Andrew123
-
Posts
14 -
Joined
-
Last visited
-
MachineLearning/100%anomalous detection - was this an infection?
Andrew123 replied to Andrew123's topic in File Detections
I see. Is there any way to resurrect a deleted file safely, or at least see more information about it? Thanks! -
MachineLearning/100%anomalous detection - was this an infection?
Andrew123 replied to Andrew123's topic in File Detections
Malwarebytes report enclosed here. I also did FRST scans and they are available on the first forum posting I made, but as I said before - I am satisfied the problem has been fixed, I just want to know if it was a real problem or not in the first place. Thanks! 965003238_MBReport.txt -
Hi everyone, Did a scan a couple of weeks back and it detected "MachineLearning/100%anomalous detection" - interestingly I had run a scan earlier without the internet connected, but after I connected the internet and ran the scan again it found it. I've since quarantined and deleted the file, ran another scan and all seems well. I also made a post on the Malwarebytes forum and I was given further assistance, so I am satisfied I don't have a problem anymore, BUT my main concern is: was this actually a real problem or was it a false positive? My reason for asking is: I hardly ever use this computer, and only use 'safe' websites (Wikipedia, BBC news etc). I am not a novice when it comes to computer security. If I did manage to get some malware on my computer, I need to find out where it came from so it doesn't happen again, because I only visit the same, safe websites on this computer (I use my work computer for general browsing) and so I could run the risk of getting this again if I go on the same sites. However, if it was a false positive, then I can rest easier. I have looked over the Malwarebytes forum and seen that this detection has come up a number of times for people developing their own software, however I am not a software developer and had nothing on my computer that an average user wouldn't have. I also understand that MalwareBytes is using new detection systems to stop malware and that there may have been some teething problems. But I'd like to know for sure. I'm attaching the link to the previous forum I posted in, but I stress again - my main concern is not whether this thing has been quarantined and erased, but whether it was an actual problem to start with! I'll also post the Malwarebytes report that I got. Thank you. (Link below).
-
MachineLearning/100%anomalous detection - is this OK?
Andrew123 replied to Andrew123's topic in Resolved Malware Removal Logs
I considered this. I do not, and have never, had any involvement in virtual currencies. So - have I been infected by some bitcoin mining virus? Well, first of all I have none of the telltale symptoms - my computer is fast, responsive, I haven't seen anything unusual on Task Manager, CPU usage, heat from the machine and MalwareBytes and Avast show up nothing. Not to mention the fact I have been nowhere near ANY websites that were untrustworthy - literally, Facebook, Gmail, and Wikipedia, and I didn't click outside any of them, not even a spam email. I have no idea WHERE it could have come from. So...still not sure. -
MachineLearning/100%anomalous detection - is this OK?
Andrew123 replied to Andrew123's topic in Resolved Malware Removal Logs
Hi, I ran the Sophos Virus Removal Tool as requested. I didn't get a log at the end because it just said 'No virus found - your computer is clean'. I couldn't download a log or anything. Reckon I can call off the hunting party?:-) Thanks! Andrew -
MachineLearning/100%anomalous detection - is this OK?
Andrew123 replied to Andrew123's topic in Resolved Malware Removal Logs
Hi, Does that mean it looks safe to you? I still wonder where it came from. I am militant about my computer security. I had a look online (at work - all I've done on my home computer is do this diagnosis!) and saw that bitc.tmp files turn up for others as well. It hardly turns up in Google searches, some sources say it's to do with BitComet (but again - I don't torrent anything and never have)... other than that, it's a dead end. All in all, I'm still confused. I have used this computer for about three websites, all totally safe sites (wikipedia, etc). Do you think it's safe? Thank you for all your help, Nasdaq, I appreciate it a lot! -
MachineLearning/100%anomalous detection - is this OK?
Andrew123 replied to Andrew123's topic in Resolved Malware Removal Logs
Hi, OK, I have run it as an administrator. Here it is: Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01 Ran by Andrew (25-05-2018 06:04:51) Running from C:\Users\Andrew\Desktop Boot Mode: Normal ================== Search Registry: "github.com" =========== ====== End of Search ====== -
MachineLearning/100%anomalous detection - is this OK?
