RayRay26 Posted September 24, 2018 ID:1271283 Share Posted September 24, 2018 Posted Yesterday, 01:59 PM I'm a completely novice computer user. Recently, I have been having some malware issues on my PC which is Windows 10. I already have an antivirus, Quick Heal Total Security, and recently, it detected a Coinhive mining malware on my computer, plus, it keeps showing pop up windows that it has blocked access to multiple harmful websites even when I'm accessing reliable websites like Amazon and others. I researched a bit on the Coinhive virus and found out some serious things, and so I'm currently scanning my computer for all kinds of malware, spyware, adware, rootkits using a variety of tools just to be safe. I know I'm being paranoid, but better be paranoid than have my personal data compromised. So far, I've used Malwarebytes to run a full system scan, TDSSKiller for rootkits, and a full system scan by my installed antivirus. All three of them came up clean after that one Coinhive virus was removed. I'm also planning to use more scanners like AdW, ESET, Rkill, as many as I have found to be on the safe side. Now, I started running a scan with GMER for rootkits today, in safe mode, however, the first time, mid-scan, the window just disappeared off the screen. I ran it a second time, and it only showed two entries in the log list before a message was displayed that my system had run into an error and needed to restart. I booted the computer into safe mode once again and started GMER for the third time, and same thing happened. Two logs, then mid-scan, same error message and restart. So, now I'm thinking I do have a rootkit that is stopping GMER from running a scan. I really don't know what to do right now. I also know that GMER is supposed to be for advanced users only, but my plan was to just get the results, save them and then show them to an expert, either here or if not possible, then to someone I know. However, given the fact that the scan won't even get halfway through, I don't know what to do. Would be grateful if someone could point me in the right direction. GMER not being able to complete the scan does mean that I have some kind of rootkit stopping it from working, right? Or could there be any other reasons for that? Thank you very much. P.S. I know I need to backup my data before I run any tools recommended by experts here, but I'm actually worried about infecting my backup as well. As I have already mentioned before, my computer was infected by a coinhive mining virus before, and even though it's removed now, I haven't deleted any old system restore points or registry files so it's possible the virus still persists. Plus, since my computer may have other kinds of malware right now including rootkits, if I try to back up my data now, isn't there a good possibility that I'm also infecting my back up? I back up all my data on an external hard drive, and they are even more susceptible to infection, just by plugging it in to my computer right now could transmit the malware. So, if in the end of the malware removal process, I lose some of my data and have to restore it from my backup, am I facing a chance of re-infection and also damage to my external hard drive? If so, then could you please suggest a safe way to backup all of my data? My data does not contain any applications or program files, it's only composed of documents, videos, music and images which are all stored in D and E drives, I'm not going to be backing up anything from C drive. Is there no way to safely backup, or backup in a way so that when I restore it back on the clean PC, it does not reinfect? Because I currently have some important files on my computer that I can't lose, I know there is no 100% guaranteed way that if I backup it won't be infected, but how should I reduce the risks? I don't want to lose any files by running scans with the anti-malware tools, so please point me in the right direction of backing up my files relatively safely before I can use the suggested tools and post the logs. Please suggest a safe backup method so I can proceed with the removal process. Link to post Share on other sites More sharing options...
nasdaq Posted September 25, 2018 ID:1271403 Share Posted September 25, 2018 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Let start with this and see what we can find. Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click Attach this file.Click the Add reply button. === Please post the logs for my review. Wait for further instructions Link to post Share on other sites More sharing options...
RayRay26 Posted September 26, 2018 Author ID:1271583 Share Posted September 26, 2018 Okay, I'll do it immediately. Just want to clarify couple of things first. I have a Bittorrent client, namely the bittorrent.exe or utorrent client on my computer. However, point to be noted, I don't use this client anymore. I used to use it to download torrents, but then I found out that AV companies were flagging it as harmful for the computer, and I immediately tried scanning with Malwarebytes and my installed AV so that it would weed out all traces of the application from my computer, but neither of those things flagged it as a virus. I can totally uninstall it, but my only question is, if it's bundled up with malware, will simply uninstalling the application be enough to wipe out all traces of it from my computer? If yes, then I can uninstall it right away, and if needed, I can also delete any files left behind by it but you'll have to guide me a bit regarding that. Second, while running FRST, do I need to disable my installed AV? Will it interfere in any way? And last but not least, I don't know much about what the FRST does, so have to ask this, will running a scan with this tool cause any malware present on my computer to counter-react, therefore posing the risk of me losing my personal data? What I mean is, right now I have absolutely no recent backup of my data, so if I run this tool wthout backing up, is there a chance I might potentially lose some important files? I'm only asking this because I'm not sure what FRST does, and I know malware removal tools can actually end up harming some data in the process. Thank you so much. Sorry if I'm asking too many questions, just want to be thorough about everything. Link to post Share on other sites More sharing options...
nasdaq Posted September 26, 2018 ID:1271649 Share Posted September 26, 2018 Hi. Bittorrent is P2P download manager. It's a PUP (Potentially Unwanted Programs) use it at your own risk. Anything downloaded with it should be check with Virus total to find out if it carries malware. Link. https://www.virustotal.com/#/home/upload === FRST will not delete anything. It will only scan the computer and report. Link to post Share on other sites More sharing options...
RayRay26 Posted September 28, 2018 Author ID:1272282 Share Posted September 28, 2018 Okay, please allow me a couple of days time to post back the logs. Currently in a bit of a situation, will do it positively in a couple days. Sorry for the delay and thank you for your time. Link to post Share on other sites More sharing options...
nasdaq Posted September 29, 2018 ID:1272378 Share Posted September 29, 2018 Hi, No problems. Link to post Share on other sites More sharing options...
RayRay26 Posted October 2, 2018 Author ID:1272892 Share Posted October 2, 2018 Started the scan, was facing a few issues with the computer that's why the delay. Will post back the logs in a few hours once the scan completes. Link to post Share on other sites More sharing options...
RayRay26 Posted October 13, 2018 Author ID:1275218 Share Posted October 13, 2018 Farber Recovery Tool Logs Below. Note: The List BCD, Drivers MD5, Shortcut.txt and 90 Days Files options were unchecked while scanning. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018 Ran by hp (administrator) on LAPTOP-DO1RT005 (13-10-2018 02:16:54) Running from C:\Users\hp\Desktop Loaded Profiles: hp (Available Profiles: hp) Platform: Windows 10 Home Single Language Version 1803 17134.285 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\scsecsvc.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE () C:\Program Files\Quick Heal\Quick Heal Total Security\BSSISS.EXE (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki121190.inf_amd64_47cec0e8450d81b4\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\OPSSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\qhpisvr.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.EXE (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\emlproxy.exe (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\scanwscs.exe (HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe (HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe (Greatis Software, LLC) C:\Program Files (x86)\StopUpdates10\SU10Guard.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki121190.inf_amd64_47cec0e8450d81b4\igfxEM.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\updates\7.10.4_44633\bittorrentie.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\updates\7.10.4_44633\bittorrentie.exe (HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\sapissvc.exe () C:\Users\hp\Downloads\KillUpdate.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9216000 2017-04-13] (Realtek Semiconductor) HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [224384 2017-06-15] (Quick Heal Technologies Ltd.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-21] (HP Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [10150912 2018-02-22] (FreeDownloadManager.org) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [BitTorrent] => C:\Users\hp\AppData\Roaming\BitTorrent\BitTorrent.exe [1989824 2018-10-10] (BitTorrent Inc.) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [1454592 2018-09-13] (Adobe Systems Incorporated) IFEO\dismHost.exe: [Debugger] nul IFEO\EOSNOTIFY.EXE: [Debugger] nul IFEO\InstallAgent.exe: [Debugger] nul IFEO\MusNotification.exe: [Debugger] nul IFEO\remsh.exe: [Debugger] nul IFEO\SIHClient.exe: [Debugger] nul IFEO\UpdateAssistant.exe: [Debugger] nul IFEO\UsoClient.exe: [Debugger] nul IFEO\WaaSMedic.exe: [Debugger] nul IFEO\Windows10Upgrade.exe: [Debugger] nul IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] nul Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{5d7ec3e3-d1b0-4ab1-9443-f700c0927a7a}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{e73291ed-557f-433c-9647-50f919fe0057}: [NameServer] 72.16.0.1,4.2.2.2 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-177186563-2203864396-2981051637-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-177186563-2203864396-2981051637-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-07] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-07] (HP Inc.) BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-07] (HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Edge: ====== Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.48.0_neutral__8wekyb3d8bbwe [2018-07-22] FireFox: ======== FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-23] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-177186563-2203864396-2981051637-1001: @catalinahub.com/CatalinaGroup Update;version=3 -> C:\Users\hp\AppData\Local\CatalinaGroup\Update\1.3.25.213\npCatalinaUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-177186563-2203864396-2981051637-1001: @catalinahub.com/CatalinaGroup Update;version=9 -> C:\Users\hp\AppData\Local\CatalinaGroup\Update\1.3.25.213\npCatalinaUpdate3.dll [No File] Chrome: ======= CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2018-10-13] CHR Extension: (Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-10] CHR Extension: (Free Download Manager) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2018-08-04] CHR Extension: (Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-10] CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-10] CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-10] CHR Extension: (uBlock Origin) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-26] CHR Extension: (Tampermonkey) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-12] CHR Extension: (Adobe Acrobat) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-10] CHR Extension: (Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-10] CHR Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20] CHR Extension: (Temporary Bookmarks) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gicpnnockilhclmgekhdnnjokdmlfhmk [2018-09-01] CHR Extension: (No Coin - Block miners on the web!) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojamcfopckidlocpkbelmpjcgmbgjcl [2018-09-26] CHR Extension: (Selectable - for fanfiction.net and more) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcidlhgdoojamkbpmhbpgldmajnobefd [2018-06-11] CHR Extension: (Disconnect) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2018-09-26] CHR Extension: (Video DownloadHelper) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-09-20] CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-10-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-10] CHR Extension: (Chrome Media Router) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19] CHR Extension: (Privacy Badger) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2018-10-07] CHR HKU\S-1-5-21-177186563-2203864396-2981051637-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE [80000 2018-08-06] (Quick Heal Technologies Ltd.) R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [38512 2018-08-09] (Quick Heal Technologies Ltd.) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [134624 2017-04-15] (Realtek Semiconductor Corp.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation) R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [67200 2018-06-04] (Quick Heal Technologies Ltd.) S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [339056 2018-08-06] (Quick Heal Technologies Ltd.) R3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [339056 2018-08-06] (Quick Heal Technologies Ltd.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-10] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-10] (Dropbox, Inc.) R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2210936 2017-02-09] (Intel Corporation) S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent) R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-08] (HP Inc.) [File not signed] R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-02] (HP Inc.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-04] (HP Inc.) R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Corporation) S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [196200 2017-02-20] (Intel Corporation) R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [71808 2017-06-15] (Quick Heal Technologies Ltd.) R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [173184 2017-07-04] (Quick Heal Technologies Ltd.) R2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [43136 2018-02-10] (Quick Heal Technologies Ltd.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-13] (Realtek Semiconductor) R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [367136 2018-06-20] (Quick Heal Technologies Ltd.) R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [638576 2018-02-10] (Quick Heal Technologies Ltd.) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R2 SU10Guard; C:\Program Files (x86)\StopUpdates10\SU10Guard.exe [67480 2018-10-04] (Greatis Software, LLC) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-08-24] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-03] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 arwflt; C:\WINDOWS\System32\DRIVERS\arwflt.sys [107592 2018-08-06] (Quick Heal Technologies Ltd.) R3 atkldrvr; C:\WINDOWS\System32\DRIVERS\atkldrvr.sys [57144 2017-04-27] (Quick Heal Technologies Ltd.) R1 bdsflt; C:\WINDOWS\System32\DRIVERS\bdsflt.sys [406648 2018-08-09] (Quick Heal Technologies Ltd.) R2 bdsnm; C:\WINDOWS\system32\DRIVERS\bdsnm.sys [49960 2018-08-09] (Quick Heal Technologies Ltd.) R3 bsfs; C:\WINDOWS\System32\DRIVERS\bsfs.sys [96784 2018-02-10] (Quick Heal Technologies Ltd.) R2 catflt; C:\WINDOWS\System32\DRIVERS\catflt.sys [158576 2017-05-23] (Quick Heal Technologies Ltd.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67976 2017-02-09] (Intel Corporation) S0 elamdrv; C:\WINDOWS\System32\DRIVERS\elamdrv.sys [37536 2016-01-25] (Quick Heal Technologies Ltd.) R2 emlssx; C:\WINDOWS\system32\DRIVERS\emlssx.sys [39792 2016-04-12] (Quick Heal Technologies Ltd.) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355208 2017-02-09] (Intel Corporation) R1 ggc; C:\WINDOWS\System32\DRIVERS\ggc.sys [95736 2018-05-31] (Quick Heal Technologies Ltd.) R3 kbfltr; C:\WINDOWS\system32\DRIVERS\kbfltr.sys [39152 2017-04-27] (Quick Heal Technologies Ltd.) S3 llio; C:\windows\system32\DRIVERS\llio.sys [92496 2018-09-26] (Quick Heal Technologies Ltd.) S0 mscank; C:\WINDOWS\System32\DRIVERS\mscank.sys [62344 2017-04-27] (Quick Heal Technologies Ltd.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-14] (Realtek ) S3 RT8723DE; C:\WINDOWS\System32\drivers\rtl8723de.sys [6763672 2017-04-28] (Realtek Semiconductor Corporation ) R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [723920 2017-07-20] (Realtek Semiconductor Corporation) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-27] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6895984 2017-08-17] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [45144 2017-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [46680 2017-08-24] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation) R0 webssx; C:\WINDOWS\System32\drivers\webssx8.sys [104496 2018-06-04] (Quick Heal Technologies Ltd.) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-13 02:16 - 2018-10-13 02:18 - 000024214 _____ C:\Users\hp\Desktop\FRST.txt 2018-10-13 02:15 - 2018-10-13 02:16 - 000000000 ____D C:\FRST 2018-10-13 02:14 - 2018-10-13 02:14 - 002414592 _____ (Farbar) C:\Users\hp\Desktop\FRST64.exe 2018-10-12 22:00 - 2018-10-12 22:00 - 000000000 ___HD C:\Users\hp\ScStore 2018-10-10 04:02 - 2018-10-12 22:01 - 000000000 ____D C:\Users\hp\AppData\LocalLow\BitTorrent 2018-10-07 06:55 - 2018-10-07 06:55 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2018-10-06 05:59 - 2018-10-06 06:00 - 000112845 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E04.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to].torrent 2018-10-06 02:32 - 2018-10-06 02:32 - 000000000 ____D C:\Users\hp\AppData\Local\ElevatedDiagnostics 2018-10-06 02:29 - 2018-10-06 02:29 - 000046682 _____ C:\Users\hp\Downloads\wushowhide.diagcab 2018-10-06 01:23 - 2018-10-06 01:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StopUpdates10 2018-10-06 01:22 - 2018-10-07 19:42 - 000000000 ____D C:\Program Files (x86)\StopUpdates10 2018-10-06 01:19 - 2018-10-04 23:36 - 001325560 _____ (Greatis Software ) C:\Users\hp\Downloads\stopupdates10setup.exe 2018-10-05 02:57 - 2018-10-05 08:13 - 000003084 _____ C:\WINDOWS\System32\Tasks\Kill-Update 2018-10-05 02:56 - 2018-10-05 02:56 - 000000000 ____D C:\Users\hp\AppData\Roaming\Kill-Update 2018-10-05 02:53 - 2018-10-05 02:53 - 000274952 _____ () C:\Users\hp\Downloads\KillUpdate (2).exe 2018-10-05 02:38 - 2018-10-05 02:38 - 000274952 _____ () C:\Users\hp\Downloads\KillUpdate.exe 2018-10-05 02:05 - 2018-10-05 02:05 - 001611639 _____ C:\Users\hp\Downloads\stopupdates10portable (1).zip 2018-10-05 01:41 - 2018-10-05 01:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-177186563-2203864396-2981051637-1001 2018-10-04 23:36 - 2018-10-04 23:36 - 001298187 _____ C:\Users\hp\Downloads\stopupdates10.zip 2018-10-04 16:50 - 2018-10-04 16:50 - 000000000 ____D C:\Users\hp\AppData\Roaming\IObit 2018-10-04 14:08 - 2018-10-04 14:08 - 000000000 ____D C:\Program Files (x86)\IObit 2018-10-04 00:15 - 2018-10-04 00:15 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (3).torrent 2018-10-04 00:14 - 2018-10-04 00:14 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent 2018-10-03 23:56 - 2018-10-03 23:56 - 000000000 ___RD C:\Users\hp\Documents\Notes 2018-10-03 20:59 - 2018-10-03 20:59 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent 2018-10-03 18:32 - 2018-10-03 18:32 - 000121445 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to] (1).torrent 2018-10-03 02:44 - 2018-10-03 02:44 - 000125310 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.1080p.HDTV.x264-MTB[rartv]-[rarbg.to].torrent 2018-10-03 02:42 - 2018-10-03 02:42 - 000121445 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to].torrent 2018-10-03 02:40 - 2018-10-03 02:40 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-03 00:25 - 2018-10-03 00:25 - 000088014 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E02.