Arv45's Content - Malwarebytes Forums

Windows 10 slow boot up and HDD corrupted

Arv45 replied to Arv45's topic in Resolved Malware Removal Logs

Hi Kevin, This is one of the first step I tried . Tried resetting PC with both Keep my files and remove all files option(Only c: drive).That also, didn't help. Only didn't try restore factory image .I fear to do it because thinking that d: drive will formatted during this process. If I am able recover data from d: drive I will try complete and fresh win 10 installation. I tried chkdsk for drive attached the log which I observed. Whether recovery software could help never tried one earlier? or Install Linux OS ? Regards, ARV

September 21, 2019
16 replies
- nvcontainer recovery
- hdd corrupted
- (and 3 more)
  Tagged with:

Windows 10 slow boot up and HDD corrupted

Arv45 replied to Arv45's topic in Resolved Malware Removal Logs

Hi Kevin, I have executed the command. Few errors were observed. Please check for the screenshot. Start menu and other settings is still not working. Regards, ARV

September 20, 2019
16 replies
- nvcontainer recovery
- hdd corrupted
- (and 3 more)
  Tagged with:

Windows 10 slow boot up and HDD corrupted

Arv45 replied to Arv45's topic in Resolved Malware Removal Logs

SFC scan is done , please find the attached image and CBS.log. Following problem still persist: Longer boot time Start menu ,settings and few more is not functioning properly D: drive is not accessible Thank you. CBS.zip

September 19, 2019
16 replies
- nvcontainer recovery
- hdd corrupted
- (and 3 more)
  Tagged with:

Windows 10 slow boot up and HDD corrupted

Arv45 replied to Arv45's topic in Resolved Malware Removal Logs

Command executed successfully. But still couldn't open start menu and so on...

September 19, 2019
16 replies
- nvcontainer recovery
- hdd corrupted
- (and 3 more)
  Tagged with:

Windows 10 slow boot up and HDD corrupted

Arv45 replied to Arv45's topic in Resolved Malware Removal Logs

Hi Kevin, Ran the DISM command and it is successful . Attached the image for reference.But still start menu ,settings , network ,.... is not getting opened. Also, please suggest me how to fix D: drive since it has some important data I don't want it to format.Is there any other way to fix it ?

September 18, 2019
16 replies
- nvcontainer recovery
- hdd corrupted
- (and 3 more)
  Tagged with:

Windows 10 slow boot up and HDD corrupted

Arv45 replied to Arv45's topic in Resolved Malware Removal Logs

Hi Kevin, Kindly check the attached file. Earlier attached logs were not complete. Regards, ARV Addition.txt FRST.txt

September 18, 2019
16 replies
- nvcontainer recovery
- hdd corrupted
- (and 3 more)
  Tagged with:

