -> Toshiba Electronic Devices & Storage Corporation)
FirewallRules: [{352615CC-5A06-424E-B338-3DAE89AC7E18}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{9C0C74B5-2CE7-4E64-A472-CE528F1094C1}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{076D0156-66D1-4F61-B1ED-48D06D18D1F7}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{66C59C54-233C-4844-8C9F-4CCBC62BBD12}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
==================== Restore Points =========================
12-02-2019 00:45:15 Windows Update
15-02-2019 03:34:07 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2019 02:25:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: XboxApp.exe, version: 44.44.1808.7002, time stamp: 0x5b69e9d4
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17134.556, time stamp: 0xd94c4e1e
Exception code: 0xc000027b
Fault offset: 0x00000000006a6082
Faulting process id: 0x20e0
Faulting application start time: 0x01d4c50caa9f7543
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: e9eb3ccc-3395-4a26-bfe2-6f41d4240bbd
Faulting package full name: Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.XboxApp
Error: (02/15/2019 02:25:25 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-N0KELHM)
Description: httphttp-2147467263
Error: (02/15/2019 01:55:10 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-N0KELHM)
Description: httphttp-2147467263
Error: (02/15/2019 12:15:12 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-N0KELHM)
Description: httphttp-2147467263
Error: (02/14/2019 09:32:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (02/14/2019 09:32:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {809e5625-fb2a-4312-8fbb-a294ae3939ac}
Error: (02/14/2019 09:31:36 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-N0KELHM)
Description: Application or service 'ServiceHub.Host.CLR.x86' could not be shut down.
Error: (02/14/2019 09:31:36 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-N0KELHM)
Description: Application or service 'ServiceHub.Host.CLR.x86' could not be shut down.
System errors:
=============
Error: (02/15/2019 06:41:56 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (02/15/2019 03:42:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/15/2019 05:24:03 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N0KELHM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-N0KELHM\Cosmos SID (S-1-5-21-236146839-932208297-861440787-1001) from address LocalHost (Using LRPC) running in the application container 6F71D7A7.TouchVPN_1.1.5.0_x64__nsbqstbb9qxb6 SID (S-1-15-2-869163059-1331596548-2745378679-3168885343-456563130-3781732990-1292954759). This security permission can be modified using the Component Services administrative tool.
Error: (02/15/2019 05:23:56 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.
Error: (02/15/2019 05:23:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N0KELHM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-N0KELHM\Cosmos SID (S-1-5-21-236146839-932208297-861440787-1001) from address LocalHost (Using LRPC) running in the application container 6F71D7A7.TouchVPN_1.1.5.0_x64__nsbqstbb9qxb6 SID (S-1-15-2-869163059-1331596548-2745378679-3168885343-456563130-3781732990-1292954759). This security permission can be modified using the Component Services administrative tool.
Error: (02/15/2019 03:40:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/15/2019 03:35:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (02/15/2019 03:34:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070641: 2019-02 Update for Windows 10 Version 1803 for x64-based Systems (KB4023057).
Windows Defender:
===================================
Date: 2019-01-06 23:47:07.195
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {377EE1DE-9490-40B8-A1CF-FF6638FEE9BF}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-01-06 23:17:03.855
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E15F9372-0AF4-4C34-840A-52B0623DFAA4}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-01-06 23:06:28.211
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A2C0CC0B-40DA-4D44-A546-E372476924A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-01-06 22:52:26.538
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4BBA57FB-A797-4D32-9531-BAAA54AF0ED7}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-01-06 22:34:01.358
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4D3E20E4-D3D9-4AB6-A6F3-9636CD67CC13}
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===================================
Date: 2019-02-15 18:44:27.626
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-02-15 18:40:45.320
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-02-15 18:27:38.809
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-02-15 15:40:29.306
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-02-15 15:27:28.724
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-02-15 15:12:28.627
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-02-15 15:11:35.819
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-02-15 15:09:42.110
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 72%
Total physical RAM: 12156.13 MB
Available physical RAM: 3358.08 MB
Total Virtual: 33660.13 MB
Available Virtual: 21160.36 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:237.36 GB) (Free:102.65 GB) NTFS
Drive d: (EOS_DIGITAL) (Removable) (Total:59.45 GB) (Free:34.72 GB) exFAT
Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:518.8 GB) NTFS
\\?\Volume{e96ac4ba-4f7e-4ae9-ad2f-807f58b3dd67}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.61 GB) NTFS
\\?\Volume{9a045f29-b0cc-48d7-9fae-1a0b7661c5be}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 65034BF4)
Partition: GPT.
========================================================
Disk: 1 (Protective MBR) (Size: 59.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A9E8F1B8)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
-
February 17th, 2019, 07:50 PM
#7
FRST produces 2 logs.
You posted only one.
-
February 17th, 2019, 09:04 PM
#8
Sorry!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.02.2019
Ran by Cosmos (administrator) on DESKTOP-N0KELHM (15-02-2019 18:42:47)
Running from C:\Users\Cosmos\Downloads\Antivirus\FRST
Loaded Profiles: Cosmos (Available Profiles: defaultuser0 & Cosmos)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\IntelCpHDCPSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Toshiba Electronic Devices & Storage Corporation) C:\Program Files (x86)\TOSHIBA\Storage Backup Software\TosHDDBkupSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxEM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19011.11311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1811.3241.0_x64__8wekyb3d8bbwe\Time.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\plugins\ColorIntelligence\CACE.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_140ca414b7e07d19\igfxext.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2Toast.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\IME\shared\ImeBroker.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.XboxApp_44.44.7002.0_x64__8wekyb3d8bbwe\XboxApp.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\6F71D7A7.TouchVPN_1.1.5.0_x64__nsbqstbb9qxb6\Partner.Client.Universal.Touch.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKU\S-1-5-21-236146839-932208297-861440787-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-236146839-932208297-861440787-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe [726864 2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
Startup: C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-02-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{2EEEE076-F2FA-46A9-942E-70ED200204C8}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{46D72490-E6CD-4C06-AD4B-122C7770EA54}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7DABEE12-949B-4A07-A6CF-7B5A10D80893}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{855061C6-C34F-4F69-8CA4-5D2C6AA760A8}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{9FAAB16B-BA73-46A8-A583-C8EA2F3E8B31}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{ABFA52FE-2B4E-4B41-8D47-64D05EFD7CCD}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{c5e81bab-cd9f-478e-99ba-64ab89bd76e3}: [DhcpNameServer] 209.18.47.63 209.18.47.61
Tcpip\..\Interfaces\{f2308bda-f462-438b-8517-2a617de8ff9f}: [DhcpNameServer] 10.66.184.1
Internet Explorer:
==================
