Jump to content
Andrew123

MachineLearning/100%anomalous detection - is this OK?

Recommended Posts

Hi,

I've been using MalwareBytes Free on my computer for a number of years, never had a problem and only use it for the bare basics - only 'safe' websites (Wikipedia, Facebook) and don't use it a great deal anyway.  

Did a scan this morning and it detected "MachineLearning/100%anomalous detection" - interestingly I had run a scan earlier without the internet connected, but after I connected the internet and ran the scan again it found it. I've since quarantined and deleted the file, ran another scan and all seems well - I'd just like to know what it was and whether it was a real problem or a false positive. 

I did a large Windows update (1803) last night and wonder if that's related?

I have looked over this forum and seen that this detection has come up a number of times for people developing their own software, however I am not a software developer and had nothing on my computer that an average user wouldn't have. I understand that MalwareBytes is using new detection systems to stop malware, and so hopefully this is a teething problem rather than a real concern. I'm pretty savvy about computer safety, but still I'd rather be certain that everything is OK.  

I'm attaching the exported report here. There are no other visible signs of infection (slowing down, redirects etc).

Thank you!

 

MB Report.txt

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!!

Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact a Moderator or Administrator to let them know.

 

First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details:

Spoiler

Malwarebytes can detect and remove most malware with no further actions required for free.

If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below.

  1. Open Malwarebytes for Windows
  2. To the left, click Scan > Scan Types.
    image.png
  3. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available.
    image.png
  4. Click Start Scan

Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool:

Spoiler

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  1. Double-click to run it. When the tool opens click Yes to the disclaimer.
  2. Press the Scan button.
    _frst_scan.jpg.d10e66dc03e35ede4fdcba12b
  3. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  4. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually.

Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply. Before submitting your reply, be sure to enable "Notify me of replies" like so: notify me.jpeg

Click "Reveal Hidden Contents" below for details on how to add attachments to your post.
Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

_mb_attach.jpg.a0465aaafd6cae688aa38ab16

Please Note the Following:

  • One of our expert helpers will give you one-on-one assistance when one becomes available.
  • Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  • Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help
  • If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here.

Troubleshooting Tips

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets have a deeper look.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions.


 

Share this post


Link to post
Share on other sites

Hello,

Thank you for your help. As per your request:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Andrew (administrator) on DESKTOP-DANGUIK (23-05-2018 05:43:11)
Running from C:\Users\Andrew\Desktop
Loaded Profiles: Andrew (Available Profiles: Andrew)
Platform: Windows 10 Home Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\ColorEngine\ColorEngine.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportHelper.exe
(Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\29.155.200\software_reporter_tool.exe
(Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\29.155.200\software_reporter_tool.exe
(Google) C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\SwReporter\29.155.200\software_reporter_tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.1_none_eedfeda03074e04e\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16717832 2016-10-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2017-04-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-15] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-14] (Dropbox, Inc.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1859029883-19092773-3022626163-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-13] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{6cbe9bbc-d1c2-4010-b603-a7f219533aa8}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{8718fe39-fb16-455c-80c9-2079bd7e7dd8}: [DhcpNameServer] 168.126.63.1 168.126.63.2

Internet Explorer:
==================
HKU\S-1-5-21-1859029883-19092773-3022626163-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung15.msn.com/?pc=SMTE
HKU\S-1-5-21-1859029883-19092773-3022626163-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung15.msn.com/?pc=SMTE
SearchScopes: HKU\S-1-5-21-1859029883-19092773-3022626163-1001 -> DefaultScope {859287B1-AA97-4996-928E-C3E8170B268E} URL = 
SearchScopes: HKU\S-1-5-21-1859029883-19092773-3022626163-1001 -> {859287B1-AA97-4996-928E-C3E8170B268E} URL = 