Windows 10 slow boot up and HDD corrupted

Arv45 replied to Arv45's topic in Resolved Malware Removal Logs

Hi Kevin, Thanks for the help!!! Here is the FRST.txt log... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2019 Ran by vaira (administrator) on MSI (Micro-Star International Co., Ltd. GL62M 7RDX) (18-09-2019 06:38:46) Running from C:\Users\vaira\Desktop Loaded Profiles: vaira (Available Profiles: vaira) Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (A-Volute -> ) C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe (A-Volute -> ) C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe (A-Volute -> Nahimic) C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe (Dynamic Digital Depth Australia Pty Ltd -> DDD Group Plc.) C:\Program Files (x86)\TriDef\SmartCam\TriDefSmartCamService64.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\MSI\MSI Remind Manager\40\MSIOnlineRegister.exe (Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\SCM\SCM.exe (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe (Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\SCM\MSIService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.2.3\NS.exe (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.2.3\NS.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-06-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-06-09] (Intel(R) Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [709816 2017-05-19] (A-Volute -> Nahimic) HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] (Micro-Star International CO., LTD. -> ) [File not signed] HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1883704 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation) HKU\S-1-5-21-3508199185-296706971-2626689586-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\vaira\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-3508199185-296706971-2626689586-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\vaira\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-3508199185-296706971-2626689586-1001\...\RunOnce: [Uninstall 17.3.6816.0313\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vaira\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64" HKU\S-1-5-21-3508199185-296706971-2626689586-1001\...\RunOnce: [Uninstall 17.3.6816.0313] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vaira\AppData\Local\Microsoft\OneDrive\17.3.6816.0313" ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10131F57-E6EA-4692-9B8C-06E686018779} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.6.0.12\\Ara.exe [848152 2015-07-10] (Symantec Corporation -> Symantec Corporation) Task: {1B4F14BD-69B7-44A3-B237-57B7D3CBA4D4} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [721976 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2D30E81C-1638-4D29-8285-C96896EC4616} - System32\Tasks\MSISCMTsk => C:\Program Files (x86)\MSI\MSI Remind Manager\MSISCMTsk.exe [285464 2017-05-31] (Micro-Star International CO., LTD. -> Application) [File not signed] Task: {2F74EA63-E487-4A27-A7F8-5E5FF3720C82} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {3441ACAA-3EC5-4ACB-88F7-7F46483683A8} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [393728 2018-04-11] (Microsoft Windows -> Microsoft Corporation) Task: {4E20BBAC-C764-498B-BAB3-1BD68EE89C5D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation) Task: {6A5903FE-5128-4EE8-B4EA-6B1946484235} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [947768 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {6F204501-DB52-49AB-B8DC-903ED4DC6BBC} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter] Task: {77E1EABA-573F-492B-9645-CC985AE77E2F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {7FB2BC14-BD77-4BAB-8DAE-2C5D1B45EA59} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.9.2.3\WSCStub.exe [3791568 2017-04-10] (Symantec Corporation -> Symantec Corporation) Task: {88E365C5-2EA7-4CAE-9177-810C664BEE88} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [431384 2017-06-19] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed] Task: {89E4F54D-F657-4924-9A73-3D10177CA7AA} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.9.2.3\SymErr.exe [102016 2017-04-10] (Symantec Corporation -> Symantec Corporation) Task: {8A924589-0923-45C0-A75C-7C99C3D7A4FE} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [709816 2017-05-19] (A-Volute -> Nahimic) Task: {8C8896D7-75BA-4E9F-AB8C-CBB8256EBBB7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {98DC9150-C275-4D81-8E1E-E10AA895119E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649272 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {9BA6F4DB-47F0-4DED-BA06-190F8D71143E} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.9.2.3\SymErr.exe [102016 2017-04-10] (Symantec Corporation -> Symantec Corporation) Task: {A3B1D9D6-99CD-4685-8299-492708B0C662} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [3791568 2017-04-10] (Symantec Corporation -> Symantec Corporation) Task: {C380B825-4A7A-4AB6-8806-A31C46FFCEBB} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2059960 2017-05-19] (A-Volute -> ) Task: {CFFAC80B-CC3C-450B-9F8B-1384BC647753} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {D18464C4-3203-4EA8-A09F-9BF9D87C3144} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {D38463A2-4E7A-4875-91E9-605BF0387D1D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [437816 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D8798903-E984-4EB7-8C18-5AF235DF9F23} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {D8B20ABA-259D-4C57-80F3-4E63FB6B65CD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation) Task: {D9605CCE-DF01-4DEE-8FE3-8A4DF2B0BD0D} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.9.2.3\SymErr.exe [102016 2017-04-10] (Symantec Corporation -> Symantec Corporation) Task: {DF313414-7947-4BA0-AEB0-D92E1FA4F7D7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649272 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E1B7E2C3-8932-4640-A861-06B482C2470C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [721976 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {E3E0BD98-A455-44F1-A2C2-925494442E89} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [513720 2017-05-19] (A-Volute -> ) Task: {FE644E12-D51B-481D-8D12-802CB01878B2} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [5122840 2017-06-15] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 49.205.75.2 Tcpip\..