HKU\S-1-5-21-236146839-932208297-861440787-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://weather.com/
HKU\S-1-5-21-236146839-932208297-861440787-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-236146839-932208297-861440787-1001 -> DefaultScope {CE82ECFF-5ACE-4A9B-93C0-3061D7C90A95} URL =
SearchScopes: HKU\S-1-5-21-236146839-932208297-861440787-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D020219-N0700A9FCDBB39EF&form=CONBDF&conlogo=CT3335799&q={searchTerms}
SearchScopes: HKU\S-1-5-21-236146839-932208297-861440787-1001 -> {87390958-03D4-4406-944A-86362636AB19} URL =
SearchScopes: HKU\S-1-5-21-236146839-932208297-861440787-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo&type=10555005_11.0.0.6744_i_ds
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-02-07] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-07] ()
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
-
February 17th, 2019, 09:05 PM
#9
FireFox:
========
FF DefaultProfile: zmdhmrev.default
FF ProfilePath: C:\Users\Cosmos\AppData\Roaming\Mozilla\Firefox\Profiles\zmdhmrev.default [2019-02-15]
FF Homepage: Mozilla\Firefox\Profiles\zmdhmrev.default -> hxxp://www.bing.com/?pc=COSP&ptag=D020219-N0600A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
FF NewTab: Mozilla\Firefox\Profiles\zmdhmrev.default -> hxxp://www.bing.com/?pc=COSP&ptag=D020219-N0600A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
FF Extension: (Firefox Lightbeam) - C:\Users\Cosmos\AppData\Roaming\Mozilla\Firefox\Profiles\zmdhmrev.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2019-02-12]
FF Extension: (Avast Online Security) - C:\Users\Cosmos\AppData\Roaming\Mozilla\Firefox\Profiles\zmdhmrev.default\Extensions\wrc@avast.com.xpi [2019-01-08]
FF Extension: (Web of Trust) - C:\Users\Cosmos\AppData\Roaming\Mozilla\Firefox\Profiles\zmdhmrev.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2019-01-07]
FF SearchPlugin: C:\Users\Cosmos\AppData\Roaming\Mozilla\Firefox\Profiles\zmdhmrev.default\searchplugins\bing-lavasoft-ff59.xml [2019-02-01]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-01-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-27] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [369264 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2019-02-05] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013496 2019-01-28] (Microsoft Corporation -> Microsoft Corporation)
S4 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10747264 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
S4 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-12-17] (Comodo Security Solutions, Inc. -> COMODO)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163336 2016-09-19] (Dolby Laboratories, Inc. -> )
S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2276616 2018-12-05] (Comodo Security Solutions, Inc. -> Comodo)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26576 2016-09-19] (Intel(R) CN -> Intel Corporation)
S4 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1199816 2018-04-24] (Comodo Security Solutions, Inc. -> COMODO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-08-30] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [466224 2018-03-09] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [508208 2018-03-09] (Acer Incorporated -> Acer Incorporated)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] (Microsoft Windows -> )
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286720 2018-09-07] (Microsoft Windows -> Microsoft Corporation)
R2 toshddbkupsvc; C:\Program Files (x86)\TOSHIBA\Storage Backup Software\TosHDDBkupSvc.exe [2136568 2018-06-20] (Toshiba Electronic Devices & Storage Corporation -> Toshiba Electronic Devices & Storage Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18736 2018-09-06] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205400 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [225680 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196072 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320696 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [57960 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167304 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [519872 2019-02-13] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034432 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474456 2019-02-15] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216784 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [379952 2019-02-12] (AVAST Software s.r.o. -> AVAST Software)
S3 BrSerIb; C:\WINDOWS\System32\drivers\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BrSerId; C:\WINDOWS\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\WINDOWS\System32\drivers\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [17944 2018-05-23] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [44056 2018-05-23] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [832032 2018-05-23] (Comodo Security Solutions, Inc. -> COMODO)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 ETDI2C; C:\WINDOWS\System32\drivers\ETDI2C.sys [217688 2016-08-17] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
S0 ijbsgx; no ImagePath
R2 IntelHaxm; C:\WINDOWS\system32\DRIVERS\IntelHaxm.sys [126064 2017-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37104 2018-05-09] (Intel Corporation -> Intel Corporation)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [63200 2017-12-12] (Comodo Security Solutions, Inc. -> COMODO)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-02-15] (Malwarebytes Corporation -> Malwarebytes)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_8ed00d842392588b\nvlddmkm.sys [17213832 2018-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [45152 2018-10-04] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2360048 2018-08-29] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-04] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [236048 2018-12-18] (Oracle Corporation -> Oracle Corporation)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel(R) Software -> Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [51536 2018-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-15 12:48 - 2019-02-15 14:26 - 000000000 ___DC C:\Users\Cosmos\Documents\Main
2019-02-15 04:37 - 2019-02-15 04:37 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2019-02-15 04:31 - 2019-02-15 04:37 - 000000000 ___DC C:\Users\Cosmos\Anaconda3
2019-02-15 04:27 - 2019-02-15 04:30 - 644094168 ____C (Anaconda, Inc.) C:\Users\Cosmos\Downloads\Anaconda3-2018.12-Windows-x86_64.exe
2019-02-15 04:22 - 2019-02-15 04:24 - 684396431 ____C C:\Users\Cosmos\Downloads\Anaconda3-2018.12-MacOSX-x86_64.pkg
2019-02-15 04:10 - 2019-02-15 05:24 - 3011225138 ____C C:\Users\Cosmos\Downloads\Windows_7_64-bit_Professional_x64.iso.t8mcc7z.partial
2019-02-15 04:10 - 2019-02-15 04:10 - 000000000 ____C C:\Users\Cosmos\Downloads\Windows_7_64-bit_Professional_x64.iso
2019-02-15 02:02 - 2019-02-15 13:02 - 000000000 ___DC C:\Users\Cosmos\Documents\Sound recordings
2019-02-15 00:11 - 2019-02-15 00:11 - 000002951 ____C C:\Users\Cosmos\AppData\LocalLow\wbkAF05.tmp
2019-02-14 23:48 - 2019-02-14 23:48 - 000031000 ____C C:\Users\Cosmos\Downloads\font-awesome.min.css
2019-02-14 23:13 - 2019-02-15 00:11 - 000002951 ____C C:\Users\Cosmos\Desktop\Welcome to Japnese Suicide Forest (2).html
2019-02-14 23:12 - 2019-02-14 23:39 - 000000366 ____C C:\Users\Cosmos\Desktop\Welcome to Japnese Suicide Forest.html
2019-02-14 22:59 - 2019-02-14 22:59 - 000019222 ____C C:\Users\Cosmos\Desktop\later.txt
2019-02-14 21:34 - 2019-02-14 21:34 - 000000000 ___DC C:\Users\Cosmos\PycharmProjects
2019-02-14 21:33 - 2019-02-14 21:33 - 000000000 ___DC C:\Users\Cosmos\.PyCharmCE2018.3
2019-02-14 19:40 - 2019-02-14 19:40 - 000000547 ____C C:\Users\Cosmos\Desktop\accounts via email.txt
2019-02-14 19:40 - 2019-02-14 19:40 - 000000014 ____C C:\Users\Cosmos\Desktop\widgit!!!.txt
2019-02-14 13:02 - 2019-02-15 03:30 - 000261032 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-02-14 13:01 - 2019-02-14 13:01 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2019-02-14 13:00 - 2019-02-14 21:33 - 000001246 ____C C:\Users\Cosmos\Desktop\JetBrains PyCharm Community Edition 2018.3.4 x64.lnk
2019-02-14 13:00 - 2019-02-14 13:00 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\JetBrains
2019-02-14 12:52 - 2019-02-14 12:52 - 000000000 ___DC C:\Users\Cosmos\Documents\CoffeeCup Software