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-30] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/?gws_rd=ssl"
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default [2018-05-23]
CHR Extension: (Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27]
CHR Extension: (Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-03]
CHR Extension: (IBM Security Rapport) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-15]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-03]
CHR Extension: (Sheets) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-11]
CHR HKU\S-1-5-21-1859029883-19092773-3022626163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1859029883-19092773-3022626163-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [403264 2016-03-21] (Samsung)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-15] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-15] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-03] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-05-14] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2017-04-17] (ELAN Microelectronics Corp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5249008 2018-01-24] (IBM Corp.)
R2 SamsungLinkService; C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [24977128 2016-03-21] (Samsung Electronics CO., LTD.)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1777048 2017-09-18] (Samsung Electronics Co., Ltd.)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [745224 2015-07-09] (DEVGURU Co., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3298208 2017-10-11] (Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-05-15] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-08] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-08] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-08] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-08] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-05-15] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-05-15] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-05-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-05-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-05-15] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-05-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-05-15] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-05-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-05-15] (AVAST Software)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32328 2015-09-07] (ELAN Microelectronic Corp.)
R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-15] (Intel Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-05-20] (Malwarebytes)
S1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [489616 2018-01-24] (IBM Corp.)
S1 RapportCerberus_1908103; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1908103.sys [1635344 2018-03-15] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [703056 2018-01-24] (IBM Corp.)
S0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [338384 2018-01-24] (IBM Corp.)
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [491800 2018-03-15] (IBM Corp.)
S0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [597976 2018-01-24] (IBM Corp.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [743568 2018-01-24] (IBM Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-09-20] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-05] (Realsil Semiconductor Corporation)
R1 SDiskWindows10; C:\WINDOWS\System32\DRIVERS\SDiskWindows10.sys [111320 2016-03-21] (Samsung Inc.)
R3 Snscr; C:\WINDOWS\System32\drivers\Snscr.sys [52224 2016-10-31] (Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [48896 2015-07-09] (QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2015-07-09] (DEVGURU Co., LTD.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-23 05:43 - 2018-05-23 05:43 - 000017673 _____ C:\Users\Andrew\Desktop\FRST.txt
2018-05-23 05:42 - 2018-05-23 05:43 - 000000000 ____D C:\FRST
2018-05-23 05:41 - 2018-05-23 05:41 - 002413056 _____ (Farbar) C:\Users\Andrew\Desktop\FRST64.exe
2018-05-21 08:05 - 2018-05-21 08:05 - 000001272 _____ C:\Users\Andrew\Desktop\MB Report.txt
2018-05-21 07:26 - 2018-05-21 07:26 - 000000000 ____D C:\Users\Andrew\AppData\Local\D3DSCache
2018-05-21 07:12 - 2018-05-21 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-21 04:42 - 2018-05-20 11:50 - 000000000 ____D C:\Windows.old
2018-05-20 11:51 - 2018-05-21 07:32 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-20 11:51 - 2018-05-20 11:51 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-20 11:50 - 2018-05-21 19:08 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-05-20 11:50 - 2018-05-21 19:08 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-20 11:50 - 2018-05-21 07:26 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-20 11:50 - 2018-05-21 07:26 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-20 11:50 - 2018-05-21 07:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-20 11:50 - 2018-05-21 07:16 - 000004000 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-20 11:50 - 2018-05-21 07:16 - 000003768 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-20 11:50 - 2018-05-20 11:50 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-20 11:50 - 2018-05-20 11:50 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1859029883-19092773-3022626163-1001
2018-05-20 11:50 - 2018-05-20 11:50 - 000002422 _____ C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2018-05-20 11:50 - 2018-05-20 11:50 - 000002418 _____ C:\WINDOWS\System32\Tasks\SamsungLinkTray
2018-05-20 11:50 - 2018-05-20 11:50 - 000002322 _____ C:\WINDOWS\System32\Tasks\SAgent
2018-05-20 11:50 - 2018-05-20 11:50 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-05-20 11:50 - 2018-05-20 11:50 - 000002264 _____ C:\WINDOWS\System32\Tasks\ColorEngine
2018-05-20 11:50 - 2018-05-20 11:50 - 000002216 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-05-20 11:50 - 2018-05-20 11:50 - 000000020 ___SH C:\Users\Andrew\ntuser.ini