\Interfaces\{9f62a8d0-0a3a-4890-ac09-3f93ebb88cfb}: [DhcpNameServer] 8.8.8.8 49.205.75.2 Internet Explorer: ================== DownloadDir: C:\Users\vaira\Desktop SearchScopes: HKU\S-1-5-21-3508199185-296706971-2626689586-1001 -> {D1B3280E-8529-4501-A8F2-FBF78D8B05D7} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-17] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.2.3\coFFAddon FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.2.3\coFFAddon [2019-09-17] [Legacy] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.2.3\coFFAddon FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-09-17] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.2.3\Exts\Chrome.crx [2017-06-23] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.2.3\Exts\Chrome.crx [2017-06-23] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568144 2019-08-30] (Microsoft Corporation -> Microsoft Corporation) S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413720 2017-06-12] (Intel(R) Rapid Storage Technology -> Intel Corporation) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation) S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-06-05] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2017-06-08] (Micro-Star International Co., Ltd.) [File not signed] R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [62392 2017-04-24] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> ) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation -> Symantec Corporation) R2 NS; C:\Program Files\Norton Security\Engine\22.9.2.3\NS.exe [326152 2017-04-10] (Symantec Corporation -> Symantec Corporation) S2 SymSilent; C:\Program Files (x86)\SymSilent\SymSilent.exe [1071488 2017-06-23] (Symantec Corporation -> Symantec Corporation) R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [399440 2018-08-29] (Synaptics Incorporated -> Synaptics Incorporated) R2 TriDefSmartCamService; c:\program files (x86)\tridef\smartcam\tridefsmartcamservice64.exe [11076576 2017-03-10] (Dynamic Digital Depth Australia Pty Ltd -> DDD Group Plc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin" ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\BASHDefs\20190916.001\BHDrvx64.sys [1935880 2019-09-16] (Symantec Corporation -> Symantec Corporation) S3 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation -> Symantec Corporation) R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1609020.003\ccSetx64.sys [174232 2017-04-10] (Symantec Corporation -> Symantec Corporation) S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-09-18] (Symantec Corporation -> Symantec Corporation) U3 EraserUtilDrv11910; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11910.sys [154288 2019-09-18] (Symantec Corporation -> Symantec Corporation) S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70632 2017-06-12] (Intel(R) Rapid Storage Technology -> Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [174600 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R3 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\IPSDefs\20190917.063\IDSvia64.sys [1451016 2019-09-17] (Symantec Corporation -> Symantec Corporation) R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [161096 2016-09-19] (Rivet Networks LLC -> Qualcomm Atheros, Inc.) R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-11] (Microsoft Windows -> Intel Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmi.inf_amd64_9cd951c47b0da577\nvlddmkm.sys [17213200 2018-08-22] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31800 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation) S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [28216 2017-06-23] (NVIDIA Corporation -> Windows (R) Win 7 DDK provider) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [49208 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2018-01-03] (NVIDIA Corporation -> NVIDIA Corporation) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2017-06-23] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [69168 2017-12-05] (Synaptics Incorporated -> Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [56912 2018-08-29] (Synaptics Incorporated -> Synaptics Incorporated) R3 SRTSP; C:\WINDOWS\system32\drivers\NSx64\1609020.003\SRTSP64.SYS [770200 2017-04-10] (Symantec Corporation -> Symantec Corporation) R3 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1609020.003\SRTSPX64.SYS [49304 2017-04-10] (Symantec Corporation -> Symantec Corporation) S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated) R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1609020.003\SYMEFASI64.SYS [1716888 2017-04-10] (Symantec Corporation -> Symantec Corporation) S4 SymELAM; C:\WINDOWS\system32\drivers\NSx64\1609020.003\SymELAM.sys [24608 2017-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-06-23] (Symantec Corporation -> Symantec Corporation) R3 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1609020.003\Ironx64.SYS [291480 2017-04-10] (Symantec Corporation -> Symantec Corporation) R3 SymNetS; C:\WINDOWS\system32\drivers\NSx64\1609020.003\SYMNETS.SYS [567496 2017-04-10] (Symantec Corporation -> Symantec Corporation) R3 TriDefSmartCam; C:\WINDOWS\system32\DRIVERS\TriDefSmartCam.sys [48304 2017-02-20] (Dynamic Digital Depth Australia Pty Ltd -> DDD Group Plc.) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation) R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] (Micro-Star Int'l Co. Ltd. -> ) S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20190918.003\NAVENG.SYS [X] S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20190918.003\NAVEX15.