Andrew123 replied to Andrew123's topic in Resolved Malware Removal Logs
Erk... I just found this: https://github.com/bit-c/bitc It looks like it is something to do with Bitcoin? I have NEVER downloaded or been involved in Bitcoin or any online currency. But I cannot understand how I could have caught anything malicious when I use only trusted websites. I mean - I hardly use this computer for anything at all, and I am near-obsessive about security on the thing. (I'm not a novice with security or computers in general either!) Thanks!! -
MachineLearning/100%anomalous detection - is this OK?
Andrew123 replied to Andrew123's topic in Resolved Malware Removal Logs
Hi, I see. So is there no way to know if this was a real piece of malware or just a false positive? It's a bit worrying!! Thanks. -
MachineLearning/100%anomalous detection - is this OK?
Andrew123 replied to Andrew123's topic in Resolved Malware Removal Logs
Hi, Thanks for the response. Is there any way to know which program created this file? I have kept an eye on things for the last 72 hours and have ran scans daily - and haven't seen anything. Nonetheless, I'd like to know if it was something nasty, since I can't guess where I picked it up from - I have literally only done online banking, Band and Facebook on this machine for the last month... Thanks again! -
MachineLearning/100%anomalous detection - is this OK?
Andrew123 replied to Andrew123's topic in Resolved Malware Removal Logs
I have ran Malwarebytes and Avast (no worrying results either time), and it seems to be running normally. Do you think everything is OK? I really want to know if this was a genuine problem or if it was just a false positive. Thanks a lot! -
MachineLearning/100%anomalous detection - is this OK?
Andrew123 replied to Andrew123's topic in Resolved Malware Removal Logs
Hi, I created the system restore point as per your instructions and ran the fixlog. Results are attached. What's the next step? Thanks! Fixlog.txt -
MachineLearning/100%anomalous detection - is this OK?
Andrew123 replied to Andrew123's topic in Resolved Malware Removal Logs
Hello, Thank you for your help. As per your request: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01 Ran by Andrew (administrator) on DESKTOP-DANGUIK (23-05-2018 05:43:11) Running from C:\Users\Andrew\Desktop Loaded Profiles: Andrew (Available Profiles: Andrew) Platform: Windows 10 Home Version 1803 17134.48 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\ColorEngine\ColorEngine.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportHelper.exe (Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\29.155.200\software_reporter_tool.exe (Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\29.155.200\software_reporter_tool.exe (Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\29.155.200\software_reporter_tool.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.1_none_eedfeda03074e04e\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16717832 2016-10-28] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2017-04-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-15] (AVAST Software) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-14] (Dropbox, Inc.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-1859029883-19092773-3022626163-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-13] (Piriform Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2 Tcpip\..\Interfaces\{6cbe9bbc-d1c2-4010-b603-a7f219533aa8}: [DhcpNameServer] 168.126.63.1 168.126.63.2 Tcpip\..\Interfaces\{8718fe39-fb16-455c-80c9-2079bd7e7dd8}: [DhcpNameServer] 168.126.63.1 168.126.63.2 Internet Explorer: ================== HKU\S-1-5-21-1859029883-19092773-3022626163-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung15.msn.com/?pc=SMTE HKU\S-1-5-21-1859029883-19092773-3022626163-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung15.msn.com/?pc=SMTE SearchScopes: HKU\S-1-5-21-1859029883-19092773-3022626163-1001 -> DefaultScope {859287B1-AA97-4996-928E-C3E8170B268E} URL = SearchScopes: HKU\S-1-5-21-1859029883-19092773-3022626163-1001 -> {859287B1-AA97-4996-928E-C3E8170B268E} URL = FireFox: ======== FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.co.uk/?gws_rd=ssl" CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2018-05-23] CHR Extension: (Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27] CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27] CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-03] CHR Extension: (IBM Security Rapport) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-15] CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-03] CHR Extension: (Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27] CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-03-15] CHR Extension: (Avast Online Security) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09] CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-03] CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-11] CHR HKU\S-1-5-21-1859029883-19092773-3022626163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1859029883-19092773-3022626163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AllShare Framework DMS; C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [403264 2016-03-21] (Samsung) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-15] (AVAST Software) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Windows (R) Win 7 DDK provider) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-15] (AVAST Software) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-03] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-03] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-05-14] (Dropbox, Inc.