2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\SecTimeSync
2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\Samsung
2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1859029883-19092773-3022626163-1001
2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-05-20 11:50 - 2018-05-20 11:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-20 11:49 - 2018-05-20 11:50 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-05-20 11:49 - 2018-05-20 11:50 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-05-20 11:47 - 2018-05-20 11:47 - 000000000 ____D C:\ProgramData\USOShared
2018-05-20 11:44 - 2018-05-20 11:44 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-20 11:43 - 2018-05-20 11:50 - 000000000 ____D C:\Users\Andrew
2018-05-20 11:43 - 2018-05-20 11:44 - 000000000 ____D C:\Users\Andrew\AppData\Local\Google
2018-05-20 11:43 - 2018-04-12 08:34 - 000001105 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-20 11:43 - 2018-04-12 08:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-20 11:43 - 2017-08-02 07:59 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\Mozilla
2018-05-20 11:43 - 2016-11-25 23:19 - 000103960 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-05-20 11:43 - 2016-11-25 23:19 - 000099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-05-20 11:43 - 2016-10-10 18:38 - 000000000 ____D C:\Users\Andrew\AppData\Local\Trusteer
2018-05-20 11:42 - 2018-05-21 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-20 11:42 - 2018-05-21 07:25 - 000264536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-19 22:10 - 2018-05-15 17:16 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000381552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-05-19 22:10 - 2018-05-15 17:16 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000159120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000111360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-05-19 22:10 - 2018-05-15 17:16 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-05-19 22:10 - 2018-03-08 18:23 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-05-19 22:10 - 2018-03-08 18:23 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-05-19 22:10 - 2018-03-08 18:23 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-05-19 22:10 - 2018-03-08 18:23 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-05-19 22:10 - 2018-01-24 17:13 - 000338384 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2018-05-19 22:10 - 2017-06-28 19:10 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.150162212764003
2018-05-19 22:10 - 2016-07-11 17:51 - 000473592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.146822709757802
2018-05-19 22:09 - 2018-05-21 04:42 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-19 22:03 - 2018-05-19 22:10 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-15 20:44 - 2018-05-15 20:44 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-15 20:44 - 2018-05-15 20:44 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-15 20:43 - 2018-05-15 20:43 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-15 20:43 - 2018-05-15 20:43 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-15 20:43 - 2018-05-15 20:43 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-15 20:43 - 2018-05-15 20:43 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-15 20:43 - 2018-05-15 20:43 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-15 20:43 - 2018-05-15 20:43 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-15 20:43 - 2018-05-15 20:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-15 20:43 - 2018-05-15 20:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-15 20:42 - 2018-05-15 20:42 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-15 20:42 - 2018-05-15 20:42 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-15 20:42 - 2018-05-15 20:42 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-15 20:42 - 2018-05-15 20:42 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-15 19:19 - 2018-05-15 19:19 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-15 19:19 - 2018-05-15 19:19 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-15 19:19 - 2018-05-15 19:19 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-15 19:19 - 2018-05-15 19:19 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-15 19:19 - 2018-05-15 19:19 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-15 19:19 - 2018-05-15 19:19 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-15 19:19 - 2018-05-15 19:19 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-15 19:19 - 2018-05-15 19:19 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files\MSBuild
2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-15 19:18 - 2018-05-15 19:18 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-15 19:17 - 2018-05-15 19:17 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-15 19:17 - 2018-05-15 19:17 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-15 19:17 - 2018-05-15 19:17 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-15 19:17 - 2018-05-15 19:17 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-15 19:17 - 2018-05-15 19:17 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-15 19:17 - 2018-05-15 19:17 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-15 18:54 - 2018-05-15 18:54 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-14 20:45 - 2018-05-14 20:45 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-05-14 20:45 - 2018-05-14 20:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-05-14 20:45 - 2018-05-14 20:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-05-14 20:45 - 2018-05-14 20:45 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-10 06:23 - 2018-05-21 06:32 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-05 17:06 - 2018-05-05 17:06 - 015813864 _____ (Piriform Ltd) C:\Users\Andrew\Downloads\ccsetup542.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-23 05:43 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-23 05:42 - 2018-04-12 08:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-23 05:38 - 2016-10-10 18:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-23 05:38 - 2016-01-17 00:06 - 000000000 __SHD C:\Users\Andrew\IntelGraphicsProfiles