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-09-18 06:38 - 2019-09-18 06:39 - 000026263 _____ C:\Users\vaira\Desktop\FRST.txt 2019-09-18 06:38 - 2019-09-18 06:38 - 000000000 ____D C:\Users\vaira\Desktop\FRST-OlderVersion 2019-09-18 06:37 - 2019-09-18 06:38 - 001615360 _____ (Farbar) C:\Users\vaira\Desktop\FRST64.exe 2019-09-18 06:36 - 2019-09-18 06:36 - 001615360 _____ (Farbar) C:\Users\vaira\Downloads\FRST64.exe 2019-09-18 06:34 - 2019-09-18 06:38 - 000000000 ____D C:\FRST 2019-09-18 06:30 - 2019-09-18 06:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2019-09-18 06:30 - 2019-09-18 06:30 - 000000000 ____D C:\Program Files\Common Files\AV 2019-09-18 06:25 - 2019-09-18 06:25 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3508199185-296706971-2626689586-1001 2019-09-17 15:56 - 2019-09-17 16:35 - 000000000 ____D C:\WINDOWS\Panther 2019-09-17 15:56 - 2019-09-17 15:56 - 000000000 ____D C:\WINDOWS\InfusedApps 2019-09-17 15:55 - 2019-09-18 06:28 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-09-17 15:53 - 2019-09-18 05:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-09-17 15:53 - 2019-09-17 16:36 - 000003676 _____ C:\WINDOWS\System32\Tasks\Norton Online Backup ARA 2019-09-17 15:53 - 2019-09-17 15:53 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-09-17 15:53 - 2019-09-17 15:53 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification 2019-09-17 15:53 - 2019-09-17 15:53 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-09-17 15:53 - 2019-09-17 15:53 - 000002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-09-17 15:53 - 2019-09-17 15:53 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-09-17 15:53 - 2019-09-17 15:53 - 000002942 _____ C:\WINDOWS\System32\Tasks\Dragon_Center_updater 2019-09-17 15:53 - 2019-09-17 15:53 - 000002846 _____ C:\WINDOWS\System32\Tasks\MSI_Help_Desk_Agent 2019-09-17 15:53 - 2019-09-17 15:53 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-09-17 15:53 - 2019-09-17 15:53 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-09-17 15:53 - 2019-09-17 15:53 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2019-09-17 15:53 - 2019-09-17 15:53 - 000002608 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2019-09-17 15:53 - 2019-09-17 15:53 - 000002396 _____ C:\WINDOWS\System32\Tasks\Nahimic2UILauncherRun 2019-09-17 15:53 - 2019-09-17 15:53 - 000002384 _____ C:\WINDOWS\System32\Tasks\Nahimic2Svc64Run 2019-09-17 15:53 - 2019-09-17 15:53 - 000002376 _____ C:\WINDOWS\System32\Tasks\Nahimic2Svc32Run 2019-09-17 15:53 - 2019-09-17 15:53 - 000002262 _____ C:\WINDOWS\System32\Tasks\MSI_Dragon Center 2019-09-17 15:53 - 2019-09-17 15:53 - 000002196 _____ C:\WINDOWS\System32\Tasks\MSISCMTsk 2019-09-17 15:53 - 2019-09-17 15:53 - 000000000 _SHDL C:\Users\Default User 2019-09-17 15:53 - 2019-09-17 15:53 - 000000000 _SHDL C:\Users\All Users 2019-09-17 15:53 - 2019-09-17 15:53 - 000000000 _SHDL C:\Documents and Settings 2019-09-17 15:53 - 2019-09-17 15:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-09-17 15:53 - 2019-09-17 08:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel 2019-09-17 15:53 - 2018-04-11 15:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2019-09-17 15:52 - 2019-09-17 15:52 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2019-09-17 15:49 - 2019-09-17 16:13 - 000000000 ____D C:\Windows.old 2019-09-17 15:47 - 2019-09-17 15:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sda 2019-09-17 15:47 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\IAStorAfsService 2019-09-17 15:37 - 2019-09-17 15:37 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2019-09-17 15:37 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\Setup 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\zu-ZA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\yo-NG 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\xh-ZA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\wo-SN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\vi-VN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ur-PK 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ug-CN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\tt-RU 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\tn-ZA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\tk-TM 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ti-ET 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\te-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\sw-KE 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\sq-AL 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\rw-RW 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\quz-PE 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\prs-AF 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\pa-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\or-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\nso-ZA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\nn-NO 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ne-NP 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\mt-MT 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\mr-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\mn-MN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ml-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\mk-MK 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\mi-NZ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\lo-LA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\lb-LU 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ky-KG 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\kok-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\kn-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\km-KH 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\kk-KZ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ka-GE 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\is-IS 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ig-NG 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\id-ID 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\hy-AM 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\gu-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\gd-GB 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ga-IE 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\fil-PH 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\fa-IR 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\cy-GB 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\bn-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\bn-BD 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\be-BY 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\as-IN 2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\af-ZA 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\0409 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\hi-IN 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\gl-ES 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\eu-ES 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\ca-ES 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\0409 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\DigitalLocker 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\Program Files\Reference Assemblies 