2019-02-14 02:26 - 2019-02-14 19:39 - 000000000 ___DC C:\Users\Cosmos\Desktop\SQL
2019-02-14 02:24 - 2019-02-14 02:24 - 000001324 ____C C:\Users\Cosmos\Desktop\Medical Coding.html
2019-02-14 00:50 - 2019-02-14 00:50 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Macromedia
2019-02-13 22:05 - 2019-02-13 22:05 - 000001036 ____C C:\Users\Cosmos\Desktop\Structured Query Language.txt
2019-02-13 19:49 - 2019-02-13 20:15 - 218616696 ____C C:\Users\Cosmos\Downloads\pycharm-community-2018.3.4.exe
2019-02-13 15:47 - 2019-02-06 02:54 - 004527584 ____C (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-13 15:47 - 2019-02-06 02:53 - 001634704 ____C (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-13 15:47 - 2019-02-06 02:35 - 000058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-13 15:47 - 2019-02-06 02:32 - 003648512 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-13 15:47 - 2019-02-06 02:30 - 004052992 ____C (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-13 15:47 - 2019-02-06 02:30 - 001662464 ____C (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-13 15:47 - 2019-02-06 02:30 - 001364992 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-13 15:47 - 2019-02-06 02:11 - 001454648 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-13 15:47 - 2019-02-06 01:57 - 000044032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-13 15:47 - 2019-02-06 01:52 - 004053504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-13 15:47 - 2019-02-06 01:52 - 002891776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-13 15:47 - 2019-02-06 01:52 - 001470976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-13 15:47 - 2019-02-05 22:01 - 001989040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-13 15:47 - 2019-02-05 22:01 - 001221432 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-13 15:47 - 2019-02-05 22:01 - 001029944 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-13 15:47 - 2019-02-05 22:01 - 000720480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-13 15:47 - 2019-02-05 22:01 - 000566568 ____C (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-13 15:47 - 2019-02-05 22:01 - 000134968 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-13 15:47 - 2019-02-05 22:01 - 000076088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-13 15:47 - 2019-02-05 22:01 - 000033576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-13 15:47 - 2019-02-05 22:00 - 009084432 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-13 15:47 - 2019-02-05 22:00 - 007520112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 15:47 - 2019-02-05 22:00 - 006572416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 15:47 - 2019-02-05 22:00 - 002719760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-13 15:47 - 2019-02-05 22:00 - 002465792 ____C (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-13 15:47 - 2019-02-05 22:00 - 002421264 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-13 15:47 - 2019-02-05 22:00 - 001257904 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-13 15:47 - 2019-02-05 22:00 - 001140680 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-13 15:47 - 2019-02-05 22:00 - 001130568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-13 15:47 - 2019-02-05 22:00 - 001098272 ____C (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-13 15:47 - 2019-02-05 22:00 - 000945680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-13 15:47 - 2019-02-05 22:00 - 000899728 ____C (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-13 15:47 - 2019-02-05 22:00 - 000466960 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-13 15:47 - 2019-02-05 22:00 - 000376120 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-13 15:47 - 2019-02-05 22:00 - 000043536 ____C (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-13 15:47 - 2019-02-05 22:00 - 000038792 ____C (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-13 15:47 - 2019-02-05 21:59 - 001922064 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-13 15:47 - 2019-02-05 21:59 - 001457248 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-13 15:47 - 2019-02-05 21:59 - 000983128 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-13 15:47 - 2019-02-05 21:59 - 000144288 ____C (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-13 15:47 - 2019-02-05 21:52 - 022014464 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-13 15:47 - 2019-02-05 21:45 - 019404288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-13 15:47 - 2019-02-05 21:42 - 003711488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-13 15:47 - 2019-02-05 21:41 - 025853952 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-13 15:47 - 2019-02-05 21:41 - 005307392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-13 15:47 - 2019-02-05 21:40 - 005792256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-13 15:47 - 2019-02-05 21:40 - 000021504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-13 15:47 - 2019-02-05 21:38 - 000608768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-13 15:47 - 2019-02-05 21:38 - 000561152 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-13 15:47 - 2019-02-05 21:37 - 004515840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-13 15:47 - 2019-02-05 21:37 - 000578560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-13 15:47 - 2019-02-05 21:33 - 022714880 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-13 15:47 - 2019-02-05 21:29 - 004865536 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-13 15:47 - 2019-02-05 21:28 - 000046080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-13 15:47 - 2019-02-05 21:28 - 000039936 ____C (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-13 15:47 - 2019-02-05 21:27 - 000894464 ____C (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-13 15:47 - 2019-02-05 21:27 - 000808448 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-13 15:47 - 2019-02-05 21:27 - 000358912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-13 15:47 - 2019-02-05 21:27 - 000266752 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-13 15:47 - 2019-02-05 21:26 - 007599616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-13 15:47 - 2019-02-05 21:26 - 000726528 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-13 15:47 - 2019-02-05 21:26 - 000324608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-13 15:47 - 2019-02-05 21:26 - 000174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-13 15:47 - 2019-02-05 21:26 - 000154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-13 15:47 - 2019-02-05 21:25 - 000736256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-13 15:47 - 2019-02-05 21:25 - 000507392 ____C (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-13 15:47 - 2019-02-05 21:24 - 004937728 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-13 15:47 - 2019-02-05 21:24 - 000466432 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-13 15:47 - 2019-02-05 21:23 - 000393216 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-13 15:47 - 2019-02-05 21:22 - 000960512 ____C (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-13 15:47 - 2019-02-05 21:22 - 000885760 ____C (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-13 15:47 - 2019-02-05 21:21 - 000093696 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-13 15:47 - 2019-02-05 20:04 - 000001314 ____C C:\WINDOWS\system32\tcbres.wim