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2017-04-17] (ELAN Microelectronics Corp.) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-25] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5249008 2018-01-24] (IBM Corp.) R2 SamsungLinkService; C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [24977128 2016-03-21] (Samsung Electronics CO., LTD.) R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1777048 2017-09-18] (Samsung Electronics Co., Ltd.) S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] () R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [745224 2015-07-09] (DEVGURU Co., LTD.) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3298208 2017-10-11] (Samsung Electronics Co., Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-05-15] (AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software) R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-05-15] (AVAST Software) S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-05-15] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-05-15] (AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-05-15] (AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-05-15] (AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-05-15] (AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-05-15] (AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-05-15] (AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-05-15] (AVAST Software) R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32328 2015-09-07] (ELAN Microelectronic Corp.) R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation) R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-05-20] (Malwarebytes) S1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [489616 2018-01-24] (IBM Corp.) S1 RapportCerberus_1908103; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1908103.sys [1635344 2018-03-15] (IBM Corp.) S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [703056 2018-01-24] (IBM Corp.) S0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [338384 2018-01-24] (IBM Corp.) S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [491800 2018-03-15] (IBM Corp.) S0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [597976 2018-01-24] (IBM Corp.) S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [743568 2018-01-24] (IBM Corp.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-09-20] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-05] (Realsil Semiconductor Corporation) R1 SDiskWindows10; C:\WINDOWS\System32\DRIVERS\SDiskWindows10.sys [111320 2016-03-21] (Samsung Inc.) R3 Snscr; C:\WINDOWS\System32\drivers\Snscr.sys [52224 2016-10-31] (Samsung Electronics Co., Ltd.) S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [48896 2015-07-09] (QUALCOMM Incorporated) S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2015-07-09] (DEVGURU Co., LTD.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-23 05:43 - 2018-05-23 05:43 - 000017673 _____ C:\Users\Andrew\Desktop\FRST.txt 2018-05-23 05:42 - 2018-05-23 05:43 - 000000000 ____D C:\FRST 2018-05-23 05:41 - 2018-05-23 05:41 - 002413056 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe 2018-05-21 08:05 - 2018-05-21 08:05 - 000001272 _____ C:\Users\Andrew\Desktop\MB Report.txt 2018-05-21 07:26 - 2018-05-21 07:26 - 000000000 ____D C:\Users\Andrew\AppData\Local\D3DSCache 2018-05-21 07:12 - 2018-05-21 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-05-21 04:42 - 2018-05-20 11:50 - 000000000 ____D C:\Windows.old 2018-05-20 11:51 - 2018-05-21 07:32 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-05-20 11:51 - 2018-05-20 11:51 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2018-05-20 11:50 - 2018-05-21 19:08 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2018-05-20 11:50 - 2018-05-21 19:08 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-05-20 11:50 - 2018-05-21 07:26 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2018-05-20 11:50 - 2018-05-21 07:26 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2018-05-20 11:50 - 2018-05-21 07:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-05-20 11:50 - 2018-05-21 07:16 - 000004000 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2018-05-20 11:50 - 2018-05-21 07:16 - 000003768 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2018-05-20 11:50 - 2018-05-20 11:50 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-05-20 11:50 - 2018-05-20 11:50 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1859029883-19092773-3022626163-1001 2018-05-20 11:50 - 2018-05-20 11:50 - 000002422 _____ C:\WINDOWS\System32\Tasks\PandaUSBVaccine 2018-05-20 11:50 - 2018-05-20 11:50 - 000002418 _____ C:\WINDOWS\System32\Tasks\SamsungLinkTray 2018-05-20 11:50 - 2018-05-20 11:50 - 000002322 _____ C:\WINDOWS\System32\Tasks\SAgent 2018-05-20 11:50 - 2018-05-20 11:50 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL 2018-05-20 11:50 - 2018-05-20 11:50 - 000002264 _____ C:\WINDOWS\System32\Tasks\ColorEngine 2018-05-20 11:50 - 2018-05-20 11:50 - 000002216 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2018-05-20 11:50 - 2018-05-20 11:50 - 000000020 ___SH C:\Users\Andrew\ntuser.ini 