2018-05-21 21:35 - 2018-04-12 08:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-21 19:46 - 2017-12-18 20:20 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2018-05-21 19:09 - 2017-12-18 20:20 - 000000000 ____D C:\Users\Andrew\AppData\Roaming\dvdcss
2018-05-21 08:52 - 2016-10-10 18:45 - 000000000 ____D C:\Users\Andrew\AppData\Local\ConnectedDevicesPlatform
2018-05-21 07:36 - 2016-03-03 18:50 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-21 07:32 - 2018-04-12 08:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-21 07:25 - 2016-03-03 19:20 - 000000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-21 07:25 - 2016-03-03 19:20 - 000000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-21 07:16 - 2018-04-12 08:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-21 07:13 - 2016-03-03 19:20 - 000000000 ____D C:\Users\Andrew\AppData\Local\Dropbox
2018-05-21 07:13 - 2016-03-03 19:20 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-21 04:42 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-05-21 04:42 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-05-21 04:42 - 2018-04-12 08:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-21 04:42 - 2018-04-12 08:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\IME
2018-05-21 04:42 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-21 04:42 - 2017-12-18 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-21 04:42 - 2017-12-14 06:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-21 04:42 - 2017-09-29 22:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-21 04:42 - 2017-07-11 18:04 - 000000000 ____D C:\Program Files\UNP
2018-05-21 04:42 - 2016-10-10 18:34 - 000000000 ____D C:\Program Files\Intel
2018-05-21 04:42 - 2016-05-25 15:57 - 000000000 ____D C:\WINDOWS\SysWOW64\vbox
2018-05-21 04:42 - 2016-05-25 15:57 - 000000000 ____D C:\WINDOWS\system32\vbox
2018-05-21 04:42 - 2016-03-07 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-05-21 04:42 - 2016-03-06 19:50 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2018-05-21 04:42 - 2016-03-03 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-21 04:42 - 2015-12-10 02:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\samsung
2018-05-21 04:42 - 2015-12-09 09:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-05-21 04:42 - 2015-12-09 09:24 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2018-05-20 12:07 - 2017-12-31 14:15 - 000000000 ____D C:\Users\Andrew\AppData\Local\Packages
2018-05-20 11:50 - 2017-12-31 15:15 - 000000000 ___RD C:\Users\Andrew\3D Objects
2018-05-20 11:50 - 2015-12-10 02:19 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-20 11:49 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-20 11:47 - 2018-04-12 08:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-20 11:47 - 2018-04-12 08:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-20 11:46 - 2016-10-10 18:40 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-20 11:45 - 2017-12-14 06:07 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-20 11:44 - 2018-04-12 06:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-20 11:43 - 2016-10-10 18:34 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-05-20 11:43 - 2016-10-10 18:34 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-05-20 11:43 - 2016-10-10 18:34 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-05-20 11:43 - 2016-10-10 18:34 - 000000000 ____D C:\Program Files\Elantech
2018-05-19 22:17 - 2018-04-12 08:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-05-19 22:11 - 2018-04-12 18:15 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-05-19 22:11 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-19 22:11 - 2016-10-11 11:03 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-05-19 22:11 - 2016-10-10 18:34 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-05-19 22:10 - 2018-04-12 18:18 - 000000000 ____D C:\WINDOWS\OCR
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-05-19 22:10 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\Help
2018-05-19 22:10 - 2018-04-12 06:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-05-19 22:10 - 2016-03-03 19:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files\Common Files\system
2018-05-19 22:09 - 2018-04-12 08:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-19 22:09 - 2016-10-10 18:34 - 000000000 ____D C:\Program Files\Realtek
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-15 20:46 - 2018-04-12 18:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-15 20:46 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-15 19:19 - 2018-04-12 08:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-15 17:16 - 2017-12-27 18:32 - 000234560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-05-15 17:16 - 2016-08-09 18:03 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-11 08:10 - 2016-03-08 19:04 - 000000000 ___RD C:\Users\Andrew\Desktop\Other stuff
2018-05-11 08:08 - 2016-03-03 19:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-11 07:56 - 2017-10-12 19:26 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-11 07:56 - 2016-03-03 19:15 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-05 17:08 - 2016-03-03 19:10 - 000000000 ____D C:\Users\Andrew\Desktop\Deflector Shields
2018-05-05 08:23 - 2016-01-17 00:08 - 000000000 ___RD C:\Users\Andrew\OneDrive
2018-05-02 06:22 - 2018-04-12 08:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-02 06:22 - 2018-04-12 08:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-03-03 18:58 - 2017-04-17 18:08 - 000067064 _____ () C:\ProgramData\SettingsDataBackup.reg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-20 11:42