2019-02-13 15:47 - 2019-01-12 03:56 - 001008640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 15:47 - 2019-01-11 21:28 - 000352768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-13 15:47 - 2019-01-09 13:08 - 000309560 ____C (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-13 15:47 - 2019-01-09 12:57 - 000720536 ____C (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-13 15:47 - 2019-01-09 12:42 - 004716032 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-13 15:47 - 2019-01-09 12:41 - 012730368 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-13 15:47 - 2019-01-09 12:41 - 000064000 ____C (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-13 15:47 - 2019-01-09 12:40 - 000171520 ____C (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-13 15:47 - 2019-01-09 12:36 - 001054720 ____C (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-13 15:47 - 2019-01-09 12:35 - 002919936 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-13 15:47 - 2019-01-09 05:14 - 000607744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-13 15:47 - 2019-01-09 04:55 - 011919872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-13 15:47 - 2019-01-09 04:55 - 000150016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-13 15:47 - 2019-01-09 03:55 - 001285432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-13 15:47 - 2019-01-09 03:48 - 000527368 ____C (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-13 15:47 - 2019-01-09 00:59 - 000611848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-13 15:47 - 2019-01-09 00:44 - 000078688 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-13 15:47 - 2019-01-09 00:43 - 006043496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-13 15:47 - 2019-01-09 00:43 - 004789944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-13 15:47 - 2019-01-09 00:43 - 002253480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-13 15:47 - 2019-01-09 00:43 - 001981280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-13 15:47 - 2019-01-09 00:43 - 001620264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-13 15:47 - 2019-01-09 00:43 - 000607376 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-13 15:47 - 2019-01-09 00:43 - 000581592 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-13 15:47 - 2019-01-09 00:43 - 000287640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-13 15:47 - 2019-01-09 00:43 - 000129088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-13 15:47 - 2019-01-09 00:43 - 000127744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-13 15:47 - 2019-01-09 00:43 - 000071456 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-13 15:47 - 2019-01-09 00:42 - 001035232 ____C (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-13 15:47 - 2019-01-09 00:42 - 000092704 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-13 15:47 - 2019-01-09 00:40 - 002765336 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-13 15:47 - 2019-01-09 00:40 - 001063224 ____C (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-13 15:47 - 2019-01-09 00:40 - 000432952 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-13 15:47 - 2019-01-09 00:40 - 000226104 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-13 15:47 - 2019-01-09 00:40 - 000090872 ____C (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-13 15:47 - 2019-01-09 00:39 - 007436016 ____C (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-13 15:47 - 2019-01-09 00:39 - 004404720 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-13 15:47 - 2019-01-09 00:39 - 002571632 ____C (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-13 15:47 - 2019-01-09 00:39 - 001943128 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-13 15:47 - 2019-01-09 00:39 - 000789696 ____C (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-13 15:47 - 2019-01-09 00:39 - 000713264 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-13 15:47 - 2019-01-09 00:39 - 000349656 ____C (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-13 15:47 - 2019-01-09 00:39 - 000269624 ____C (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-13 15:47 - 2019-01-09 00:39 - 000260800 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-13 15:47 - 2019-01-09 00:39 - 000175416 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-13 15:47 - 2019-01-09 00:39 - 000164192 ____C (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-13 15:47 - 2019-01-09 00:39 - 000085472 ____C (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-13 15:47 - 2019-01-09 00:33 - 016597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-13 15:47 - 2019-01-09 00:32 - 013878272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 15:47 - 2019-01-09 00:29 - 008188928 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-13 15:47 - 2019-01-09 00:29 - 002500096 ____C (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-13 15:47 - 2019-01-09 00:27 - 004710912 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-13 15:47 - 2019-01-09 00:27 - 004384256 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-13 15:47 - 2019-01-09 00:27 - 001587712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-13 15:47 - 2019-01-09 00:26 - 006661632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 15:47 - 2019-01-09 00:26 - 003396608 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-13 15:47 - 2019-01-09 00:26 - 002966016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-13 15:47 - 2019-01-09 00:25 - 000161792 ____C (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-13 15:47 - 2019-01-09 00:24 - 000209408 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-13 15:47 - 2019-01-09 00:24 - 000174080 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 15:47 - 2019-01-09 00:24 - 000157184 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-13 15:47 - 2019-01-09 00:23 - 002368000 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-13 15:47 - 2019-01-09 00:23 - 001708544 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-13 15:47 - 2019-01-09 00:23 - 001361408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-13 15:47 - 2019-01-09 00:23 - 001189888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-13 15:47 - 2019-01-09 00:23 - 000898560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-13 15:47 - 2019-01-09 00:23 - 000145920 ____C (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-13 15:47 - 2019-01-09 00:23 - 000100864 ____C (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-13 15:47 - 2019-01-09 00:23 - 000067072 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 15:47 - 2019-01-09 00:22 - 001551360 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 15:47 - 2019-01-09 00:22 - 001395200 ____C (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-13 15:47 - 2019-01-09 00:22 - 000624640 ____C (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-13 15:47 - 2019-01-09 00:22 - 000392704 ____C (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-13 15:47 - 2019-01-09 00:22 - 000333824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-13 15:47 - 2019-01-09 00:22 - 000266752 ____C (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-13 15:47 - 2019-01-09 00:22 - 000138752 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 15:47 - 2019-01-09 00:22 - 000126976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-13 15:47 - 2019-01-09 00:21 - 002173440 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 15:47 - 2019-01-09 00:21 - 000197632 ____C (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-13 15:47 - 2019-01-09 00:21 - 000106496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 15:47 - 2019-01-09 00:20 - 001000448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-13 15:47 - 2019-01-09 00:20 - 000916480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 15:47 - 2019-01-09 00:20 - 000607232 ____C (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-13 15:47 - 2019-01-09 00:20 - 000135680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-13 15:47 - 2019-01-09 00:19 - 000678400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 15:47 - 2019-01-09 00:19 - 000507392 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-13 15:47 - 2019-01-09 00:19 - 000316928 ____C (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-13 15:47 - 2019-01-09 00:19 - 000251904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-13 15:47 - 2019-01-09 00:18 - 000195584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-13 15:47 - 2019-01-08 23:34 - 000806320 ____C C:\WINDOWS\SysWOW64\locale.nls
2019-02-13 15:47 - 2019-01-08 23:34 - 000806320 ____C C:\WINDOWS\system32\locale.nls
-
February 17th, 2019, 09:06 PM
#10
2019-02-13 15:47 - 2019-01-08 04:08 - 000868864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 15:47 - 2019-01-07 22:06 - 001311744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-13 15:47 - 2019-01-07 22:06 - 000313344 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-13 15:47 - 2019-01-07 22:06 - 000000072 ____C C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-13 06:22 - 2019-02-13 06:22 - 000519872 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2019-02-13 00:57 - 2019-02-13 14:11 - 002256896 ____C C:\Users\Cosmos\Documents\Assest Tracking.accdb
2019-02-13 00:57 - 2017-12-21 15:05 - 000566546 ____C C:\Users\Cosmos\Documents\Asset tracking.accdt