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\Program Files\MSBuild 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\Program Files (x86)\MSBuild 2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\winrm 2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\WCN 2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\slmgr 2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\OCR 2019-09-17 15:35 - 2019-09-17 15:35 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2019-09-17 15:33 - 2019-05-30 17:57 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-09-17 15:33 - 2019-05-30 17:57 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-09-17 15:32 - 2019-09-17 15:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2019-09-17 15:32 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2019-09-17 15:32 - 2019-09-17 15:31 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2019-09-17 15:32 - 2019-09-17 15:31 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat 2019-09-17 15:32 - 2019-09-17 15:31 - 000215943 _____ C:\WINDOWS\system32\dssec.dat 2019-09-17 15:32 - 2019-09-17 15:31 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2019-09-17 15:32 - 2019-09-17 15:31 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2019-09-17 15:32 - 2019-09-17 15:31 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam 2019-09-17 15:32 - 2019-09-17 15:31 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json 2019-09-17 15:32 - 2019-09-17 15:31 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT 2019-09-17 15:32 - 2019-09-17 15:31 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT 2019-09-17 15:31 - 2019-09-18 06:34 - 000000000 ___HD C:\Program Files\WindowsApps 2019-09-17 15:31 - 2019-09-18 06:34 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-09-17 15:31 - 2019-09-18 06:28 - 000000000 ____D C:\WINDOWS\INF 2019-09-17 15:31 - 2019-09-18 06:25 - 000000000 ____D C:\WINDOWS\appcompat 2019-09-17 15:31 - 2019-09-18 06:20 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-09-17 15:31 - 2019-09-17 16:35 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2019-09-17 15:31 - 2019-09-17 15:53 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2019-09-17 15:31 - 2019-09-17 15:53 - 000000000 ____D C:\WINDOWS\Registration 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ___SD C:\WINDOWS\system32\UNP 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\TextInput 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ta-in 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\si-lk 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\setup 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\am-et 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\ShellComponents 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\Provisioning 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\Program Files\Windows Defender 2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2019-09-17 15:31 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\com 2019-09-17 15:31 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2019-09-17 15:31 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\migwiz 2019-09-17 15:31 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\com 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___SD C:\WINDOWS\system32\F12 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___SD C:\WINDOWS\system32\dsc 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___RD C:\Program Files (x86) 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\spool 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\MUI 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\Dism 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\IME 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\Help 2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2019-09-17 15:31 - 2019-09-17 15:33 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2019-09-17 15:31 - 2019-09-17 15:33 - 000000000 ____D C:\Program Files\Common Files\system 2019-09-17 15:31 - 2019-09-17 15:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ___SD C:\WINDOWS\system32\Nui 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\ta-lk 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\my-mm 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\icsxml 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\ias 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\downlevel 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\DDFs 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\Bthprops 2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 __SHD C:\Program Files\Windows Sidebar 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 __RSD C:\WINDOWS\media 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 __RHD C:\Users\Public\Libraries 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___SD C:\WINDOWS\system32\Configuration 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___RD C:\WINDOWS\Offline Web Pages 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Web 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\WaaS 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Vss 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\tracing 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\TAPI 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ras 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\IME 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SystemResources 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SystemApps 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\winevt 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\ras 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\ProximityToast 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\PointOfService 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\Ipmi 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\InputMethod 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\IME 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\hydrogen 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\DriverState 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\config\TxR 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\config\RegBack 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\config\Journal 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\AppLocker 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\System 