2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\SecTimeSync 2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\Samsung 2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1859029883-19092773-3022626163-1001 2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software 2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-05-20 11:49 - 2018-05-20 11:50 - 000007623 _____ C:\WINDOWS\diagwrn.xml 2018-05-20 11:49 - 2018-05-20 11:50 - 000007623 _____ C:\WINDOWS\diagerr.xml 2018-05-20 11:47 - 2018-05-20 11:47 - 000000000 ____D C:\ProgramData\USOShared 2018-05-20 11:44 - 2018-05-20 11:44 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2018-05-20 11:43 - 2018-05-20 11:50 - 000000000 ____D C:\Users\Andrew 2018-05-20 11:43 - 2018-05-20 11:44 - 000000000 ____D C:\Users\Andrew\AppData\Local\Google 2018-05-20 11:43 - 2018-04-12 08:34 - 000001105 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-05-20 11:43 - 2018-04-12 08:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2018-05-20 11:43 - 2017-08-02 07:59 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Mozilla 2018-05-20 11:43 - 2016-11-25 23:19 - 000103960 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2018-05-20 11:43 - 2016-11-25 23:19 - 000099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2018-05-20 11:43 - 2016-10-10 18:38 - 000000000 ____D C:\Users\Andrew\AppData\Local\Trusteer 2018-05-20 11:42 - 2018-05-21 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-05-20 11:42 - 2018-05-21 07:25 - 000264536 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-05-19 22:10 - 2018-05-15 17:16 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2018-05-19 22:10 - 2018-05-15 17:16 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2018-05-19 22:10 - 2018-05-15 17:16 - 000381552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2018-05-19 22:10 - 2018-05-15 17:16 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2018-05-19 22:10 - 2018-05-15 17:16 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2018-05-19 22:10 - 2018-05-15 17:16 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2018-05-19 22:10 - 2018-05-15 17:16 - 000159120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2018-05-19 22:10 - 2018-05-15 17:16 - 000111360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2018-05-19 22:10 - 2018-05-15 17:16 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2018-05-19 22:10 - 2018-05-15 17:16 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2018-05-19 22:10 - 2018-03-08 18:23 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys 2018-05-19 22:10 - 2018-03-08 18:23 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys 2018-05-19 22:10 - 2018-03-08 18:23 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys 2018-05-19 22:10 - 2018-03-08 18:23 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys 2018-05-19 22:10 - 2018-01-24 17:13 - 000338384 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys 2018-05-19 22:10 - 2017-06-28 19:10 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150162212764003 2018-05-19 22:10 - 2016-07-11 17:51 - 000473592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.146822709757802 2018-05-19 22:09 - 2018-05-21 04:42 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2018-05-19 22:03 - 2018-05-19 22:10 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2018-05-15 20:44 - 2018-05-15 20:44 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2018-05-15 20:44 - 2018-05-15 20:44 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-05-15 20:43 - 2018-05-15 20:43 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2018-05-15 20:43 - 2018-05-15 20:43 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-05-15 20:43 - 2018-05-15 20:43 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-05-15 20:43 - 2018-05-15 20:43 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2018-05-15 20:43 - 2018-05-15 20:43 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2018-05-15 20:43 - 2018-05-15 20:43 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2018-05-15 20:43 - 2018-05-15 20:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-05-15 20:43 - 2018-05-15 20:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-05-15 20:42 - 2018-05-15 20:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-05-15 20:42 - 2018-05-15 20:42 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-05-15 20:42 - 2018-05-15 20:42 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-05-15 20:42 - 2018-05-15 20:42 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-05-15 20:42 - 2018-05-15 20:42 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2018-05-15 20:42 - 2018-05-15 20:42 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2018-05-15 20:42 - 2018-05-15 20:42 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-05-15 20:42 - 2018-05-15 20:42 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-05-15 20:42 - 2018-05-15 20:42 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2018-05-15 20:42 - 2018-05-15 20:42 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2018-05-15 20:42 - 2018-05-15 20:42 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2018-05-15 20:42 - 2018-05-15 20:42 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2018-05-15 20:42 - 2018-05-15 20:42 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2018-05-15 20:42 - 2018-05-15 20:42 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-05-15 20:42 - 2018-05-15 