2019-02-12 22:09 - 2019-02-15 18:43 - 000003542 ____C C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-12 22:09 - 2019-02-12 22:09 - 000002457 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-12 22:09 - 2019-02-12 22:09 - 000002128 ____C C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2019-02-12 22:08 - 2019-02-12 22:08 - 000000000 ___DC C:\Program Files (x86)\Adobe
2019-02-12 22:07 - 2019-02-13 22:00 - 000000000 ___DC C:\ProgramData\Adobe
2019-02-12 22:05 - 2019-02-12 23:53 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Adobe
2019-02-12 21:47 - 2019-02-12 21:47 - 000000000 ___HC C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2019-02-12 18:42 - 2019-02-13 03:21 - 000000444 ____C C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-02-12 18:22 - 2019-02-12 18:22 - 000000000 ___DC C:\Users\Cosmos\obj
2019-02-12 17:30 - 2019-02-12 17:39 - 000000000 ___DC C:\Users\Cosmos\myWebApp
2019-02-12 17:25 - 2019-02-12 17:25 - 000002003 ____C C:\Users\Cosmos\Startup.cs
2019-02-12 17:25 - 2019-02-12 17:25 - 000000628 ____C C:\Users\Cosmos\Program.cs
2019-02-12 17:25 - 2019-02-12 17:25 - 000000413 ____C C:\Users\Cosmos\Cosmos.csproj
2019-02-12 17:25 - 2019-02-12 17:25 - 000000146 ____C C:\Users\Cosmos\appsettings.Development.json
2019-02-12 17:25 - 2019-02-12 17:25 - 000000105 ____C C:\Users\Cosmos\appsettings.json
2019-02-12 17:25 - 2019-02-12 17:25 - 000000000 ___DC C:\Users\Cosmos\wwwroot
2019-02-12 17:25 - 2019-02-12 17:25 - 000000000 ___DC C:\Users\Cosmos\Properties
2019-02-12 17:25 - 2019-02-12 17:25 - 000000000 ___DC C:\Users\Cosmos\Pages
2019-02-12 16:27 - 2019-02-13 13:39 - 000000000 ___DC C:\Users\Cosmos\Documents\OneNote Notebooks
2019-02-12 15:56 - 2019-02-12 15:56 - 000362888 ____C (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-02-12 12:18 - 2019-02-15 14:45 - 000000000 ___DC C:\Users\Cosmos\Documents\Reporting
2019-02-12 12:18 - 2019-02-12 12:18 - 000000000 ___DC C:\Users\Cosmos\Documents\work for yusuf
2019-02-11 17:58 - 2019-02-11 17:58 - 000000931 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2019-02-11 17:58 - 2019-02-11 17:58 - 000000000 ___DC C:\Program Files\Sublime Text 3
2019-02-11 17:55 - 2019-02-11 17:55 - 000001958 ____C C:\Users\Public\Desktop\Storage Backup Software.lnk
2019-02-11 17:55 - 2019-02-11 17:55 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2019-02-11 17:55 - 2019-02-11 17:55 - 000000000 ___DC C:\Program Files (x86)\TOSHIBA
2019-02-11 17:53 - 2019-02-11 17:54 - 009475672 ____C (Toshiba Electronic Devices & Storage Corporation) C:\Users\Cosmos\Downloads\StorageBackupSoftware_1.21.7820.exe
2019-02-11 17:52 - 2019-02-11 17:52 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\U3
2019-02-11 15:00 - 2017-12-21 15:32 - 000935105 ____C C:\Users\Cosmos\Documents\Task management.accdt
2019-02-11 00:56 - 2019-02-13 00:15 - 000000388 ____C C:\Users\Cosmos\Desktop\future wife - nurse.txt
2019-02-10 18:29 - 2018-04-10 21:10 - 007242240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0011.dll
2019-02-10 18:29 - 2018-04-10 21:10 - 002454528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0011.dll
2019-02-10 18:29 - 2018-04-10 21:10 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70011.dll
2019-02-10 18:29 - 2018-04-10 21:09 - 007702016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0011.dll
2019-02-10 18:29 - 2018-04-10 21:05 - 007406080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0011.dll
2019-02-10 18:29 - 2018-04-10 21:05 - 000712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70011.dll
2019-02-10 18:29 - 2017-10-29 18:10 - 000002060 _____ C:\WINDOWS\system32\noise.jpn
2019-02-09 15:53 - 2019-02-09 15:53 - 000000000 ___DC C:\Users\Cosmos\Desktop\Italiana
2019-02-08 22:18 - 2019-02-08 22:18 - 000000160 ____C C:\Users\Cosmos\Desktop\ol and li.html
2019-02-08 22:02 - 2019-02-08 22:03 - 000588153 ____C C:\Users\Cosmos\Downloads\13455212.txt
2019-02-08 18:40 - 2019-02-15 14:29 - 000000000 ___DC C:\Users\Cosmos\Documents\Prior to 2 Feb 2019
2019-02-08 18:39 - 2019-02-15 14:45 - 000000000 ___DC C:\Users\Cosmos\Documents\2 Feb 2019
2019-02-08 18:39 - 2019-02-08 18:39 - 000000084 ____C C:\Users\Cosmos\Desktop\remmebering watersheds.txt
2019-02-08 18:00 - 2019-02-08 18:00 - 000018927 ____C C:\Users\Cosmos\AppData\LocalLow\wbk762D.tmp
2019-02-08 15:18 - 2019-02-08 15:18 - 000000149 ____C C:\Users\Cosmos\Desktop\writing a book.txt
2019-02-07 21:30 - 2019-02-07 21:30 - 000000503 ____C C:\Users\Cosmos\Desktop\genius!.txt
2019-02-07 10:58 - 2019-02-12 12:52 - 000000605 ____C C:\Users\Cosmos\Desktop\test website.html
2019-02-07 10:57 - 2019-02-15 00:12 - 000000715 ____C C:\Users\Cosmos\Desktop\test html.html
2019-02-07 09:02 - 2019-02-07 12:13 - 000000000 ___DC C:\Users\Cosmos\Documents\Visual Studio 2017
2019-02-07 00:56 - 2019-02-07 00:56 - 051108160 ____C C:\Users\Cosmos\Downloads\eclipse-inst-win64.exe
2019-02-07 00:50 - 2019-02-07 00:51 - 000000000 ___DC C:\Users\Cosmos\Desktop\Java
2019-02-07 00:49 - 2019-02-07 00:49 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Sun
2019-02-07 00:48 - 2019-02-07 00:48 - 000099192 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-02-07 00:48 - 2019-02-07 00:48 - 000000000 ___DC C:\ProgramData\Oracle
2019-02-07 00:48 - 2019-02-07 00:48 - 000000000 ___DC C:\Program Files (x86)\Java
2019-02-07 00:47 - 2019-02-07 00:47 - 001962336 ____C (Oracle Corporation) C:\Users\Cosmos\Downloads\JavaSetup8u201.exe
2019-02-07 00:46 - 2019-02-07 00:46 - 014467050 ____C C:\Users\Cosmos\Downloads\drjava-beta-20160913-225446.exe
2019-02-07 00:43 - 2019-02-08 14:48 - 000001208 ____C C:\Users\Cosmos\.drjava
2019-02-07 00:43 - 2019-02-07 00:43 - 000001918 ____C C:\Users\Cosmos\AppData\Local\1
2019-02-07 00:43 - 2019-02-07 00:43 - 000000958 ____C C:\Users\Cosmos\Desktop\DrJava.lnk
2019-02-07 00:43 - 2019-02-07 00:43 - 000000879 ____C C:\Users\Cosmos\Desktop\Command Prompt.lnk
2019-02-07 00:42 - 2019-02-08 14:38 - 000000000 ___DC C:\Users\Cosmos\introcs
2019-02-07 00:42 - 2019-02-07 00:42 - 000358912 ____C (Princeton University) C:\Users\Cosmos\Downloads\introcs.exe
2019-02-07 00:42 - 2019-02-07 00:42 - 000167936 ____C C:\Users\Cosmos\AppData\Local\unzip.exe
2019-02-07 00:42 - 2019-02-07 00:42 - 000015173 ____C C:\Users\Cosmos\AppData\Local\introcs.ps1
2019-02-07 00:29 - 2019-02-07 00:29 - 000000000 ___DC C:\WINDOWS\nn-NO
2019-02-06 12:27 - 2019-02-06 12:27 - 000000000 ____C C:\Users\Cosmos\netstat
2019-02-06 12:08 - 2019-02-15 14:43 - 000000000 ___DC C:\Users\Cosmos\Documents\Networking Folder
2019-02-05 22:44 - 2019-02-05 22:44 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Microsoft Corporation
2019-02-05 22:44 - 2019-02-05 22:44 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Xamarin
2019-02-05 21:01 - 2017-07-12 18:40 - 000126064 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
2019-02-05 21:00 - 2019-02-05 21:00 - 000000000 ___DC C:\Program Files (x86)\Xamarin
2019-02-05 21:00 - 2019-02-05 21:00 - 000000000 ___DC C:\Program Files (x86)\Android
2019-02-05 20:56 - 2019-02-05 20:56 - 000000000 ___DC C:\WINDOWS\symbols
2019-02-05 20:56 - 2019-02-05 20:56 - 000000000 ___DC C:\Program Files\Windows Identity Foundation
2019-02-05 20:56 - 2019-02-05 20:56 - 000000000 ___DC C:\Program Files\Microsoft Identity Extensions
2019-02-05 20:56 - 2019-02-05 20:56 - 000000000 ___DC C:\Program Files (x86)\Workflow Manager Tools
2019-02-05 20:56 - 2019-02-05 20:56 - 000000000 ___DC C:\Program Files (x86)\Open XML SDK
2019-02-05 20:54 - 2019-02-07 18:55 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6
2019-02-05 20:42 - 2019-02-05 20:42 - 000000000 ___DC C:\Program Files\Microsoft ASP.NET Core Runtime Package Store
2019-02-05 20:38 - 2019-02-05 20:38 - 000001796 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017 (3).lnk
2019-02-05 20:33 - 2019-02-05 20:33 - 000001491 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 (3).lnk
2019-02-05 19:12 - 2019-02-05 19:14 - 008905825 ____C C:\Users\Cosmos\Downloads\Brown Simple Church Newsletter.pdf
2019-02-05 17:44 - 2019-02-05 17:44 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office -työkalut
2019-02-05 17:24 - 2019-02-05 17:24 - 000000000 ___DC C:\Users\Cosmos\Documents\node
2019-02-05 15:36 - 2019-02-05 15:36 - 000000600 ____C C:\Users\Cosmos\AppData\Local\PUTTY.RND
2019-02-05 15:27 - 2019-02-05 15:27 - 000000000 ___DC C:\ProgramData\Mozilla
2019-02-05 14:38 - 2019-01-16 20:01 - 000000601 ____C C:\Users\Cosmos\Desktop\Core FTP Server(x64).lnk
2019-02-05 13:26 - 2019-02-05 13:26 - 000000000 ___DC C:\Users\Cosmos\Documents\Custom Office Templates