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SKB 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\ServiceState 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\security 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\schemas 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SchCache 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Resources 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\rescache 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\PLA 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Performance 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\ModemLogs 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\L2Schemas 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\InputMethod 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\IdentityCRL 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Globalization 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Cursors 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Branding 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\addins 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\ProgramData\USOShared 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\ProgramData\USOPrivate 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files\Windows Security 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files\Windows Portable Devices 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files\windows nt 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files\Windows Multimedia Platform 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files\Common Files\Services 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files (x86)\windows nt 2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2019-09-17 15:31 - 2019-09-17 09:22 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile 2019-09-17 15:31 - 2019-09-17 05:39 - 000000000 ___RD C:\WINDOWS\PrintDialog 2019-09-17 15:31 - 2019-09-17 05:23 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2019-09-17 15:30 - 2019-09-18 06:39 - 000000000 ____D C:\ProgramData\NVIDIA 2019-09-17 15:30 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2019-09-17 15:30 - 2019-09-17 15:34 - 000000000 ____D C:\ProgramData\Intel 2019-09-17 15:30 - 2019-09-17 15:34 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2019-09-17 15:30 - 2019-09-17 15:34 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2019-09-17 15:30 - 2019-09-17 15:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2019-09-17 15:30 - 2019-09-17 15:33 - 000000000 ____D C:\Program Files\Intel 2019-09-17 15:30 - 2019-09-17 15:33 - 000000000 ____D C:\Intel 2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 ____H C:\ProgramData\DP45977C.lfl 2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation 2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 ____D C:\WINDOWS\system32\DAX3 2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 ____D C:\WINDOWS\system32\DAX2 2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 ____D C:\Program Files\Realtek 2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin 2019-09-17 15:30 - 2018-11-21 02:25 - 000136288 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2019-09-17 15:30 - 2018-11-21 02:25 - 000111200 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2019-09-17 15:30 - 2018-08-12 22:03 - 005947888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2019-09-17 15:30 - 2018-08-12 22:03 - 002612432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2019-09-17 15:30 - 2018-08-12 22:03 - 001767280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2019-09-17 15:30 - 2018-08-12 22:03 - 000633712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2019-09-17 15:30 - 2018-08-12 22:03 - 000451056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2019-09-17 15:30 - 2018-08-12 22:03 - 000124112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2019-09-17 15:30 - 2018-08-12 22:03 - 000083336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2019-09-17 15:30 - 2018-08-03 01:47 - 008273432 _____ C:\WINDOWS\system32\nvcoproc.bin 2019-09-17 15:30 - 2018-06-14 02:45 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2019-09-17 15:29 - 2019-09-17 16:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-09-17 15:28 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\servicing 2019-09-17 15:28 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\SMI 2019-09-17 15:28 - 2019-09-17 12:09 - 101711872 _____ C:\WINDOWS\system32\config\SOFTWARE 2019-09-17 15:28 - 2019-09-17 12:09 - 030932992 _____ C:\WINDOWS\system32\config\SYSTEM 2019-09-17 15:28 - 2019-09-17 12:09 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT 2019-09-17 15:28 - 2019-09-17 12:09 - 000262144 _____ C:\WINDOWS\system32\config\BBI 2019-09-17 15:28 - 2019-09-17 12:09 - 000065536 _____ C:\WINDOWS\system32\config\SAM 2019-09-17 15:28 - 2019-09-17 12:09 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY 2019-09-17 15:28 - 2019-09-17 05:28 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2019-09-17 15:27 - 2019-09-17 15:49 - 000234496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-09-17 15:27 - 2019-09-17 15:27 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2019-09-17 15:27 - 2019-09-17 11:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-09-17 14:29 - 2019-09-17 16:15 - 000000000 ___HD C:\$SysReset 2019-09-17 09:26 - 2019-09-18 06:20 - 000000000 ____D C:\Users\vaira\AppData\Local\CrashDumps 2019-09-17 05:52 - 2019-09-17 05:52 - 000000000 ____D C:\Users\vaira\AppData\Local\Micro-Star_International_ 2019-09-17 05:44 - 2019-09-17 05:44 - 000000000 ____D C:\Users\vaira\AppData\Local\D3DSCache 2019-09-17 05:43 - 2019-09-17 05:43 - 000000001 _____ C:\Users\Public\Documents\dgc_DC.txt 2019-09-17 05:43 - 2019-09-17 05:43 - 000000001 _____ C:\ProgramData\Documents\dgc_DC.txt 2019-09-17 05:40 - 2019-09-17 05:40 - 000000000 ____D C:\Users\vaira\AppData\Local\Comms 2019-09-17 05:29 - 2019-09-18 05:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security 2019-09-17 05:26 - 2019-09-17 05:26 - 000000000 ____D C:\Users\vaira\AppData\Roaming\Intel Corporation 2019-09-17 05:25 - 2019-09-18 06:25 - 000000000 ___RD C:\Users\vaira\OneDrive 2019-09-17 05:25 - 2019-09-17 09:01 - 000000000 ____D C:\Users\vaira\AppData\Local\NVIDIA Corporation 2019-09-17 05:25 - 2019-09-17 05:25 - 000000000 ____D C:\Users\vaira\AppData\Local\MSI 2019-09-17 05:23 - 