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-02 21:32 - 2018-10-03 00:15 - 2414105171 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.The.Fourth.Of.July.1080p.STAN.WEB-DL.DDP5.1.H264-SiGMA.mkv 2018-10-02 21:32 - 2018-10-02 21:32 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (4).torrent 2018-10-02 21:31 - 2018-10-02 21:31 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (3).torrent 2018-10-02 20:11 - 2018-10-02 20:11 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent 2018-10-02 20:05 - 2018-10-02 20:05 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent 2018-10-02 19:58 - 2018-10-02 19:58 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-02 19:54 - 2018-10-02 19:54 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk 2018-10-02 19:54 - 2018-10-02 19:54 - 000000000 ____D C:\Program Files\VideoLAN 2018-10-02 19:50 - 2018-10-02 19:52 - 041486400 _____ C:\Users\hp\Downloads\vlc-3.0.4-win64.exe 2018-10-02 19:36 - 2018-10-02 19:36 - 000000000 ____D C:\Users\hp\AppData\Roaming\KMP 2018-10-02 19:33 - 2018-10-02 19:33 - 000000898 _____ C:\Users\hp\Desktop\KMPlayer 64X.lnk 2018-10-02 19:33 - 2018-10-02 19:33 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KMPlayer 64X 2018-10-02 19:21 - 2018-10-02 19:32 - 000000000 ____D C:\Program Files\KMPlayer 64X 2018-10-02 17:31 - 2018-10-02 17:31 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent 2018-10-02 17:28 - 2018-10-02 17:28 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-02 16:47 - 2018-10-02 16:47 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent 2018-09-29 01:59 - 2018-10-04 02:37 - 000000000 ____D C:\Users\hp\Downloads\HQ 2018-09-29 01:55 - 2018-09-28 16:44 - 000066206 ____N C:\Users\hp\Downloads\the.truth.about.the.harry.quebert.affair.s01e02.hdtv.x264-mtb.srt 2018-09-29 01:53 - 2018-09-29 01:53 - 000025101 _____ C:\Users\hp\Downloads\94234-the-truth-about-the-harry-quebert-affair-s01e02-[English-subtitles.org].zip 2018-09-28 16:13 - 2018-09-28 16:54 - 000110547 _____ C:\Users\hp\Downloads\Flypaper.2011.720p.BrRip.x264.YIFY.srt 2018-09-28 16:12 - 2018-09-28 17:08 - 578713985 _____ C:\Users\hp\Downloads\Flypaper.2011.720p.BrRip.x264.YIFY.mp4 2018-09-28 16:06 - 2018-09-28 16:06 - 000011887 _____ C:\Users\hp\Downloads\Flypaper (2011) [BluRay] [720p] [YTS.AM].torrent 2018-09-26 16:04 - 2018-09-26 16:04 - 000014014 _____ C:\Users\hp\Downloads\a-discovery-of-witches_english-1847411.zip 2018-09-26 14:12 - 2018-10-02 21:33 - 000000030 _____ C:\Users\hp\Downloads\RARBG.txt 2018-09-24 13:09 - 2018-09-24 13:09 - 000000000 ___HD C:\ProgramData\temp 2018-09-24 12:44 - 2018-09-28 16:30 - 000000000 ____D C:\WINDOWS\Minidump 2018-09-24 12:31 - 2018-09-24 12:32 - 000380928 _____ C:\Users\hp\Downloads\vz6qpidg.exe 2018-09-24 12:25 - 2018-09-24 12:28 - 000299650 _____ C:\TDSSKiller.3.1.0.17_24.09.2018_12.25.23_log.txt 2018-09-24 12:18 - 2018-09-24 13:07 - 000445636 _____ C:\WINDOWS\ntbtlog.txt 2018-09-24 12:18 - 2018-09-24 12:59 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2018-09-24 11:23 - 2018-09-24 11:26 - 000000000 ____D C:\Users\hp\Documents\#2 Softwares to search for stored Passwords in Windows 2018-09-22 16:39 - 2018-09-22 16:40 - 002771496 _____ C:\Users\hp\Downloads\avast_secure_browser_setup.exe 2018-09-22 10:01 - 2018-09-22 10:01 - 000000000 _____ C:\Users\hp\Downloads\migrate 2018-09-22 07:14 - 2018-09-22 07:14 - 000000000 ___HD C:\OneDriveTemp 2018-09-21 14:37 - 2018-09-21 14:37 - 000060314 _____ C:\Users\hp\Downloads\[limetorrents.info]No.Reservations[2007]DvDrip[Eng]-FXG (1).torrent 2018-09-21 14:14 - 2018-09-21 14:14 - 000060314 _____ C:\Users\hp\Downloads\[limetorrents.info]No.Reservations[2007]DvDrip[Eng]-FXG.torrent 2018-09-21 14:05 - 2018-09-21 14:05 - 000057105 _____ C:\Users\hp\Downloads\No.Reservations[2007]DvDrip[Eng]-FXG.torrent 2018-09-21 14:00 - 2018-09-21 14:00 - 000014829 _____ C:\Users\hp\Downloads\Something Borrowed (2011) [BluRay] [720p] [YTS.AM] (1).torrent 2018-09-21 13:59 - 2018-09-21 13:59 - 000014829 _____ C:\Users\hp\Downloads\Something Borrowed (2011) [BluRay] [720p] [YTS.AM].torrent 2018-09-21 13:52 - 2018-09-21 13:52 - 000013705 _____ C:\Users\hp\Downloads\Made of Honor (2008) [BluRay] [720p] [YTS.AM].torrent 2018-09-21 13:32 - 2018-10-13 00:26 - 000000000 ____D C:\Users\hp\Documents\#1 Priority Movies 2018-09-21 13:32 - 2018-09-21 13:32 - 000000714 _____ C:\Users\hp\Documents\Music - Shortcut.lnk 2018-09-21 06:12 - 2018-09-21 06:12 - 001474296 _____ C:\Users\hp\Downloads\segment-4-v1-a1.ts 2018-09-21 03:38 - 2018-09-21 03:38 - 000000000 ____D C:\Users\hp\AppData\Roaming\WinRAR 2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\Program Files\WinRAR 2018-09-21 03:36 - 2018-09-21 03:36 - 003110776 _____ (Alexander Roshal) C:\Users\hp\Downloads\winrar-x64-560.exe 2018-09-21 02:37 - 2018-09-21 02:37 - 010398952 ____N ( ) C:\Users\hp\Downloads\yodot-rar-repair.exe 2018-09-21 02:10 - 2013-11-21 09:40 - 410785946 _____ C:\Users\hp\Downloads\Bank Robber (1993).avi 2018-09-20 23:25 - 2018-09-21 00:31 - 410786119 _____ C:\Users\hp\Downloads\Ba93rob.part3.rar 2018-09-20 22:55 - 2018-09-20 22:55 - 000000000 ____D C:\Users\hp\Documents\Bandicam 2018-09-20 22:51 - 2018-09-20 22:53 - 017477064 _____ (Bandicam Company) C:\Users\hp\Downloads\bdcamsetup.exe 2018-09-20 22:31 - 2018-09-20 22:33 - 017327632 _____ (Remo Software ) C:\Users\hp\Downloads\remo-repair-avi.exe 2018-09-20 22:20 - 2018-09-20 22:20 - 000000000 _RSHD C:\ProgramData\Key-Base 2018-09-20 22:20 - 2018-09-20 22:20 - 000000000 ____D C:\ProgramData\{FA8C6B5E-65E7-1B9C-CB74-7C140A269F45} 2018-09-20 22:18 - 2018-09-20 22:18 - 021187224 _____ (Stellar Information Technology Pvt Ltd ) C:\Users\hp\Downloads\StellarPhoenixVideoRepair.exe 2018-09-20 21:06 - 2018-09-20 22:41 - 000000000 ____D C:\Users\hp\Documents\My DAP Downloads 2018-09-20 21:05 - 2018-09-20 21:05 - 000172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\WINDOWS\SysWOW64\AniGIF.ocx 2018-09-20 21:04 - 2018-09-20 21:04 - 010818216 _____ C:\Users\hp\Downloads\dap10_full (1).exe 2018-09-20 20:29 - 2018-09-20 20:39 - 087474376 _____ (WonderFox Soft, Inc.) C:\Users\hp\Downloads\hd-video-converter-pro.exe 2018-09-20 19:38 - 2018-09-20 19:38 - 000000025 _____ C:\WINDOWS\libem.INI 2018-09-20 19:38 - 2018-09-20 19:38 - 000000000 ____D C:\Users\hp\AppData\Roaming\BITS 2018-09-20 19:28 - 2018-09-20 19:30 - 000000159 _____ C:\Users\hp\Downloads\Try it.mp4 2018-09-20 19:20 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Pt. 2.avi 2018-09-20 18:18 - 2018-09-20 19:19 - 524288000 _____ C:\Users\hp\Downloads\Ba93rob.part2 (1).rar 2018-09-20 18:08 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Copy.avi 2018-09-20 17:02 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Pt. 1.avi 2018-09-20 15:35 - 2018-09-20 17:02 - 524288000 _____ C:\Users\hp\Downloads\Ba93rob.part1.rar 2018-09-20 15:28 - 2018-09-20 15:29 - 007662969 _____ C:\Users\hp\Downloads\videoplayback.mp4 2018-09-20 14:37 - 2018-09-20 14:37 - 005737217 _____ C:\Users\hp\Downloads\video.mp4 2018-09-20 14:15 - 2018-09-20 14:16 - 921718039 _____ C:\Users\hp\Downloads\CPs0ZJ29wP3f8FD.mp4.fdmdownload 2018-09-20 13:49 - 2018-09-20 13:50 - 000000000 ____D C:\Users\hp\dwhelper 2018-09-20 13:20 - 2018-09-20 13:20 - 000092138 _____ C:\Users\hp\Downloads\2552 (1) [SubtitleTools.com].srt 2018-09-20 13:18 - 2018-09-20 13:18 - 000086792 _____ C:\Users\hp\Downloads\2552 (2).vtt 2018-09-20 13:02 - 2018-09-20 13:02 - 000086792 _____ C:\Users\hp\Downloads\2552.vtt 2018-09-20 12:46 - 2018-09-20 12:47 - 000245340 _____ C:\Users\hp\Downloads\480-0089.ts 2018-09-19 07:12 - 2018-09-19 07:12 - 000021223 _____ C:\Users\hp\Downloads\Hacksaw Ridge (2016) [BluRay] [720p] [YTS.AM].torrent 2018-09-19 05:32 - 2018-10-06 06:58 - 000000000 ____D C:\Users\hp\Downloads\Discovery of Witches 2018-09-19 03:53 - 2018-09-19 03:53 - 000133830 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E01.1080p.HDTV.x264-MTB[rartv]-[rarbg.to].torrent 2018-09-18 05:33 - 2018-09-18 05:33 - 000033761 _____ C:\Users\hp\Downloads\Everything, Everything (2017) [BluRay] [720p] [YTS.AM].torrent 2018-09-18 05:32 - 2018-09-18 05:32 - 000031941 _____ C:\Users\hp\Downloads\Midnight Sun (2018) [BluRay] [720p] [YTS.AM].torrent 2018-09-18 04:00 - 2018-09-18 04:01 - 000027684 _____ C:\Users\hp\Downloads\The.Truth.About.The.Harry.Quebert.Affair.S01E02.HDTV.x264-MTB[rartv]-[rarbg.to].torrent 2018-09-18 02:49 - 2018-09-18 02:49 - 000023906 _____ C:\Users\hp\Downloads\[glodls.to]The.Truth.About.The.Harry.Quebert.Affair.S01E02.720p.HDTV.x264-MTB[TGx].torrent 2018-09-17 23:24 - 2018-09-17 23:24 - 000245985 _____ C:\Users\hp\Downloads\Summer_Fling_-_Tarrah_Anders.epub 2018-09-17 12:31 - 2018-09-17 12:32 - 000117354 _____ C:\Users\hp\Downloads\Watch Set It Up (2018) Full Movie on FMovies.to.vtt 2018-09-16 12:56 - 2018-09-16 12:57 - 001577552 _____ (Opera Software) C:\Users\hp\Downloads\OperaSetup.exe 2018-09-16 11:52 - 2018-09-16 11:53 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Mozilla 2018-09-16 11:43 - 2018-09-16 11:47 - 055828704 _____ C:\Users\hp\Downloads\torbrowser-install-win64-8.0_en-US (1).exe 2018-09-16 11:42 - 2018-09-16 11:46 - 055828704 _____ C:\Users\hp\Downloads\torbrowser-install-win64-8.0_en-US.exe 2018-09-16 04:07 - 2018-09-16 04:07 - 000000000 ____D C:\Users\hp\AppData\Local\mbam 2018-09-16 02:05 - 2018-09-16 02:05 - 000030747 _____ C:\Users\hp\Downloads\FCF317C57E227E556B9DD882A0410EB30C5D78C0.torrent 2018-09-15 13:52 - 2018-09-15 13:52 - 003128648 _____ (BitTorrent Inc.) C:\Users\hp\Downloads\BitTorrent (3).exe 2018-09-15 12:40 - 2018-09-15 12:40 - 000103206 _____ C:\Users\hp\Downloads\greys-anatomy-2-x-27-DVDRip TOPAZ UNCUT-86684-www.My-Subs.Com.srt 2018-09-15 12:39 - 2018-09-05 04:06 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2018-09-14 21:43 - 2018-09-14 21:44 - 000374942 _____ C:\Users\hp\Downloads\Trailer_Park_Virgin_-_Alexa_Riley.epub 2018-09-14 04:28 - 2018-09-14 04:28 - 001232964 _____ C:\Users\hp\Downloads\Salman_Rushdie_-_The_Satanic_Verses_-_1988.fb2 2018-09-14 04:21 - 2018-09-14 04:21 - 000515296 _____ C:\Users\hp\Downloads\Salman_Rushdie_-_The_Satanic_Verses.epub 2018-09-14 03:26 - 2018-09-14 03:26 - 000641665 _____ C:\Users\hp\Downloads\Beautiful_Bastard_-_Christina_Lauren.epub 2018-09-13 23:38 - 2018-09-13 23:39 - 000806688 _____ C:\Users\hp\Downloads\Kiss_the_Girl_3_-_Tara_Sivec.epub 2018-09-13 00:51 - 2018-08-31 09:12 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-09-13 00:51 - 2018-08-31 09:12 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-09-13 00:51 - 2018-08-31 09:12 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-09-13 00:51 - 2018-08-31 08:58 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-09-13 00:51 - 2018-08-31 08:56 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-09-13 00:51 - 2018-08-31 08:51 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-09-13 00:51 - 2018-08-31 08:50 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-09-13 00:51 - 2018-08-31 08:48 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-09-13 00:51 - 2018-08-31 08:45 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-09-13 00:51 - 2018-08-28 12:47 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2018-09-13 00:51 - 2018-08-09 15:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2018-09-13 00:51 - 2018-08-09 09:52 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-09-13 00:51 - 2018-08-09 09:39 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-09-13 00:50 - 2018-08-31 08:58 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-09-13 00:50 - 2018-08-31 08:46 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-09-13 00:50 - 2018-08-31 08:46 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2018-09-13 00:50 - 2018-08-31 08:45 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-09-13 00:50 - 2018-08-31 08:45 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2018-09-13 00:50 - 2018-08-31 08:40 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-09-13 00:50 - 2018-08-09 15:01 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2018-09-13 00:50 - 2018-08-09 14:44 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-09-13 00:50 - 2018-08-09 13:54 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-09-13 00:50 - 2018-08-09 09:58 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2018-09-13 00:34 - 2018-08-31 13:13 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2018-09-13 00:34 - 2018-08-31 12:53 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2018-09-13 00:34 - 2018-08-31 12:23 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2018-09-13 00:34 - 2018-08-31 09:14 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-09-13 00:34 - 2018-08-31 09:14 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-09-13 00:34 - 2018-08-31 09:12 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-09-13 00:34 - 2018-08-31 09:12 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2018-09-13 00:34 - 2018-08-31 08:58 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2018-09-13 00:34 - 2018-08-31 08:46 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-09-13 00:34 - 2018-08-31 08:44 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2018-09-13 00:34 - 2018-08-31 08:44 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-09-13 00:34 - 2018-08-31 08:43 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2018-09-13 00:34 - 2018-08-31 08:41 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2018-09-13 00:34 - 2018-08-31 08:41 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-09-13 00:34 - 2018-08-31 08:40 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-09-13 00:34 - 2018-08-31 08:40 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-09-13 00:34 - 2018-08-31 08:39 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2018-09-13 00:34 - 2018-08-31 08:37 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-09-13 00:34 - 2018-08-28 12:18 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll 2018-09-13 00:34 - 2018-08-09 14:46 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2018-09-13 00:34 - 2018-08-09 14:41 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-09-13 00:34 - 2018-08-09 14:41 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2018-09-13 00:34 - 2018-08-09 13:51 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-09-13 00:34 - 2018-08-09 10:32 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2018-09-13 00:34 - 2018-08-09 10:24 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2018-09-13 00:34 - 2018-08-09 10:23 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-09-13 00:34 - 2018-08-09 09:59 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-09-13 00:34 - 2018-08-09 09:59 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2018-09-13 00:34 - 2018-08-09 09:59 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2018-09-13 00:34 - 2018-08-09 09:55 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2018-09-13 00:34 - 2018-08-09 09:54 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2018-09-13 00:34 - 2018-08-09 09:53 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2018-09-13 00:34 - 2018-08-09 09:53 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2018-09-13 00:34 - 2018-08-09 09:41 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2018-09-13 00:34 - 2018-08-09 09:40 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2018-09-13 00:33 - 2018-08-31 13:16 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-09-13 00:33 - 2018-08-31 13:12 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2018-09-13 00:33 - 2018-08-31 12:54 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2018-09-13 00:33 - 2018-08-31 12:53 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2018-09-13 00:33 - 2018-08-31 12:52 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2018-09-13 00:33 - 2018-08-31 12:52 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2018-09-13 00:33 - 2018-08-31 12:25 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2018-09-13 00:33 - 2018-08-31 12:07 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2018-09-13 00:33 - 2018-08-31 12:07 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2018-09-13 00:33 - 2018-08-31 12:06 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2018-09-13 00:33 - 2018-08-31 09:20 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll 2018-09-13 00:33 - 2018-08-31 09:20 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll 2018-09-13 00:33 - 2018-08-31 09:14 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2018-09-13 00:33 - 2018-08-31 09:13 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2018-09-13 00:33 - 2018-08-31 09:13 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-09-13 00:33 - 2018-08-31 09:12 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-09-13 00:33 - 2018-08-31 09:12 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-09-13 00:33 - 2018-08-31 09:12 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-09-13 00:33 - 2018-08-31 09:12 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2018-09-13 00:33 - 2018-08-31 09:12 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2018-09-13 00:33 - 2018-08-31 08:58 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2018-09-13 00:33 - 2018-08-31 08:58 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-09-13 00:33 - 2018-08-31 08:58 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll 2018-09-13 00:33 - 2018-08-31 08:45 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-09-13 00:33 - 2018-08-31 08:44 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2018-09-13 00:33 - 2018-08-31 08:42 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-09-13 00:33 - 2018-08-31 08:41 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-09-13 00:33 - 2018-08-31 08:41 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2018-09-13 00:33 - 2018-08-31 08:41 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-09-13 00:33 - 2018-08-31 08:40 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2018-09-13 00:33 - 2018-08-31 08:40 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-09-13 00:33 - 2018-08-31 08:40 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-09-13 00:33 - 2018-08-31 08:37 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2018-09-13 00:33 - 2018-08-28 12:15 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2018-09-13 00:33 - 2018-08-09 15:01 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2018-09-13 00:33 - 2018-08-09 14:43 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2018-09-13 00:33 - 2018-08-09 14:43 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2018-09-13 00:33 - 2018-08-09 14:42 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2018-09-13 00:33 - 2018-08-09 14:41 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2018-09-13 00:33 - 2018-08-09 14:40 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe 2018-09-13 00:33 - 2018-08-09 14:40 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-09-13 00:33 - 2018-08-09 14:06 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2018-09-13 00:33 - 2018-08-09 13:53 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2018-09-13 00:33 - 2018-08-09 13:53 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2018-09-13 00:33 - 2018-08-09 13:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2018-09-13 00:33 - 2018-08-09 13:50 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2018-09-13 00:33 - 2018-08-09 10:31 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2018-09-13 00:33 - 2018-08-09 10:24 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2018-09-13 00:33 - 2018-08-09 10:23 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-09-13 00:33 - 2018-08-09 10:23 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2018-09-13 00:33 - 2018-08-09 10:23 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2018-09-13 00:33 - 2018-08-09 10:23 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2018-09-13 00:33 - 2018-08-09 10:00 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2018-09-13 00:33 - 2018-08-09 10:00 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2018-09-13 00:33 - 2018-08-09 09:58 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2018-09-13 00:33 - 2018-08-09 09:57 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-09-13 00:33 - 2018-08-09 09:55 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2018-09-13 00:33 - 2018-08-09 09:55 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2018-09-13 00:33 - 2018-08-09 09:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-09-13 00:33 - 2018-08-09 09:53 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2018-09-13 00:33 - 2018-08-09 09:53 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2018-09-13 00:33 - 2018-08-09 09:52 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-09-13 00:33 - 2018-08-09 09:52 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2018-09-13 00:33 - 2018-08-09 09:51 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-09-13 00:33 - 2018-08-09 09:43 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2018-09-13 00:33 - 2018-08-09 09:40 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2018-09-13 00:33 - 2018-08-09 09:39 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-09-13 00:33 - 2018-08-09 08:38 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls 2018-09-13 00:33 - 2018-08-09 08:38 - 000806416 _____ C:\WINDOWS\system32\locale.nls 2018-09-13 00:32 - 2018-08-31 13:15 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2018-09-13 00:32 - 2018-08-31 12:57 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2018-09-13 00:32 - 2018-08-31 12:57 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2018-09-13 00:32 - 2018-08-31 12:56 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys 2018-09-13 00:32 - 2018-08-31 12:55 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll 2018-09-13 00:32 - 2018-08-31 12:55 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe 2018-09-13 00:32 - 2018-08-31 12:54 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2018-09-13 00:32 - 2018-08-31 12:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2018-09-13 00:32 - 2018-08-31 12:11 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2018-09-13 00:32 - 2018-08-31 12:11 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2018-09-13 00:32 - 2018-08-31 12:10 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll 2018-09-13 00:32 - 2018-08-31 12:07 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-09-13 00:32 - 2018-08-31 09:14 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2018-09-13 00:32 - 2018-08-31 09:14 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-09-13 00:32 - 2018-08-31 09:14 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2018-09-13 00:32 - 2018-08-31 09:12 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2018-09-13 00:32 - 2018-08-31 09:12 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2018-09-13 00:32 - 2018-08-31 09:12 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2018-09-13 00:32 - 2018-08-31 08:58 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2018-09-13 00:32 - 2018-08-31 08:58 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2018-09-13 00:32 - 2018-08-31 08:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2018-09-13 00:32 - 2018-08-31 08:47 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll 2018-09-13 00:32 - 2018-08-31 08:45 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2018-09-13 00:32 - 2018-08-31 08:45 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys 2018-09-13 00:32 - 2018-08-31 