2019-02-04 01:15 - 2019-02-14 21:27 - 000000000 ___DC C:\Users\Cosmos\Documents\Outlook Files
2019-02-04 01:14 - 2019-02-15 03:36 - 000469876 ____C C:\WINDOWS\system32\perfh006.dat
2019-02-04 01:14 - 2019-02-15 03:36 - 000080688 ____C C:\WINDOWS\system32\perfc006.dat
2019-02-04 01:14 - 2019-02-03 14:13 - 000312234 ____C C:\WINDOWS\system32\perfi006.dat
2019-02-04 01:14 - 2019-02-03 14:13 - 000041338 ____C C:\WINDOWS\system32\perfd006.dat
2019-02-04 01:13 - 2019-02-04 01:13 - 000000000 ___DC C:\WINDOWS\SysWOW64\da
2019-02-04 01:13 - 2019-02-04 01:13 - 000000000 ___DC C:\WINDOWS\system32\da
2019-02-03 23:58 - 2019-02-04 13:25 - 000001399 ____C C:\Users\Cosmos\Desktop\xplorephotographyAbout.html
2019-02-03 23:16 - 2019-02-08 22:19 - 000000000 ___DC C:\Users\Cosmos\Documents\My Web Sites
2019-02-03 23:16 - 2019-02-03 23:16 - 000000000 ___DC C:\Users\Cosmos\Documents\IISExpress
2019-02-03 17:54 - 2019-02-03 17:55 - 007954904 ____C (Tim Kosse) C:\Users\Cosmos\Downloads\FileZilla_3.40.0_win64-setup.exe
2019-02-03 14:44 - 2019-02-05 22:25 - 000000000 ___DC C:\Users\Cosmos\Desktop\Saved Ebay Messages 2-3-2019
2019-02-03 14:08 - 2018-04-10 21:10 - 007046144 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0006.dll
2019-02-02 20:36 - 2019-02-07 18:56 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Package Cache
2019-02-02 20:36 - 2019-02-06 18:29 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
2019-02-02 00:51 - 2019-02-15 18:43 - 000003818 ____C C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-02-01 22:44 - 2019-02-05 18:05 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\uTorrent Web
2019-02-01 22:44 - 2019-02-01 22:44 - 000001888 ____C C:\Users\Cosmos\Desktop\uTorrent Web.lnk
2019-02-01 22:44 - 2019-02-01 22:44 - 000001874 ____C C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2019-01-31 15:33 - 2019-02-01 11:38 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Wireshark
2019-01-31 15:16 - 2019-01-31 15:16 - 000001831 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2019-01-31 14:51 - 2019-01-31 14:51 - 000000000 ___DC C:\Program Files (x86)\WinPcap
2019-01-31 14:50 - 2019-01-31 15:16 - 000000000 ___DC C:\Program Files\Wireshark
2019-01-29 23:13 - 2019-01-29 23:15 - 146827472 ____C (Microsoft Corporation) C:\Users\Cosmos\Downloads\dotnet-sdk-2.2.103-win-x64.exe
2019-01-29 23:09 - 2019-01-29 23:09 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\ASP.NET
2019-01-29 17:22 - 2019-01-29 18:51 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Notepad++
2019-01-29 17:22 - 2019-01-29 17:22 - 000000881 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-01-29 17:22 - 2019-01-29 17:22 - 000000869 ____C C:\Users\Public\Desktop\Notepad++.lnk
2019-01-29 17:22 - 2019-01-29 17:22 - 000000000 ___DC C:\Program Files\Notepad++
2019-01-25 21:29 - 2019-01-25 21:29 - 000906016 ____C (O&O Software GmbH) C:\Users\Cosmos\Downloads\OOSU10.exe
2019-01-25 14:23 - 2019-01-25 14:23 - 000132787 ____C C:\Users\Cosmos\Downloads\CCS_Content_Outline_Update_090718.pdf
2019-01-23 23:09 - 2019-01-24 19:14 - 000000000 ___DC C:\WINDOWS\Minidump
2019-01-23 19:51 - 2019-01-23 19:51 - 000002685 ____C C:\Users\Public\Desktop\Intel(R) Extreme Tuning Utility.lnk
2019-01-23 19:51 - 2010-05-26 11:41 - 002526056 ____C (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2019-01-23 19:51 - 2010-05-26 11:41 - 002106216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2019-01-23 19:50 - 2019-01-23 19:50 - 000000000 ___DC C:\WINDOWS\System32\Tasks\Intel
2019-01-23 19:50 - 2019-01-23 19:50 - 000000000 ___DC C:\Program Files\Microsoft SQL Server Compact Edition
2019-01-23 19:50 - 2019-01-23 19:50 - 000000000 ___DC C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2019-01-21 00:20 - 2019-01-21 00:20 - 000002368 ____C C:\Users\Cosmos\Desktop\Symbility Mobile Claims.lnk
2019-01-21 00:20 - 2019-01-21 00:20 - 000002324 ____C C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symbility Mobile Claims.lnk
2019-01-20 01:20 - 2019-01-20 01:20 - 000000000 ___DC C:\Users\Cosmos\app
2019-01-19 10:32 - 2019-02-05 17:44 - 000002513 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-01-19 10:32 - 2019-02-05 17:44 - 000002504 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-01-19 10:32 - 2019-02-05 17:44 - 000002484 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-01-19 10:32 - 2019-02-05 17:44 - 000002475 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-01-19 10:32 - 2019-02-05 17:44 - 000002473 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-01-19 10:32 - 2019-02-05 17:44 - 000002449 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-01-19 10:32 - 2019-02-05 17:44 - 000002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-01-18 21:53 - 2019-01-31 15:33 - 000000000 ___DC C:\Program Files (x86)\Project64 2.3
2019-01-17 18:51 - 2019-01-17 18:51 - 000002181 ____C C:\Users\Public\Desktop\Comodo Dragon.lnk
2019-01-17 18:51 - 2019-01-17 18:51 - 000002118 ____C C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
2019-01-17 18:51 - 2019-01-17 18:51 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-01-17 18:50 - 2019-01-17 18:50 - 000000000 ___DC C:\Program Files\Microsoft Silverlight
2019-01-17 18:50 - 2019-01-17 18:50 - 000000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2019-01-17 18:44 - 2019-01-17 18:44 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\{698D6723-22C4-44EF-9F61-87B43E6B8160}
2019-01-16 20:04 - 2019-02-11 20:26 - 000000000 ___DC C:\ftp
2019-01-16 20:01 - 2019-02-08 14:35 - 000000000 ___DC C:\Program Files\CoreFTPServer
2019-01-16 20:01 - 2019-01-16 20:01 - 002223668 ____C C:\Users\Cosmos\Downloads\CoreFTPServer64.exe
2019-01-16 20:01 - 2019-01-16 20:01 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP Server (x64)
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-15 18:43 - 2019-01-08 13:28 - 000002860 ____C C:\WINDOWS\System32\Tasks\Git for Windows Updater
2019-02-15 18:43 - 2019-01-08 01:25 - 000000000 ___DC C:\WINDOWS\System32\Tasks\Avast Software
2019-02-15 18:43 - 2019-01-07 17:24 - 000002686 ____C C:\WINDOWS\System32\Tasks\Study Anki
2019-02-15 18:43 - 2019-01-06 20:17 - 000002276 ____C C:\WINDOWS\System32\Tasks\Quick Access
2019-02-15 18:43 - 2019-01-05 21:31 - 000002908 ____C C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-236146839-932208297-861440787-1001
2019-02-15 18:43 - 2019-01-05 19:09 - 000004362 ____C C:\WINDOWS\System32\Tasks\Software Update Application
2019-02-15 18:43 - 2019-01-05 19:09 - 000003912 ____C C:\WINDOWS\System32\Tasks\ACCAgent
2019-02-15 18:43 - 2019-01-05 19:09 - 000003178 ____C C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-02-15 18:43 - 2019-01-05 19:09 - 000002880 ____C C:\WINDOWS\System32\Tasks\ACC
2019-02-15 18:43 - 2019-01-05 19:09 - 000002620 ____C C:\WINDOWS\System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-02-15 18:43 - 2019-01-05 19:09 - 000002388 ____C C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2019-02-15 18:43 - 2019-01-05 19:09 - 000002222 ____C C:\WINDOWS\System32\Tasks\User Boot Experience Task
2019-02-15 18:42 - 2019-01-04 23:03 - 000000000 ___DC C:\FRST
2019-02-15 18:40 - 2019-01-05 21:47 - 000000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2019-02-15 18:18 - 2019-01-08 01:24 - 000474456 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-02-15 15:44 - 2019-01-05 19:03 - 000000000 ___DC C:\WINDOWS\system32\SleepStudy
2019-02-15 14:31 - 2019-01-08 16:48 - 000000499 ____C C:\Users\Cosmos\Desktop\website idea.txt
2019-02-15 14:25 - 2019-01-10 15:51 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\CrashDumps
2019-02-15 04:36 - 2018-11-23 23:11 - 000000000 ___DC C:\Users\Cosmos\lpthw
2019-02-15 04:31 - 2019-01-05 19:08 - 000000000 ___DC C:\Users\Cosmos
2019-02-15 04:16 - 2017-12-21 23:15 - 000000000 ___DC C:\Users\Cosmos\AppData\LocalLow\Mozilla
2019-02-15 03:36 - 2019-01-05 21:57 - 000741750 ____C C:\WINDOWS\system32\perfh01F.dat
2019-02-15 03:36 - 2019-01-05 21:57 - 000161336 ____C C:\WINDOWS\system32\perfc01F.dat
2019-02-15 03:36 - 2019-01-05 21:56 - 000809320 ____C C:\WINDOWS\system32\perfh019.dat
2019-02-15 03:36 - 2019-01-05 21:56 - 000168028 ____C C:\WINDOWS\system32\perfc019.dat
2019-02-15 03:36 - 2019-01-05 21:54 - 000507892 ____C C:\WINDOWS\system32\perfh011.dat
2019-02-15 03:36 - 2019-01-05 21:54 - 000147312 ____C C:\WINDOWS\system32\perfc011.dat
2019-02-15 03:36 - 2019-01-05 21:52 - 000832216 ____C C:\WINDOWS\system32\perfh00C.dat