2019-09-18 06:32 - 000000000 ____D C:\Users\vaira\AppData\Local\Packages 2019-09-17 05:23 - 2019-09-18 05:53 - 000000000 __SHD C:\Users\vaira\IntelGraphicsProfiles 2019-09-17 05:23 - 2019-09-17 05:26 - 000000101 _____ C:\FindOSInstall.txt 2019-09-17 05:23 - 2019-09-17 05:24 - 000000000 ____D C:\Users\vaira\AppData\Local\Intel 2019-09-17 05:23 - 2019-09-17 05:23 - 000000056 _____ C:\tmp-diskpart.txt 2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ___RD C:\Users\vaira\3D Objects 2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Roaming\Intel 2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Roaming\Adobe 2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Local\VirtualStore 2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Local\Publishers 2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Local\DBG 2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Local\ConnectedDevicesPlatform 2019-09-17 04:15 - 2019-09-17 04:15 - 000002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-09-17 04:15 - 2019-09-17 04:15 - 000002472 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-09-17 04:15 - 2019-09-17 04:15 - 000002468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-09-17 04:15 - 2019-09-17 04:15 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-09-17 04:15 - 2019-09-17 04:15 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-09-17 04:15 - 2019-09-17 04:15 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-09-17 04:15 - 2019-09-17 04:15 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-09-17 04:15 - 2019-09-17 04:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\أدوات Microsoft Office 2019-09-17 04:14 - 2019-09-17 04:14 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2019-09-17 04:10 - 2019-09-18 06:25 - 000002370 _____ C:\Users\vaira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-09-17 04:10 - 2019-09-17 05:25 - 000000000 ____D C:\Users\vaira 2019-09-17 04:10 - 2019-09-17 04:10 - 000000020 ___SH C:\Users\vaira\ntuser.ini 2019-09-17 04:10 - 2019-09-17 04:09 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2019-09-17 04:06 - 2019-09-18 06:34 - 000000000 ____D C:\ProgramData\Packages ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-09-17 15:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2019-09-17 15:34 - 2017-06-23 17:39 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 2019-09-17 15:34 - 2017-06-23 17:39 - 000000000 ____D C:\ProgramData\TriDef SmartCam 2019-09-17 15:34 - 2017-06-23 17:39 - 000000000 ____D C:\Program Files (x86)\TriDef 2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\NARAx64 2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\Users\Public\Symantec 2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\ProgramData\Symantec 2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup 2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\ProgramData\boost_interprocess 2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\Program Files (x86)\SymSilent 2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\Program Files (x86)\Symantec 2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\Program Files (x86)\Norton Online Backup ARA 2019-09-17 15:34 - 2017-06-23 17:28 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2019-09-17 15:34 - 2017-06-23 17:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSx64 2019-09-17 15:34 - 2017-06-23 17:28 - 000000000 ____D C:\ProgramData\NortonInstaller 2019-09-17 15:34 - 2017-06-23 17:28 - 000000000 ____D C:\Program Files (x86)\NortonInstaller 2019-09-17 15:34 - 2017-06-23 17:14 - 000000000 ____D C:\WINDOWS\RE_DRIVE 2019-09-17 15:34 - 2017-06-23 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI 2019-09-17 15:34 - 2017-06-23 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sizing Options 2019-09-17 15:34 - 2017-06-23 17:13 - 000000000 ____D C:\Program Files (x86)\MSI 2019-09-17 15:34 - 2017-06-23 17:12 - 000000000 ____D C:\Program Files (x86)\SCM 2019-09-17 15:34 - 2017-06-23 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnRecovery 2019-09-17 15:34 - 2017-06-23 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nahimic 2 Audio Driver 2019-09-17 15:34 - 2017-06-23 16:50 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles 2019-09-17 15:34 - 2017-06-23 16:47 - 000000000 ____D C:\ProgramData\Downloaded Installations 2019-09-17 15:34 - 2017-06-23 16:45 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2019-09-17 15:34 - 2017-06-23 16:45 - 000000000 ____D C:\WINDOWS\system32\RTCOM 2019-09-17 15:34 - 2017-06-23 16:44 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2019-09-17 15:34 - 2017-06-23 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2019-09-17 15:34 - 2017-06-23 16:44 - 000000000 ____D C:\Program Files (x86)\Realtek 2019-09-17 15:34 - 2017-06-23 16:41 - 000000000 ____D C:\ProgramData\Package Cache 2019-09-17 15:34 - 2017-06-23 00:20 - 000000000 ____D C:\User Manual 2019-09-17 15:34 - 2017-05-16 14:28 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2019-09-17 15:34 - 2017-03-18 18:31 - 000000000 ____D C:\WINDOWS\HoloShell 2019-09-17 15:33 - 2017-06-23 17:28 - 000000000 ____D C:\Program Files\Norton Security 2019-09-17 15:33 - 2017-06-23 17:28 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared 2019-09-17 15:33 - 2017-06-23 17:11 - 000000000 ____D C:\Program Files (x86)\BurnRecovery 2019-09-17 15:33 - 2017-06-23 16:54 - 000000000 ____D C:\Program Files\Nahimic 2019-09-17 15:33 - 2017-06-23 16:50 - 000000000 ____D C:\Program Files\Common Files\Intel 2019-09-17 15:33 - 2017-06-23 16:49 - 000000000 ____D C:\Program Files\DIFX 2019-09-17 15:33 - 2017-06-23 16:48 - 000000000 ____D C:\Program Files\Synaptics 2019-09-17 15:33 - 2017-06-23 16:47 - 000000000 ____D C:\Program Files\Rivet Networks 2019-09-17 15:33 - 2017-06-23 16:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-09-17 15:33 - 2017-06-23 16:42 - 000000000 ____D C:\Program Files (x86)\Intel 2019-09-17 15:33 - 2017-05-16 14:58 - 000000000 ____D C:\Program Files\Microsoft Office 15 2019-09-17 05:28 - 2017-06-23 17:28 - 000000000 ____D C:\ProgramData\Norton 2019-09-17 05:24 - 2017-06-23 17:14 - 000000000 ____D C:\ProgramData\MSI 2019-09-17 05:23 - 2017-05-16 14:12 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-09-17 04:14 - 2017-05-16 14:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) And attached the Addition.txt log... Regards, ARV Addition.txt FRST.txt