08:44 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-09-13 00:32 - 2018-08-31 08:44 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-09-13 00:32 - 2018-08-31 08:43 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2018-09-13 00:32 - 2018-08-31 08:43 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2018-09-13 00:32 - 2018-08-31 08:42 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll 2018-09-13 00:32 - 2018-08-31 08:41 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2018-09-13 00:32 - 2018-08-31 08:41 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2018-09-13 00:32 - 2018-08-31 08:40 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2018-09-13 00:32 - 2018-08-31 08:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2018-09-13 00:32 - 2018-08-31 08:40 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2018-09-13 00:32 - 2018-08-31 08:39 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-09-13 00:32 - 2018-08-31 08:38 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2018-09-13 00:32 - 2018-08-31 08:37 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2018-09-13 00:32 - 2018-08-31 08:36 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2018-09-13 00:32 - 2018-08-31 07:27 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim 2018-09-13 00:32 - 2018-08-28 12:26 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2018-09-13 00:32 - 2018-08-28 12:19 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-09-13 00:32 - 2018-08-28 11:21 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2018-09-13 00:32 - 2018-08-14 07:44 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2018-09-13 00:32 - 2018-08-14 07:44 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2018-09-13 00:32 - 2018-08-09 15:01 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2018-09-13 00:32 - 2018-08-09 15:01 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2018-09-13 00:32 - 2018-08-09 14:47 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2018-09-13 00:32 - 2018-08-09 14:44 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2018-09-13 00:32 - 2018-08-09 14:44 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll 2018-09-13 00:32 - 2018-08-09 14:44 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2018-09-13 00:32 - 2018-08-09 14:43 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe 2018-09-13 00:32 - 2018-08-09 14:43 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll 2018-09-13 00:32 - 2018-08-09 14:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2018-09-13 00:32 - 2018-08-09 14:42 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2018-09-13 00:32 - 2018-08-09 14:41 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2018-09-13 00:32 - 2018-08-09 14:41 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2018-09-13 00:32 - 2018-08-09 14:40 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2018-09-13 00:32 - 2018-08-09 14:39 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll 2018-09-13 00:32 - 2018-08-09 14:39 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll 2018-09-13 00:32 - 2018-08-09 14:39 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2018-09-13 00:32 - 2018-08-09 14:06 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2018-09-13 00:32 - 2018-08-09 13:54 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2018-09-13 00:32 - 2018-08-09 13:53 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll 2018-09-13 00:32 - 2018-08-09 13:52 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-09-13 00:32 - 2018-08-09 13:52 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2018-09-13 00:32 - 2018-08-09 13:52 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe 2018-09-13 00:32 - 2018-08-09 13:51 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2018-09-13 00:32 - 2018-08-09 13:51 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe 2018-09-13 00:32 - 2018-08-09 13:51 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2018-09-13 00:32 - 2018-08-09 13:50 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2018-09-13 00:32 - 2018-08-09 13:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll 2018-09-13 00:32 - 2018-08-09 13:50 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll 2018-09-13 00:32 - 2018-08-09 13:49 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2018-09-13 00:32 - 2018-08-09 10:25 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2018-09-13 00:32 - 2018-08-09 10:24 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-09-13 00:32 - 2018-08-09 10:24 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-09-13 00:32 - 2018-08-09 10:24 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-09-13 00:32 - 2018-08-09 10:23 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-09-13 00:32 - 2018-08-09 10:23 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll 2018-09-13 00:32 - 2018-08-09 10:23 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll 2018-09-13 00:32 - 2018-08-09 09:59 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2018-09-13 00:32 - 2018-08-09 09:59 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll 2018-09-13 00:32 - 2018-08-09 09:57 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2018-09-13 00:32 - 2018-08-09 09:57 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe 2018-09-13 00:32 - 2018-08-09 09:56 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2018-09-13 00:32 - 2018-08-09 09:56 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2018-09-13 00:32 - 2018-08-09 09:56 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2018-09-13 00:32 - 2018-08-09 09:56 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2018-09-13 00:32 - 2018-08-09 09:56 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll 2018-09-13 00:32 - 2018-08-09 09:56 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll 2018-09-13 00:32 - 2018-08-09 09:56 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2018-09-13 00:32 - 2018-08-09 09:52 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2018-09-13 00:32 - 2018-08-09 09:43 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe 2018-09-13 00:32 - 2018-08-09 09:42 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2018-09-13 00:32 - 2018-08-09 09:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-09-13 00:32 - 2018-08-09 09:38 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-13 02:19 - 2018-02-10 04:57 - 000000000 ____D C:\Users\hp\AppData\Roaming\BitTorrent 2018-10-13 02:18 - 2018-04-12 05:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-10-13 02:13 - 2018-02-10 04:39 - 000000000 ____D C:\Users\hp\AppData\Local\Free Download Manager 2018-10-13 01:57 - 2018-04-12 05:00 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-10-13 01:46 - 2018-07-13 00:42 - 000004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C56856DE-1E7F-4CF7-8BF0-3A0B75BA9E47} 2018-10-13 00:44 - 2018-06-20 20:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-10-12 22:00 - 2018-06-20 20:28 - 000000000 ____D C:\Users\hp 2018-10-12 22:00 - 2018-02-09 19:28 - 000000000 __SHD C:\Users\hp\IntelGraphicsProfiles 2018-10-07 17:09 - 2018-06-20 20:53 - 000004212 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-10-07 06:54 - 2017-05-19 00:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-10-04 22:44 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-10-04 18:01 - 2018-04-12 05:08 - 000000000 ___HD C:\Program Files\WindowsApps 2018-10-04 16:29 - 2018-02-10 05:06 - 000000000 ____D C:\Program Files\CCleaner 2018-10-04 14:14 - 2018-02-10 05:18 - 000000000 ____D C:\ProgramData\ProductData 2018-10-03 23:58 - 2018-02-09 23:26 - 000000000 ____D C:\WINDOWS\SHELLNEW 2018-10-03 21:07 - 2018-02-10 05:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-10-02 22:53 - 2018-04-19 10:34 - 000000000 ____D C:\Users\hp\AppData\Roaming\vlc 2018-10-02 19:54 - 2018-02-10 04:49 - 000000000 ____D C:\Program Files (x86)\VideoLAN 2018-10-02 19:32 - 2018-02-10 04:51 - 000000000 ____D C:\KMPlayer 2018-09-27 12:05 - 2018-06-29 21:55 - 000000000 ____D C:\ProgramData\Packages 2018-09-26 11:05 - 2018-02-10 03:04 - 000092496 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\llio.sys 2018-09-25 05:05 - 2017-03-19 02:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-09-25 00:15 - 2018-02-10 02:58 - 000000000 ____D C:\WINDOWS\system32\gprodat 2018-09-24 13:09 - 2018-06-20 20:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-09-24 12:58 - 2018-04-12 02:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2018-09-24 12:44 - 2017-05-19 00:47 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2018-09-24 12:44 - 2017-05-19 00:47 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2018-09-22 15:39 - 2018-02-09 19:33 - 000000000 ___RD C:\Users\hp\OneDrive 2018-09-22 14:24 - 2018-06-20 20:53 - 000004008 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2018-09-22 14:24 - 2018-06-20 20:53 - 000003776 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2018-09-22 13:08 - 2018-04-04 23:49 - 000000000 ____D C:\temp 2018-09-22 12:07 - 2018-04-12 02:34 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2018-09-22 11:58 - 2017-12-11 08:08 - 000000000 ____D C:\ProgramData\Realtek 2018-09-22 09:53 - 2018-06-20 20:53 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-09-22 09:10 - 2018-06-20 20:22 - 000411272 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-09-21 10:10 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-09-19 17:56 - 2018-06-20 20:53 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-177186563-2203864396-2981051637-1001 2018-09-19 17:56 - 2018-06-20 20:28 - 000002361 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-09-19 07:51 - 2018-02-25 01:22 - 000000000 ____D C:\Users\hp\AppData\Roaming\MPC-HC 2018-09-19 03:34 - 2018-02-10 04:16 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-19 03:34 - 2018-02-10 04:16 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-09-17 22:01 - 2018-06-20 20:28 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-09-17 22:01 - 2018-04-12 05:06 - 000000000 ____D C:\WINDOWS\INF 2018-09-15 13:54 - 2018-04-05 00:00 - 000000920 _____ C:\Users\hp\Desktop\BitTorrent.lnk 2018-09-15 13:54 - 2018-02-10 04:57 - 000000900 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2018-09-15 13:43 - 2018-08-12 06:28 - 000000000 ____D C:\Users\hp\AppData\Local\D3DSCache 2018-09-15 12:42 - 2018-02-20 20:36 - 000000000 ____D C:\Users\hp\AppData\Local\Packages 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\TextInput 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\bcastdvr 2018-09-13 02:50 - 2018-04-12 02:34 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-09-13 01:24 - 2018-06-20 20:53 - 000004594 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-09-13 01:23 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-09-13 01:23 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\Macromed ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-06-20 20:22 ==================== End of FRST.txt ============================ Addition.txt Link to post Share on other sites More sharing options...