20:42 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2018-05-15 20:42 - 2018-05-15 20:42 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2018-05-15 19:19 - 2018-05-15 19:19 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2018-05-15 19:19 - 2018-05-15 19:19 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2018-05-15 19:19 - 2018-05-15 19:19 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll 2018-05-15 19:19 - 2018-05-15 19:19 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll 2018-05-15 19:19 - 2018-05-15 19:19 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll 2018-05-15 19:19 - 2018-05-15 19:19 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll 2018-05-15 19:19 - 2018-05-15 19:19 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml 2018-05-15 19:19 - 2018-05-15 19:19 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml 2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files\Reference Assemblies 2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files\MSBuild 2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files (x86)\MSBuild 2018-05-15 19:17 - 2018-05-15 19:17 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2018-05-15 19:17 - 2018-05-15 19:17 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2018-05-15 19:17 - 2018-05-15 19:17 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2018-05-15 19:17 - 2018-05-15 19:17 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2018-05-15 19:17 - 2018-05-15 19:17 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2018-05-15 19:17 - 2018-05-15 19:17 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2018-05-15 18:54 - 2018-05-15 18:54 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2018-05-14 20:45 - 2018-05-14 20:45 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2018-05-14 20:45 - 2018-05-14 20:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2018-05-14 20:45 - 2018-05-14 20:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2018-05-14 20:45 - 2018-05-14 20:45 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2018-05-10 06:23 - 2018-05-21 06:32 - 000000000 ___DC C:\WINDOWS\Panther 2018-05-05 17:06 - 2018-05-05 17:06 - 015813864 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\ccsetup542.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-23 05:43 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-05-23 05:42 - 2018-04-12 08:38 - 000000000 ___HD C:\Program Files\WindowsApps 2018-05-23 05:38 - 2016-10-10 18:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-05-23 05:38 - 2016-01-17 00:06 - 000000000 __SHD C:\Users\Andrew\IntelGraphicsProfiles 2018-05-21 21:35 - 2018-04-12 08:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-05-21 19:46 - 2017-12-18 20:20 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\vlc 2018-05-21 19:09 - 2017-12-18 20:20 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\dvdcss 2018-05-21 08:52 - 2016-10-10 18:45 - 000000000 ____D C:\Users\Andrew\AppData\Local\ConnectedDevicesPlatform 2018-05-21 07:36 - 2016-03-03 18:50 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-05-21 07:32 - 2018-04-12 08:36 - 000000000 ____D C:\WINDOWS\INF 2018-05-21 07:25 - 2016-03-03 19:20 - 000000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2018-05-21 07:25 - 2016-03-03 19:20 - 000000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2018-05-21 07:16 - 2018-04-12 08:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-05-21 07:13 - 2016-03-03 19:20 - 000000000 ____D C:\Users\Andrew\AppData\Local\Dropbox 2018-05-21 07:13 - 2016-03-03 19:20 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-05-21 04:42 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2018-05-21 04:42 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\WCN 2018-05-21 04:42 - 2018-04-12 08:41 - 000000000 ____D C:\WINDOWS\Setup 2018-05-21 04:42 - 2018-04-12 08:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\spool 2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\IME 2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-05-21 04:42 - 2017-12-18 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2018-05-21 04:42 - 2017-12-14 06:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-05-21 04:42 - 2017-09-29 22:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2018-05-21 04:42 - 2017-07-11 18:04 - 000000000 ____D C:\Program Files\UNP 2018-05-21 04:42 - 2016-10-10 18:34 - 000000000 ____D C:\Program Files\Intel 2018-05-21 04:42 - 2016-05-25 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\vbox 2018-05-21 04:42 - 2016-05-25 15:57 - 000000000 ____D C:\WINDOWS\system32\vbox 2018-05-21 04:42 - 2016-03-07 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2018-05-21 04:42 - 2016-03-06 19:50 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 2018-05-21 04:42 - 2016-03-03 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-05-21 04:42 - 2015-12-10 02:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\samsung 2018-05-21 04:42 - 2015-12-09 09:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2018-05-21 04:42 - 2015-12-09 09:24 - 000000000 ____D C:\WINDOWS\system32\ihvmanager 2018-05-20 12:07 - 2017-12-31 14:15 - 000000000 ____D C:\Users\Andrew\AppData\Local\Packages 2018-05-20 11:50 - 2017-12-31 15:15 - 000000000 ___RD C:\Users\Andrew\3D Objects 2018-05-20 11:50 - 2015-12-10 02:19 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-05-20 11:49 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\Registration 