2019-02-15 03:36 - 2019-01-05 21:52 - 000167602 ____C C:\WINDOWS\system32\perfc00C.dat
2019-02-15 03:36 - 2019-01-05 21:50 - 000598130 ____C C:\WINDOWS\system32\perfh008.dat
2019-02-15 03:36 - 2019-01-05 21:50 - 000108854 ____C C:\WINDOWS\system32\perfc008.dat
2019-02-15 03:36 - 2019-01-05 21:49 - 000785774 ____C C:\WINDOWS\system32\perfh007.dat
2019-02-15 03:36 - 2019-01-05 21:49 - 000167870 ____C C:\WINDOWS\system32\perfc007.dat
2019-02-15 03:36 - 2019-01-05 21:46 - 000000000 ___DC C:\WINDOWS\INF
2019-02-15 03:36 - 2019-01-05 19:14 - 006565410 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2019-02-15 03:30 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\AppReadiness
2019-02-15 03:30 - 2017-12-22 13:31 - 000000000 _SHDC C:\Users\Cosmos\IntelGraphicsProfiles
2019-02-15 03:29 - 2019-01-07 08:56 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2019-02-15 03:29 - 2019-01-07 08:56 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2019-02-15 03:29 - 2019-01-05 19:09 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2019-02-15 03:29 - 2019-01-05 19:04 - 000000000 ___DC C:\ProgramData\NVIDIA
2019-02-15 02:15 - 2018-10-30 12:55 - 000005438 ____C C:\Users\Cosmos\.node_repl_history
2019-02-14 22:55 - 2019-01-05 21:47 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-14 22:55 - 2019-01-05 19:15 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Packages
2019-02-14 22:54 - 2019-01-06 20:08 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\PlaceholderTileLogoFolder
2019-02-14 21:35 - 2019-01-05 21:51 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Visual Studio Setup
2019-02-14 19:38 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\NDF
2019-02-14 13:28 - 2019-01-07 08:56 - 000001009 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-02-14 13:26 - 2018-11-16 01:22 - 000000000 ___DC C:\Users\Cosmos\.p2
2019-02-14 13:11 - 2019-01-08 01:24 - 000004264 ____C C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-02-14 13:01 - 2019-01-05 21:42 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-02-14 12:46 - 2019-01-05 19:03 - 000448824 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-14 03:38 - 2019-01-05 19:08 - 000000000 ___DC C:\Users\defaultuser0
2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 __SDC C:\WINDOWS\SysWOW64\F12
2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 __SDC C:\WINDOWS\system32\F12
2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\TextInput
2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\ShellExperiences
2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\bcastdvr
2019-02-14 03:37 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files\Windows Defender
2019-02-14 03:36 - 2019-01-07 17:23 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Anki2
2019-02-14 02:30 - 2019-01-07 17:10 - 000000000 ___DC C:\WINDOWS\System32\Tasks\CareCenter
2019-02-13 21:39 - 2019-01-08 13:36 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\heroku
2019-02-13 15:51 - 2019-01-05 21:44 - 000000000 ___DC C:\WINDOWS\CbsTemp
2019-02-13 15:46 - 2019-01-14 20:07 - 000000000 ___DC C:\WINDOWS\system32\MRT
2019-02-13 15:44 - 2019-01-14 20:07 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-12 23:08 - 2018-01-28 01:24 - 000000000 ___DC C:\Users\Cosmos\AppData\LocalLow\Adobe
2019-02-12 17:25 - 2018-11-14 22:50 - 000000000 ___DC C:\Users\Cosmos\.dotnet
2019-02-12 16:30 - 2017-03-10 12:59 - 006690768 ____C C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2019-02-12 15:56 - 2019-01-14 09:38 - 000225680 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-02-12 15:56 - 2019-01-08 01:24 - 001034432 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-02-12 15:56 - 2019-01-08 01:24 - 000474456 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.155027272603101
2019-02-12 15:56 - 2019-01-08 01:24 - 000379952 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-02-12 15:56 - 2019-01-08 01:24 - 000320696 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-02-12 15:56 - 2019-01-08 01:24 - 000216784 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-02-12 15:56 - 2019-01-08 01:24 - 000205400 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-02-12 15:56 - 2019-01-08 01:24 - 000196072 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-02-12 15:56 - 2019-01-08 01:24 - 000167304 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-02-12 15:56 - 2019-01-08 01:24 - 000112312 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-02-12 15:56 - 2019-01-08 01:24 - 000087944 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-02-12 15:56 - 2019-01-08 01:24 - 000057960 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-02-12 15:56 - 2019-01-08 01:24 - 000042288 ____C (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-02-12 15:56 - 2019-01-05 21:47 - 000000000 __HDC C:\WINDOWS\ELAMBKUP
2019-02-12 15:38 - 2019-01-05 19:31 - 000000000 ___DC C:\ProgramData\Packages
2019-02-11 17:55 - 2017-03-10 13:21 - 000000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
2019-02-10 18:29 - 2019-01-05 21:58 - 000000000 ____D C:\WINDOWS\OCR
2019-02-10 17:22 - 2019-01-05 19:08 - 000002366 ____C C:\Users\Cosmos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-10 17:22 - 2017-12-22 13:32 - 000000000 __RDC C:\Users\Cosmos\OneDrive
2019-02-10 14:38 - 2019-01-05 19:17 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\ElevatedDiagnostics
2019-02-09 01:21 - 2018-11-14 22:49 - 000005735 ____C C:\Users\Cosmos\.bash_history
2019-02-07 18:29 - 2017-03-10 12:58 - 000000000 ___DC C:\ProgramData\Package Cache
2019-02-07 00:48 - 2018-11-16 01:20 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-02-07 00:29 - 2019-01-05 21:58 - 000000000 ___DC C:\WINDOWS\SysWOW64\nn-NO
2019-02-07 00:29 - 2019-01-05 21:58 - 000000000 ___DC C:\WINDOWS\system32\nn-NO
2019-02-07 00:29 - 2019-01-05 21:47 - 000000000 __RDC C:\WINDOWS\ImmersiveControlPanel
2019-02-07 00:29 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\oobe
2019-02-07 00:29 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\PolicyDefinitions
2019-02-07 00:29 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files\Windows Photo Viewer
2019-02-07 00:29 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files (x86)\Windows Photo Viewer
2019-02-07 00:08 - 2019-01-13 15:13 - 000000000 ___DC C:\Users\Cosmos\Downloads\Program Downloads
2019-02-07 00:08 - 2019-01-07 08:56 - 000000000 ___DC C:\Users\Cosmos\Downloads\Antivirus
2019-02-07 00:08 - 2019-01-05 21:48 - 000000000 ___DC C:\Users\Cosmos\Downloads\Programming
2019-02-06 18:35 - 2018-12-01 14:16 - 000000000 ___DC C:\Users\Cosmos\Java Projects
2019-02-05 21:01 - 2019-01-05 19:04 - 000000000 ___DC C:\Program Files\Intel
2019-02-05 20:57 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files\Common Files\microsoft shared
2019-02-05 20:42 - 2019-01-05 21:57 - 000000000 ___DC C:\Program Files\dotnet
2019-02-05 20:23 - 2019-01-05 21:51 - 000001355 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-02-05 20:23 - 2019-01-05 21:51 - 000000000 ___DC C:\Program Files (x86)\Microsoft Visual Studio
2019-02-05 18:00 - 2019-01-15 18:52 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\FileZilla
2019-02-05 17:43 - 2017-03-10 12:45 - 000000000 ___DC C:\Program Files (x86)\Microsoft Office
2019-02-05 15:36 - 2019-01-15 18:52 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\FileZilla
2019-02-04 01:13 - 2019-01-05 21:58 - 000000000 ___DC C:\WINDOWS\SysWOW64\XPSViewer
2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\SysWOW64\winrm
2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\SysWOW64\WCN
2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\SysWOW64\slmgr
2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\system32\winrm
2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\system32\WCN
2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\system32\slmgr
2019-02-04 01:13 - 2019-01-05 21:49 - 000000000 ___DC C:\WINDOWS\system32\Printing_Admin_Scripts
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 __SDC C:\WINDOWS\SysWOW64\DiagSvcs
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 __SDC C:\WINDOWS\system32\DiagSvcs
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\SysWOW64\oobe
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\SysWOW64\MUI
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\SysWOW64\Dism
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\SysWOW64\com
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\WinBioPlugIns