RayRay26 Posted October 13, 2018 Author ID:1275219 Share Posted October 13, 2018 Farber Recovery Tool Logs Below. Note: The List BCD, Drivers MD5, Shortcut.txt and 90 Days Files options were unchecked while scanning. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018 Ran by hp (administrator) on LAPTOP-DO1RT005 (13-10-2018 02:16:54) Running from C:\Users\hp\Desktop Loaded Profiles: hp (Available Profiles: hp) Platform: Windows 10 Home Single Language Version 1803 17134.285 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\scsecsvc.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE () C:\Program Files\Quick Heal\Quick Heal Total Security\BSSISS.EXE (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki121190.inf_amd64_47cec0e8450d81b4\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\OPSSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\qhpisvr.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.EXE (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\emlproxy.exe (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\scanwscs.exe (HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe (HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe (Greatis Software, LLC) C:\Program Files (x86)\StopUpdates10\SU10Guard.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki121190.inf_amd64_47cec0e8450d81b4\igfxEM.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\updates\7.10.4_44633\bittorrentie.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\updates\7.10.4_44633\bittorrentie.exe (HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\sapissvc.exe () C:\Users\hp\Downloads\KillUpdate.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9216000 2017-04-13] (Realtek Semiconductor) HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [224384 2017-06-15] (Quick Heal Technologies Ltd.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-21] (HP Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [10150912 2018-02-22] (FreeDownloadManager.org) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [BitTorrent] => C:\Users\hp\AppData\Roaming\BitTorrent\BitTorrent.exe [1989824 2018-10-10] (BitTorrent Inc.) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [1454592 2018-09-13] (Adobe Systems Incorporated) IFEO\dismHost.exe: [Debugger] nul IFEO\EOSNOTIFY.EXE: [Debugger] nul IFEO\InstallAgent.exe: [Debugger] nul IFEO\MusNotification.exe: [Debugger] nul IFEO\remsh.exe: [Debugger] nul IFEO\SIHClient.exe: [Debugger] nul IFEO\UpdateAssistant.exe: [Debugger] nul IFEO\UsoClient.exe: [Debugger] nul IFEO\WaaSMedic.exe: [Debugger] nul IFEO\Windows10Upgrade.exe: [Debugger] nul IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] nul Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{5d7ec3e3-d1b0-4ab1-9443-f700c0927a7a}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{e73291ed-557f-433c-9647-50f919fe0057}: [NameServer] 72.16.0.1,4.2.2.2 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-177186563-2203864396-2981051637-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-177186563-2203864396-2981051637-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-07] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-07] (HP Inc.) BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-07] (HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Edge: ====== Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.48.0_neutral__8wekyb3d8bbwe [2018-07-22] FireFox: ======== FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-23] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-177186563-2203864396-2981051637-1001: @catalinahub.com/CatalinaGroup Update;version=3 -> C:\Users\hp\AppData\Local\CatalinaGroup\Update\1.3.25.213\npCatalinaUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-177186563-2203864396-2981051637-1001: @catalinahub.com/CatalinaGroup Update;version=9 -> C:\Users\hp\AppData\Local\CatalinaGroup\Update\1.3.25.213\npCatalinaUpdate3.dll [No File] Chrome: ======= CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2018-10-13] CHR Extension: (Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-10] CHR Extension: (Free Download Manager) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2018-08-04] CHR Extension: (Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-10] CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-10] CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-10] CHR Extension: (uBlock Origin) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-26] CHR Extension: (Tampermonkey) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-12] CHR Extension: (Adobe Acrobat) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-10] CHR Extension: (Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-10] CHR Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20] CHR Extension: (Temporary Bookmarks) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gicpnnockilhclmgekhdnnjokdmlfhmk [2018-09-01] CHR Extension: (No Coin - Block miners on the web!) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojamcfopckidlocpkbelmpjcgmbgjcl [2018-09-26] CHR Extension: (Selectable - for fanfiction.net and more) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcidlhgdoojamkbpmhbpgldmajnobefd [2018-06-11] CHR Extension: (Disconnect) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2018-09-26] CHR Extension: (Video DownloadHelper) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-09-20] CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-10-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-10] CHR Extension: (Chrome Media Router) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19] CHR Extension: (Privacy Badger) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2018-10-07] CHR HKU\S-1-5-21-177186563-2203864396-2981051637-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE [80000 2018-08-06] (Quick Heal Technologies Ltd.) R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [38512 2018-08-09] (Quick Heal Technologies Ltd.) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [134624 2017-04-15] (Realtek Semiconductor Corp.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation) R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [67200 2018-06-04] (Quick Heal Technologies Ltd.) S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [339056 2018-08-06] (Quick Heal Technologies Ltd.) R3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [339056 2018-08-06] (Quick Heal Technologies Ltd.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-10] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-10] (Dropbox, Inc.) R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2210936 2017-02-09] (Intel Corporation) S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent) R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-08] (HP Inc.) [File not signed] R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-02] (HP Inc.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-04] (HP Inc.) R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Corporation) S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [196200 2017-02-20] (Intel Corporation) R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [71808 2017-06-15] (Quick Heal Technologies Ltd.) R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [173184 2017-07-04] (Quick Heal Technologies Ltd.) R2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [43136 2018-02-10] (Quick Heal Technologies Ltd.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-13] (Realtek Semiconductor) R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [367136 2018-06-20] (Quick Heal Technologies Ltd.) R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [638576 2018-02-10] (Quick Heal Technologies Ltd.) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R2 SU10Guard; C:\Program Files (x86)\StopUpdates10\SU10Guard.exe [67480 2018-10-04] (Greatis Software, LLC) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-08-24] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-03] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 arwflt; C:\WINDOWS\System32\DRIVERS\arwflt.sys [107592 2018-08-06] (Quick Heal Technologies Ltd.) R3 atkldrvr; C:\WINDOWS\System32\DRIVERS\atkldrvr.sys [57144 2017-04-27] (Quick Heal Technologies Ltd.) R1 bdsflt; C:\WINDOWS\System32\DRIVERS\bdsflt.sys [406648 2018-08-09] (Quick Heal Technologies Ltd.) R2 bdsnm; C:\WINDOWS\system32\DRIVERS\bdsnm.sys [49960 2018-08-09] (Quick Heal Technologies Ltd.) R3 bsfs; C:\WINDOWS\System32\DRIVERS\bsfs.sys [96784 2018-02-10] (Quick Heal Technologies Ltd.) R2 catflt; C:\WINDOWS\System32\DRIVERS\catflt.sys [158576 2017-05-23] (Quick Heal Technologies Ltd.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67976 2017-02-09] (Intel Corporation) S0 elamdrv; C:\WINDOWS\System32\DRIVERS\elamdrv.sys [37536 2016-01-25] (Quick Heal Technologies Ltd.) R2 emlssx; C:\WINDOWS\system32\DRIVERS\emlssx.sys [39792 2016-04-12] (Quick Heal Technologies Ltd.) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355208 2017-02-09] (Intel Corporation) R1 ggc; C:\WINDOWS\System32\DRIVERS\ggc.sys [95736 2018-05-31] (Quick Heal Technologies Ltd.) R3 kbfltr; C:\WINDOWS\system32\DRIVERS\kbfltr.sys [39152 2017-04-27] (Quick Heal Technologies Ltd.) S3 llio; C:\windows\system32\DRIVERS\llio.sys [92496 2018-09-26] (Quick Heal Technologies Ltd.) S0 mscank; C:\WINDOWS\System32\DRIVERS\mscank.sys [62344 2017-04-27] (Quick Heal Technologies Ltd.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-14] (Realtek ) S3 RT8723DE; C:\WINDOWS\System32\drivers\rtl8723de.sys [6763672 2017-04-28] (Realtek Semiconductor Corporation ) R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [723920 2017-07-20] (Realtek Semiconductor Corporation) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-27] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6895984 2017-08-17] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [45144 2017-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [46680 2017-08-24] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation) R0 webssx; C:\WINDOWS\System32\drivers\webssx8.sys [104496 2018-06-04] (Quick Heal Technologies Ltd.) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-13 02:16 - 2018-10-13 02:18 - 000024214 _____ C:\Users\hp\Desktop\FRST.txt 2018-10-13 02:15 - 2018-10-13 02:16 - 000000000 ____D C:\FRST 2018-10-13 02:14 - 2018-10-13 02:14 - 002414592 _____ (Farbar) C:\Users\hp\Desktop\FRST64.exe 2018-10-12 22:00 - 2018-10-12 22:00 - 000000000 ___HD C:\Users\hp\ScStore 2018-10-10 04:02 - 2018-10-12 22:01 - 000000000 ____D C:\Users\hp\AppData\LocalLow\BitTorrent 2018-10-07 06:55 - 2018-10-07 06:55 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2018-10-06 05:59 - 2018-10-06 06:00 - 000112845 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E04.