September 18, 2019
16 replies
- nvcontainer recovery
- hdd corrupted
- (and 3 more)
  Tagged with:

Windows 10 slow boot up and HDD corrupted

Arv45 posted a topic in Resolved Malware Removal Logs

Hi, I have msi GL62M 7RDx laptop. Suddenly, windows 10 boot up got slowed down nearly takes 10-15 min to get to the desktop view. After my laptop got started, I tried to open d: drive (internal) and it was even more slower. Then I have restated my pc, again booting time was longer and this time unable to access d: drive at and c: drive got slowed down too.Also, start menu was not working. Then I decided to reset pc with keep my files option but didn't see any improvement. So again did reset pc with remove files option, only windows installed drive.More or less same behaviour with only exception c drive got faster. One suspicious thing which I observed is in c drive a file called "nvcontainerrecoverynvdi...reg" (attached the image) got created and deleted every few seconds. Also, 2 more suspicious batch files in c:\windows\, nvcontainerrecovery.bat and nvtelemetry recovery.bat not sure whether this has any impact. Kindly help me to fix my laptop and also help me to recover my d: drive without losing data. Regards, Arv

September 17, 2019
16 replies
- nvcontainer recovery
- hdd corrupted
- (and 3 more)
  Tagged with:

Sign In

Arv45

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Arv45

Windows 10 slow boot up and HDD corrupted

Windows 10 slow boot up and HDD corrupted

Windows 10 slow boot up and HDD corrupted

Windows 10 slow boot up and HDD corrupted

Windows 10 slow boot up and HDD corrupted

Windows 10 slow boot up and HDD corrupted

Windows 10 slow boot up and HDD corrupted

Windows 10 slow boot up and HDD corrupted

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information