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\Sysprep
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\MUI
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\migwiz
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\Dism
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\com
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\IME
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\Help
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files\Common Files\system
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ___DC C:\Program Files (x86)\Windows Defender
2019-02-04 01:13 - 2019-01-05 21:47 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-02-04 01:13 - 2019-01-05 21:42 - 000000000 ____D C:\WINDOWS\servicing
2019-02-03 23:45 - 2019-01-05 19:15 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Publishers
2019-02-03 17:55 - 2019-01-15 18:52 - 000001931 ____C C:\Users\Cosmos\Desktop\FileZilla Client.lnk
2019-02-03 17:55 - 2019-01-15 18:52 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-02-03 17:55 - 2019-01-15 18:52 - 000000000 ___DC C:\Program Files\FileZilla FTP Client
2019-02-02 17:53 - 2019-01-05 21:49 - 000835480 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-02-02 17:53 - 2019-01-05 21:49 - 000179600 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-02 12:12 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\LiveKernelReports
2019-02-02 00:51 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\SysWOW64\Macromed
2019-02-02 00:51 - 2019-01-05 21:47 - 000000000 ___DC C:\WINDOWS\system32\Macromed
2019-02-01 19:52 - 2019-01-13 15:07 - 000500112 ____C C:\WINDOWS\system32\Drivers\fvstore.dat
2019-01-31 15:33 - 2019-01-07 21:17 - 000000000 ___DC C:\Python27
2019-01-31 15:31 - 2019-01-13 16:18 - 000000000 ___DC C:\ProgramData\VirtualBox
2019-01-31 15:31 - 2018-12-07 01:36 - 000000000 ___DC C:\Users\Cosmos\VirtualBox VMs
2019-01-31 15:31 - 2018-10-29 20:44 - 000000000 ___DC C:\Users\Cosmos\.VirtualBox
2019-01-31 14:51 - 2018-11-18 23:22 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2019-01-28 00:28 - 2019-01-08 01:41 - 000000000 ___DC C:\Users\Cosmos\AppData\Roaming\Atom
2019-01-27 12:09 - 2019-01-13 14:15 - 001474832 ____C C:\WINDOWS\system32\Drivers\sfi.dat
2019-01-25 16:47 - 2019-01-08 13:36 - 000000204 ____C C:\Users\Cosmos\_netrc
2019-01-23 23:12 - 2017-03-10 12:59 - 000000000 ___DC C:\ProgramData\Intel
2019-01-23 19:51 - 2017-03-10 12:59 - 000000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-01-23 19:50 - 2019-01-05 19:04 - 000000000 ___DC C:\Program Files (x86)\Intel
2019-01-17 18:51 - 2019-01-12 11:33 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\Comodo
2019-01-17 18:51 - 2019-01-12 11:33 - 000000000 ___DC C:\Program Files (x86)\Comodo
2019-01-17 18:51 - 2019-01-04 23:00 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2019-01-17 18:43 - 2019-01-05 19:18 - 000000000 ___DC C:\Users\Cosmos\AppData\Local\CareCenter
2019-01-17 18:14 - 2019-01-14 20:06 - 000000000 ___DC C:\Program Files\rempl
==================== Files in the root of some directories =======
2019-02-07 00:43 - 2019-02-07 00:43 - 000001918 ____C () C:\Users\Cosmos\AppData\Local\1
2019-02-07 00:42 - 2019-02-07 00:42 - 000015173 ____C () C:\Users\Cosmos\AppData\Local\introcs.ps1
2019-02-05 15:36 - 2019-02-05 15:36 - 000000600 ____C () C:\Users\Cosmos\AppData\Local\PUTTY.RND
2019-01-11 22:53 - 2019-01-12 09:03 - 000007607 ____C () C:\Users\Cosmos\AppData\Local\resmon.resmoncfg
2019-02-07 00:42 - 2019-02-07 00:42 - 000167936 ____C () C:\Users\Cosmos\AppData\Local\unzip.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2019-01-05 19:03
==================== End of FRST.txt ============================
-
February 17th, 2019, 10:05 PM
#11
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Double click on downloaded setup.exe file to install the program.
- Click on Start Scan button.
- Click on another Start Scan button.
- Wait until the Status box shows Scan Finished
- Click on Remove Selected.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
- Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
- Then click Finish.
- Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
- If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator - The tool will start to update the database if one is required.
- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Logfile button.
- A window will open which lists the logs of your scans.
- Click on the Scan tab.
- Double-click the most recent scan which will be at the top of the list....the log will appear.
- Review the results...see note below
- After reviewing the log, click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
- To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
- Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
- A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
-
February 18th, 2019, 10:09 PM
#12
RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Cosmos [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190204_072850, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/02/18 21:06:26 (Duration : 00:16:04)
Switches : -refid 3
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1F1BF54E-2996-4C20-A82B-D6A7588081BC} -- [%_Cosmos_appdata%\uTorrent Web\utweb.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{93FFFDED-55E9-47AF-80B8-E61EEF59360C} -- [%_Cosmos_appdata%\uTorrent Web\utweb.exe] -> Deleted
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-236146839-932208297-861440787-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs -- -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-236146839-932208297-861440787-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs -- -> Replaced (1)
[PUP.Gen1 (Potentially Malicious)] DriverSetupUtility -- %programdata%\DriverSetupUtility -> Deleted
[PUP.Gen1 (Potentially Malicious)] DriverSetupUtility -- %ProgramFiles%\DriverSetupUtility -> Deleted
[PUP.Gen1 (Potentially Malicious)] DriverSetupUtility -- %ProgramFiles%\DriverSetupUtility -> Found
-
February 18th, 2019, 10:26 PM
#13
It found a few items that were not removed, no indication to restart computer, they are still in quarantine, unsure if I should delete or keep for now.
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/18/19
Scan Time: 9:15 PM
Log File: 438ba512-33ec-11e9-a5a7-5800e3780970.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.508
Update Package Version: 1.0.9322
License: Free
-System Information-
OS: Windows 10 (Build 17134.590)
CPU: x64
File System: NTFS
User: DESKTOP-N0KELHM\Cosmos
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 393327
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 7 min, 7 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 1
PUP.Optional.Conduit, HKU\S-1-5-21-236146839-932208297-861440787-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [213], [236865],1.0.9322
Registry Value: 2
PUP.Optional.Conduit, HKU\S-1-5-21-236146839-932208297-861440787-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [213], [236865],1.0.9322
PUP.Optional.Conduit, HKU\S-1-5-21-236146839-932208297-861440787-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Quarantined, [213], [236865],1.0.9322
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 2
PUP.Optional.Conduit, C:\USERS\COSMOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZMDHMREV.DEFAULT\PREFS.JS, Replaced, [213], [301520],1.0.9322
PUP.Optional.Conduit, C:\USERS\COSMOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZMDHMREV.DEFAULT\PREFS.JS, Replaced, [213], [303091],1.0.9322
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Last edited by akhayyat17; February 18th, 2019 at 10:34 PM.
-
February 18th, 2019, 10:35 PM
#14
placeholder for post below
Last edited by akhayyat17; February 18th, 2019 at 11:10 PM.
-
February 18th, 2019, 11:08 PM
#15
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-15.6 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-18-2019
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 14
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Deleted http://www.bing.com/?pc=COSP&ptag=D0...logo=CT3335799
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3228 octets] - [18/02/2019 21:46:57]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Thread Information
Users Browsing this Thread
There are currently 6 users browsing this thread. (0 members and 6 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|