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to].torrent 2018-10-06 02:32 - 2018-10-06 02:32 - 000000000 ____D C:\Users\hp\AppData\Local\ElevatedDiagnostics 2018-10-06 02:29 - 2018-10-06 02:29 - 000046682 _____ C:\Users\hp\Downloads\wushowhide.diagcab 2018-10-06 01:23 - 2018-10-06 01:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StopUpdates10 2018-10-06 01:22 - 2018-10-07 19:42 - 000000000 ____D C:\Program Files (x86)\StopUpdates10 2018-10-06 01:19 - 2018-10-04 23:36 - 001325560 _____ (Greatis Software ) C:\Users\hp\Downloads\stopupdates10setup.exe 2018-10-05 02:57 - 2018-10-05 08:13 - 000003084 _____ C:\WINDOWS\System32\Tasks\Kill-Update 2018-10-05 02:56 - 2018-10-05 02:56 - 000000000 ____D C:\Users\hp\AppData\Roaming\Kill-Update 2018-10-05 02:53 - 2018-10-05 02:53 - 000274952 _____ () C:\Users\hp\Downloads\KillUpdate (2).exe 2018-10-05 02:38 - 2018-10-05 02:38 - 000274952 _____ () C:\Users\hp\Downloads\KillUpdate.exe 2018-10-05 02:05 - 2018-10-05 02:05 - 001611639 _____ C:\Users\hp\Downloads\stopupdates10portable (1).zip 2018-10-05 01:41 - 2018-10-05 01:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-177186563-2203864396-2981051637-1001 2018-10-04 23:36 - 2018-10-04 23:36 - 001298187 _____ C:\Users\hp\Downloads\stopupdates10.zip 2018-10-04 16:50 - 2018-10-04 16:50 - 000000000 ____D C:\Users\hp\AppData\Roaming\IObit 2018-10-04 14:08 - 2018-10-04 14:08 - 000000000 ____D C:\Program Files (x86)\IObit 2018-10-04 00:15 - 2018-10-04 00:15 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (3).torrent 2018-10-04 00:14 - 2018-10-04 00:14 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent 2018-10-03 23:56 - 2018-10-03 23:56 - 000000000 ___RD C:\Users\hp\Documents\Notes 2018-10-03 20:59 - 2018-10-03 20:59 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent 2018-10-03 18:32 - 2018-10-03 18:32 - 000121445 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to] (1).torrent 2018-10-03 02:44 - 2018-10-03 02:44 - 000125310 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.1080p.HDTV.x264-MTB[rartv]-[rarbg.to].torrent 2018-10-03 02:42 - 2018-10-03 02:42 - 000121445 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to].torrent 2018-10-03 02:40 - 2018-10-03 02:40 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-03 00:25 - 2018-10-03 00:25 - 000088014 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E02.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-02 21:32 - 2018-10-03 00:15 - 2414105171 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.The.Fourth.Of.July.1080p.STAN.WEB-DL.DDP5.1.H264-SiGMA.mkv 2018-10-02 21:32 - 2018-10-02 21:32 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (4).torrent 2018-10-02 21:31 - 2018-10-02 21:31 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (3).torrent 2018-10-02 20:11 - 2018-10-02 20:11 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent 2018-10-02 20:05 - 2018-10-02 20:05 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent 2018-10-02 19:58 - 2018-10-02 19:58 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-02 19:54 - 2018-10-02 19:54 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk 2018-10-02 19:54 - 2018-10-02 19:54 - 000000000 ____D C:\Program Files\VideoLAN 2018-10-02 19:50 - 2018-10-02 19:52 - 041486400 _____ C:\Users\hp\Downloads\vlc-3.0.4-win64.exe 2018-10-02 19:36 - 2018-10-02 19:36 - 000000000 ____D C:\Users\hp\AppData\Roaming\KMP 2018-10-02 19:33 - 2018-10-02 19:33 - 000000898 _____ C:\Users\hp\Desktop\KMPlayer 64X.lnk 2018-10-02 19:33 - 2018-10-02 19:33 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KMPlayer 64X 2018-10-02 19:21 - 2018-10-02 19:32 - 000000000 ____D C:\Program Files\KMPlayer 64X 2018-10-02 17:31 - 2018-10-02 17:31 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent 2018-10-02 17:28 - 2018-10-02 17:28 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-02 16:47 - 2018-10-02 16:47 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent 2018-09-29 01:59 - 2018-10-04 02:37 - 000000000 ____D C:\Users\hp\Downloads\HQ 2018-09-29 01:55 - 2018-09-28 16:44 - 000066206 ____N C:\Users\hp\Downloads\the.truth.about.the.harry.quebert.affair.s01e02.hdtv.x264-mtb.srt 2018-09-29 01:53 - 2018-09-29 01:53 - 000025101 _____ C:\Users\hp\Downloads\94234-the-truth-about-the-harry-quebert-affair-s01e02-[English-subtitles.org].zip 2018-09-28 16:13 - 2018-09-28 16:54 - 000110547 _____ C:\Users\hp\Downloads\Flypaper.2011.720p.BrRip.x264.YIFY.srt 2018-09-28 16:12 - 2018-09-28 17:08 - 578713985 _____ C:\Users\hp\Downloads\Flypaper.2011.720p.BrRip.x264.YIFY.mp4 2018-09-28 16:06 - 2018-09-28 16:06 - 000011887 _____ C:\Users\hp\Downloads\Flypaper (2011) [BluRay] [720p] [YTS.AM].torrent 2018-09-26 16:04 - 2018-09-26 16:04 - 000014014 _____ C:\Users\hp\Downloads\a-discovery-of-witches_english-1847411.zip 2018-09-26 14:12 - 2018-10-02 21:33 - 000000030 _____ C:\Users\hp\Downloads\RARBG.txt 2018-09-24 13:09 - 2018-09-24 13:09 - 000000000 ___HD C:\ProgramData\temp 2018-09-24 12:44 - 2018-09-28 16:30 - 000000000 ____D C:\WINDOWS\Minidump 2018-09-24 12:31 - 2018-09-24 12:32 - 000380928 _____ C:\Users\hp\Downloads\vz6qpidg.exe 2018-09-24 12:25 - 2018-09-24 12:28 - 000299650 _____ C:\TDSSKiller.3.1.0.17_24.09.2018_12.25.23_log.txt 2018-09-24 12:18 - 2018-09-24 13:07 - 000445636 _____ C:\WINDOWS\ntbtlog.txt 2018-09-24 12:18 - 2018-09-24 12:59 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2018-09-24 11:23 - 2018-09-24 11:26 - 000000000 ____D C:\Users\hp\Documents\#2 Softwares to search for stored Passwords in Windows 2018-09-22 16:39 - 2018-09-22 16:40 - 002771496 _____ C:\Users\hp\Downloads\avast_secure_browser_setup.exe 2018-09-22 10:01 - 2018-09-22 10:01 - 000000000 _____ C:\Users\hp\Downloads\migrate 2018-09-22 07:14 - 2018-09-22 07:14 - 000000000 ___HD C:\OneDriveTemp 2018-09-21 14:37 - 2018-09-21 14:37 - 000060314 _____ C:\Users\hp\Downloads\[limetorrents.info]No.Reservations[2007]DvDrip[Eng]-FXG (1).torrent 2018-09-21 14:14 - 2018-09-21 14:14 - 000060314 _____ C:\Users\hp\Downloads\[limetorrents.info]No.Reservations[2007]DvDrip[Eng]-FXG.torrent 2018-09-21 14:05 - 2018-09-21 14:05 - 000057105 _____ C:\Users\hp\Downloads\No.Reservations[2007]DvDrip[Eng]-FXG.torrent 2018-09-21 14:00 - 2018-09-21 14:00 - 000014829 _____ C:\Users\hp\Downloads\Something Borrowed (2011) [BluRay] [720p] [YTS.AM] (1).torrent 2018-09-21 13:59 - 2018-09-21 13:59 - 000014829 _____ C:\Users\hp\Downloads\Something Borrowed (2011) [BluRay] [720p] [YTS.AM].torrent 2018-09-21 13:52 - 2018-09-21 13:52 - 000013705 _____ C:\Users\hp\Downloads\Made of Honor (2008) [BluRay] [720p] [YTS.AM].torrent 2018-09-21 13:32 - 2018-10-13 00:26 - 000000000 ____D C:\Users\hp\Documents\#1 Priority Movies 2018-09-21 13:32 - 2018-09-21 13:32 - 000000714 _____ C:\Users\hp\Documents\Music - Shortcut.lnk 2018-09-21 06:12 - 2018-09-21 06:12 - 001474296 _____ C:\Users\hp\Downloads\segment-4-v1-a1.ts 2018-09-21 03:38 - 2018-09-21 03:38 - 000000000 ____D C:\Users\hp\AppData\Roaming\WinRAR 2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\Program Files\WinRAR 2018-09-21 03:36 - 2018-09-21 03:36 - 003110776 _____ (Alexander Roshal) C:\Users\hp\Downloads\winrar-x64-560.exe 2018-09-21 02:37 - 2018-09-21 02:37 - 010398952 ____N ( ) C:\Users\hp\Downloads\yodot-rar-repair.exe 2018-09-21 02:10 - 2013-11-21 09:40 - 410785946 _____ C:\Users\hp\Downloads\Bank Robber (1993).avi 2018-09-20 23:25 - 2018-09-21 00:31 - 410786119 _____ C:\Users\hp\Downloads\Ba93rob.part3.rar 2018-09-20 22:55 - 2018-09-20 22:55 - 000000000 ____D C:\Users\hp\Documents\Bandicam 2018-09-20 22:51 - 2018-09-20 22:53 - 017477064 _____ (Bandicam Company) C:\Users\hp\Downloads\bdcamsetup.exe 2018-09-20 22:31 - 2018-09-20 22:33 - 017327632 _____ (Remo Software ) C:\Users\hp\Downloads\remo-repair-avi.exe 2018-09-20 22:20 - 2018-09-20 22:20 - 000000000 _RSHD C:\ProgramData\Key-Base 2018-09-20 22:20 - 2018-09-20 22:20 - 000000000 ____D C:\ProgramData\{FA8C6B5E-65E7-1B9C-CB74-7C140A269F45} 2018-09-20 22:18 - 2018-09-20 22:18 - 021187224 _____ (Stellar Information Technology Pvt Ltd ) C:\Users\hp\Downloads\StellarPhoenixVideoRepair.exe 2018-09-20 21:06 - 2018-09-20 22:41 - 000000000 ____D C:\Users\hp\Documents\My DAP Downloads 2018-09-20 21:05 - 2018-09-20 21:05 - 000172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\WINDOWS\SysWOW64\AniGIF.ocx 2018-09-20 21:04 - 2018-09-20 21:04 - 010818216 _____ C:\Users\hp\Downloads\dap10_full (1).exe 2018-09-20 20:29 - 2018-09-20 20:39 - 087474376 _____ (WonderFox Soft, Inc.) C:\Users\hp\Downloads\hd-video-converter-pro.exe 2018-09-20 19:38 - 2018-09-20 19:38 - 000000025 _____ C:\WINDOWS\libem.INI 2018-09-20 19:38 - 2018-09-20 19:38 - 000000000 ____D C:\Users\hp\AppData\Roaming\BITS 2018-09-20 19:28 - 2018-09-20 19:30 - 000000159 _____ C:\Users\hp\Downloads\Try it.mp4 2018-09-20 19:20 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Pt. 2.avi 2018-09-20 18:18 - 2018-09-20 19:19 - 524288000 _____ C:\Users\hp\Downloads\Ba93rob.part2 (1).rar 2018-09-20 18:08 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Copy.avi 2018-09-20 17:02 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Pt. 1.avi 2018-09-20 15:35 - 2018-09-20 17:02 - 524288000 _____ C:\Users\hp\Downloads\Ba93rob.part1.rar 2018-09-20 15:28 - 2018-09-20 15:29 - 007662969 _____ C:\Users\hp\Downloads\videoplayback.mp4 2018-09-20 14:37 - 2018-09-20 14:37 - 005737217 _____ C:\Users\hp\Downloads\video.mp4 2018-09-20 14:15 - 2018-09-20 14:16 - 921718039 _____ C:\Users\hp\Downloads\CPs0ZJ29wP3f8FD.mp4.fdmdownload 2018-09-20 13:49 - 2018-09-20 13:50 - 000000000 ____D C:\Users\hp\dwhelper 2018-09-20 13:20 - 2018-09-20 13:20 - 000092138 _____ C:\Users\hp\Downloads\2552 (1) [SubtitleTools.com].srt 2018-09-20 13:18 - 2018-09-20 13:18 - 000086792 _____ C:\Users\hp\Downloads\2552 (2).vtt 2018-09-20 13:02 - 2018-09-20 13:02 - 000086792 _____ C:\Users\hp\Downloads\2552.vtt 2018-09-20 12:46 - 2018-09-20 12:47 - 000245340 _____ C:\Users\hp\Downloads\480-0089.ts 2018-09-19 07:12 - 2018-09-19 07:12 - 000021223 _____ C:\Users\hp\Downloads\Hacksaw Ridge (2016) [BluRay] [720p] [YTS.AM].torrent 2018-09-19 05:32 - 2018-10-06 06:58 - 000000000 ____D C:\Users\hp\Downloads\Discovery of Witches 2018-09-19 03:53 - 2018-09-19 03:53 - 000133830 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E01.1080p.HDTV.x264-MTB[rartv]-[rarbg.to].torrent 2018-09-18 05:33 - 2018-09-18 05:33 - 000033761 _____ C:\Users\hp\Downloads\Everything, Everything (2017) [BluRay] [720p] [YTS.AM].torrent 2018-09-18 05:32 - 2018-09-18 05:32 - 000031941 _____ C:\Users\hp\Downloads\Midnight Sun (2018) [BluRay] [720p] [YTS.AM].torrent 2018-09-18 04:00 - 2018-09-18 04:01 - 000027684 _____ C:\Users\hp\Downloads\The.Truth.About.The.Harry.Quebert.Affair.S01E02.HDTV.x264-MTB[rartv]-[rarbg.to].torrent 2018-09-18 02:49 - 2018-09-18 02:49 - 000023906 _____ C:\Users\hp\Downloads\[glodls.to]The.Truth.About.The.Harry.Quebert.Affair.S01E02.720p.HDTV.x264-MTB[TGx].torrent 2018-09-17 23:24 - 2018-09-17 23:24 - 000245985 _____ C:\Users\hp\Downloads\Summer_Fling_-_Tarrah_Anders.epub 2018-09-17 12:31 - 2018-09-17 12:32 - 000117354 _____ C:\Users\hp\Downloads\Watch Set It Up (2018) Full Movie on FMovies.to.vtt 2018-09-16 12:56 - 2018-09-16 12:57 - 001577552 _____ (Opera Software) C:\Users\hp\Downloads\OperaSetup.exe 2018-09-16 11:52 - 2018-09-16 11:53 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Mozilla 2018-09-16 11:43 - 2018-09-16 11:47 - 055828704 _____ C:\Users\hp\Downloads\torbrowser-install-win64-8.0_en-US (1).exe 2018-09-16 11:42 - 2018-09-16 11:46 - 055828704 _____ C:\Users\hp\Downloads\torbrowser-install-win64-8.0_en-US.exe 