==================== End of FRST.txt ============================

Addition.txt

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Please post the Fixldog.txt and let me know of any remaining issues with this computer.


 

fixlist.txt

Share this post


Link to post
Share on other sites

Hi,

I created the system restore point as per your instructions and ran the fixlog. Results are attached. 

What's the next step? 

Thanks!

Fixlog.txt

Share this post


Link to post
Share on other sites

I have ran Malwarebytes and Avast (no worrying results either time), and it seems to be running normally.

Do you think everything is OK? I really want to know if this was a genuine problem or if it was just a false positive. 

Thanks a lot!

Share this post


Link to post
Share on other sites

Hi,
===

Malwarebytes has deleted a temporary file in a Temp folder.
C:\USERS\ANDREW\APPDATA\LOCAL\TEMP\BITC763.TMP

These files are created when needed by a program you run.

Keep an eye on this issue with Malwarebytes.

Let me know in a few days if all is well.

Share this post


Link to post
Share on other sites

Hi,

Thanks for the response. Is there any way to know which program created this file?

I have kept an eye on things for the last 72 hours and have ran scans daily - and haven't seen anything. 

Nonetheless, I'd like to know if it was something nasty, since I can't guess where I picked it up from - I have literally only done online banking, Band and Facebook on this machine for the last month...

Thanks again!

Share this post


Link to post
Share on other sites

Hi,

No!

It can come from running a program, a downloaded program that you installed etc...

 

Share this post


Link to post
Share on other sites

Hi,

I see. So is there no way to know if this was a real piece of malware or just a false positive?

It's a bit worrying!!

Thanks.

Share this post


Link to post
Share on other sites

Erk...

I just found this:

https://github.com/bit-c/bitc

It looks like it is something to do with Bitcoin?

I have NEVER downloaded or been involved in Bitcoin or any online currency. 

But I cannot understand how I could have caught anything malicious when I use only trusted websites. I mean - I hardly use this computer for anything at all, and I am near-obsessive about security on the thing.  (I'm not a novice with security or computers in general either!)

Thanks!!

Share this post


Link to post
Share on other sites

Hi,

It may be a dead link.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
github.com
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Share this post


Link to post
Share on other sites

Hi,

OK, I have run it as an administrator.

Here it is:

Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Andrew (25-05-2018 06:04:51)
Running from C:\Users\Andrew\Desktop
Boot Mode: Normal

================== Search Registry: "github.com" ===========


====== End of Search ======

Edited by Andrew123

Share this post


Link to post
Share on other sites

Hi,

 

Good work nothing left in the registry.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

 

Share this post


Link to post
Share on other sites

Hi,

Does that mean it looks safe to you?

I still wonder where it came from. I am militant about my computer security. 

I had a look online (at work - all I've done on my home computer is do this diagnosis!) and saw that bitc.tmp files turn up for others as well. It hardly turns up in Google searches, some sources say it's to do with BitComet (but again - I don't torrent anything and never have)... other than that, it's a dead end. 

All in all, I'm still confused. I have used this computer for about three websites, all totally safe sites (wikipedia, etc). 

Do you think it's safe? 

Thank you for all your help, Nasdaq, I appreciate it a lot!

Share this post


Link to post
Share on other sites

Hi,

From what I see it's clean.

Play it safe and run this scan.

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.



Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Share this post


Link to post
Share on other sites

Hi,

I ran the Sophos Virus Removal Tool as requested. I didn't get a log at the end because it just said 'No virus found - your computer is clean'. I couldn't download a log or anything. 

Reckon I can call off the hunting party?:-)

Thanks!

Andrew

Share this post


Link to post
Share on other sites

Hi,

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===
 

Share this post


Link to post
Share on other sites
1 hour ago, Pinetrees said:

Bitcoin mining could be the reason why this happened. The system malfunctioned even when I played Bitcoin game where the mining happened

I considered this. I do not, and have never, had any involvement in virtual currencies. So - have I been infected by some bitcoin mining virus? Well, first of all I have none of the telltale symptoms - my computer is fast, responsive, I haven't seen anything unusual on Task Manager, CPU usage, heat from the machine and MalwareBytes and Avast show up nothing. 

Not to mention the fact I have been nowhere near ANY websites that were untrustworthy - literally, Facebook, Gmail, and Wikipedia, and I didn't click outside any of them, not even a spam email. I have no idea WHERE it could have come from. 

So...still not sure.

Share this post


Link to post
Share on other sites

Hi,

Pinetrees is not authorized to post in live topic.

 

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.