2018-05-20 11:47 - 2018-04-12 08:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2018-05-20 11:47 - 2018-04-12 08:38 - 000000000 ____D C:\ProgramData\USOPrivate 2018-05-20 11:46 - 2016-10-10 18:40 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat 2018-05-20 11:45 - 2017-12-14 06:07 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-05-20 11:44 - 2018-04-12 06:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-05-20 11:43 - 2016-10-10 18:34 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2018-05-20 11:43 - 2016-10-10 18:34 - 000000000 ____D C:\WINDOWS\SysWOW64\sda 2018-05-20 11:43 - 2016-10-10 18:34 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2018-05-20 11:43 - 2016-10-10 18:34 - 000000000 ____D C:\Program Files\Elantech 2018-05-19 22:17 - 2018-04-12 08:38 - 000000000 __RHD C:\Users\Public\Libraries 2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\winrm 2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\slmgr 2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-05-19 22:11 - 2016-10-11 11:03 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2018-05-19 22:11 - 2016-10-10 18:34 - 000000000 ____D C:\WINDOWS\system32\SRSLabs 2018-05-19 22:10 - 2018-04-12 18:18 - 000000000 ____D C:\WINDOWS\OCR 2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\system32\F12 2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\system32\dsc 2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\MUI 2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\Help 2018-05-19 22:10 - 2018-04-12 06:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-05-19 22:10 - 2016-03-03 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\appcompat 2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files\Common Files\system 2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2018-05-19 22:09 - 2016-10-10 18:34 - 000000000 ____D C:\Program Files\Realtek 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\te-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\or-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\km-KH 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\is-IS 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\id-ID 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\be-BY 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\as-IN 2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA 2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\TextInput 2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\ta-in 2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\si-lk 2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\setup 2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\am-et 2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\Provisioning 2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB 2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\et-EE 2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\es-MX 2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\en-GB 2018-05-15 17:16 - 2017-12-27 18:32 - 000234560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2018-05-15 17:16 - 2016-08-09 18:03 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-05-11 08:10 - 2016-03-08 19:04 - 000000000 ___RD C:\Users\Andrew\Desktop\Other stuff 2018-05-11 08:08 - 2016-03-03 19:15 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-05-11 07:56 - 2017-10-12 19:26 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-05-11 07:56 - 2016-03-03 19:15 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-05-05 17:08 - 2016-03-03 19:10 - 000000000 ____D C:\Users\Andrew\Desktop\Deflector Shields 2018-05-05 08:23 - 2016-01-17 00:08 - 000000000 ___RD C:\Users\Andrew\OneDrive 2018-05-02 06:22 - 2018-04-12 08:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-05-02 06:22 - 2018-04-12 08:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2016-03-03 18:58 - 2017-04-17 18:08 - 000067064 _____ () C:\ProgramData\SettingsDataBackup.reg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-05-20 11:42 ==================== End of FRST.txt ============================ Addition.txt -
Hi, I've been using MalwareBytes Free on my computer for a number of years, never had a problem and only use it for the bare basics - only 'safe' websites (Wikipedia, Facebook) and don't use it a great deal anyway. Did a scan this morning and it detected "MachineLearning/100%anomalous detection" - interestingly I had run a scan earlier without the internet connected, but after I connected the internet and ran the scan again it found it. I've since quarantined and deleted the file, ran another scan and all seems well - I'd just like to know what it was and whether it was a real problem or a false positive. I did a large Windows update (1803) last night and wonder if that's related? I have looked over this forum and seen that this detection has come up a number of times for people developing their own software, however I am not a software developer and had nothing on my computer that an average user wouldn't have. I understand that MalwareBytes is using new detection systems to stop malware, and so hopefully this is a teething problem rather than a real concern. I'm pretty savvy about computer safety, but still I'd rather be certain that everything is OK. I'm attaching the exported report here. There are no other visible signs of infection (slowing down, redirects etc). Thank you! MB Report.txt