2018-09-16 04:07 - 2018-09-16 04:07 - 000000000 ____D C:\Users\hp\AppData\Local\mbam 2018-09-16 02:05 - 2018-09-16 02:05 - 000030747 _____ C:\Users\hp\Downloads\FCF317C57E227E556B9DD882A0410EB30C5D78C0.torrent 2018-09-15 13:52 - 2018-09-15 13:52 - 003128648 _____ (BitTorrent Inc.) C:\Users\hp\Downloads\BitTorrent (3).exe 2018-09-15 12:40 - 2018-09-15 12:40 - 000103206 _____ C:\Users\hp\Downloads\greys-anatomy-2-x-27-DVDRip TOPAZ UNCUT-86684-www.My-Subs.Com.srt 2018-09-15 12:39 - 2018-09-05 04:06 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2018-09-14 21:43 - 2018-09-14 21:44 - 000374942 _____ C:\Users\hp\Downloads\Trailer_Park_Virgin_-_Alexa_Riley.epub 2018-09-14 04:28 - 2018-09-14 04:28 - 001232964 _____ C:\Users\hp\Downloads\Salman_Rushdie_-_The_Satanic_Verses_-_1988.fb2 2018-09-14 04:21 - 2018-09-14 04:21 - 000515296 _____ C:\Users\hp\Downloads\Salman_Rushdie_-_The_Satanic_Verses.epub 2018-09-14 03:26 - 2018-09-14 03:26 - 000641665 _____ C:\Users\hp\Downloads\Beautiful_Bastard_-_Christina_Lauren.epub 2018-09-13 23:38 - 2018-09-13 23:39 - 000806688 _____ C:\Users\hp\Downloads\Kiss_the_Girl_3_-_Tara_Sivec.epub 2018-09-13 00:51 - 2018-08-31 09:12 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-09-13 00:51 - 2018-08-31 09:12 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-09-13 00:51 - 2018-08-31 09:12 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-09-13 00:51 - 2018-08-31 08:58 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-09-13 00:51 - 2018-08-31 08:56 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-09-13 00:51 - 2018-08-31 08:51 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-09-13 00:51 - 2018-08-31 08:50 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-09-13 00:51 - 2018-08-31 08:48 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-09-13 00:51 - 2018-08-31 08:45 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-09-13 00:51 - 2018-08-28 12:47 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2018-09-13 00:51 - 2018-08-09 15:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2018-09-13 00:51 - 2018-08-09 09:52 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-09-13 00:51 - 2018-08-09 09:39 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-09-13 00:50 - 2018-08-31 08:58 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-09-13 00:50 - 2018-08-31 08:46 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-09-13 00:50 - 2018-08-31 08:46 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2018-09-13 00:50 - 2018-08-31 08:45 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-09-13 00:50 - 2018-08-31 08:45 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2018-09-13 00:50 - 2018-08-31 08:40 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-09-13 00:50 - 2018-08-09 15:01 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2018-09-13 00:50 - 2018-08-09 14:44 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-09-13 00:50 - 2018-08-09 13:54 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-09-13 00:50 - 2018-08-09 09:58 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2018-09-13 00:34 - 2018-08-31 13:13 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2018-09-13 00:34 - 2018-08-31 12:53 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2018-09-13 00:34 - 2018-08-31 12:23 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2018-09-13 00:34 - 2018-08-31 09:14 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-09-13 00:34 - 2018-08-31 09:14 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-09-13 00:34 - 2018-08-31 09:12 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-09-13 00:34 - 2018-08-31 09:12 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2018-09-13 00:34 - 2018-08-31 08:58 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2018-09-13 00:34 - 2018-08-31 08:46 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-09-13 00:34 - 2018-08-31 08:44 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2018-09-13 00:34 - 2018-08-31 08:44 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-09-13 00:34 - 2018-08-31 08:43 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2018-09-13 00:34 - 2018-08-31 08:41 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2018-09-13 00:34 - 2018-08-31 08:41 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-09-13 00:34 - 2018-08-31 08:40 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-09-13 00:34 - 2018-08-31 08:40 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-09-13 00:34 - 2018-08-31 08:39 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2018-09-13 00:34 - 2018-08-31 08:37 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-09-13 00:34 - 2018-08-28 12:18 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll 2018-09-13 00:34 - 2018-08-09 14:46 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2018-09-13 00:34 - 2018-08-09 14:41 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-09-13 00:34 - 2018-08-09 14:41 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2018-09-13 00:34 - 2018-08-09 13:51 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-09-13 00:34 - 2018-08-09 10:32 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2018-09-13 00:34 - 2018-08-09 10:24 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2018-09-13 00:34 - 2018-08-09 10:23 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-09-13 00:34 - 2018-08-09 09:59 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-09-13 00:34 - 2018-08-09 09:59 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2018-09-13 00:34 - 2018-08-09 09:59 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2018-09-13 00:34 - 2018-08-09 09:55 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2018-09-13 00:34 - 2018-08-09 09:54 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2018-09-13 00:34 - 2018-08-09 09:53 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2018-09-13 00:34 - 2018-08-09 09:53 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2018-09-13 00:34 - 2018-08-09 09:41 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2018-09-13 00:34 - 2018-08-09 09:40 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2018-09-13 00:33 - 2018-08-31 13:16 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-09-13 00:33 - 2018-08-31 13:12 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2018-09-13 00:33 - 2018-08-31 12:54 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2018-09-13 00:33 - 2018-08-31 12:53 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2018-09-13 00:33 - 2018-08-31 12:52 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2018-09-13 00:33 - 2018-08-31 12:52 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2018-09-13 00:33 - 2018-08-31 12:25 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2018-09-13 00:33 - 2018-08-31 12:07 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2018-09-13 00:33 - 2018-08-31 12:07 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2018-09-13 00:33 - 2018-08-31 12:06 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2018-09-13 00:33 - 2018-08-31 09:20 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll 2018-09-13 00:33 - 2018-08-31 09:20 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll 2018-09-13 00:33 - 2018-08-31 09:14 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2018-09-13 00:33 - 2018-08-31 09:13 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2018-09-13 00:33 - 2018-08-31 09:13 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-09-13 00:33 - 2018-08-31 09:12 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-09-13 00:33 - 2018-08-31 09:12 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-09-13 00:33 - 2018-08-31 09:12 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-09-13 00:33 - 2018-08-31 09:12 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2018-09-13 00:33 - 2018-08-31 09:12 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2018-09-13 00:33 - 2018-08-31 08:58 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2018-09-13 00:33 - 2018-08-31 08:58 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-09-13 00:33 - 2018-08-31 08:58 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll 2018-09-13 00:33 - 2018-08-31 08:45 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-09-13 00:33 - 2018-08-31 08:44 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2018-09-13 00:33 - 2018-08-31 08:42 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-09-13 00:33 - 2018-08-31 08:41 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-09-13 00:33 - 2018-08-31 08:41 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2018-09-13 00:33 - 2018-08-31 08:41 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-09-13 00:33 - 2018-08-31 08:40 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2018-09-13 00:33 - 2018-08-31 08:40 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-09-13 00:33 - 2018-08-31 08:40 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-09-13 00:33 - 2018-08-31 08:37 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2018-09-13 00:33 - 2018-08-28 12:15 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2018-09-13 00:33 - 2018-08-09 15:01 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2018-09-13 00:33 - 2018-08-09 14:43 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2018-09-13 00:33 - 2018-08-09 14:43 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2018-09-13 00:33 - 2018-08-09 14:42 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2018-09-13 00:33 - 2018-08-09 14:41 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2018-09-13 00:33 - 2018-08-09 14:40 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe 2018-09-13 00:33 - 2018-08-09 14:40 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-09-13 00:33 - 2018-08-09 14:06 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2018-09-13 00:33 - 2018-08-09 13:53 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2018-09-13 00:33 - 2018-08-09 13:53 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2018-09-13 00:33 - 2018-08-09 13:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2018-09-13 00:33 - 2018-08-09 13:50 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2018-09-13 00:33 - 2018-08-09 10:31 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2018-09-13 00:33 - 2018-08-09 10:24 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2018-09-13 00:33 - 2018-08-09 10:23 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-09-13 00:33 - 2018-08-09 10:23 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2018-09-13 00:33 - 2018-08-09 10:23 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2018-09-13 00:33 - 2018-08-09 10:23 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2018-09-13 00:33 - 2018-08-09 10:00 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2018-09-13 00:33 - 2018-08-09 10:00 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2018-09-13 00:33 - 2018-08-09 09:58 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2018-09-13 00:33 - 2018-08-09 09:57 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-09-13 00:33 - 2018-08-09 09:55 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2018-09-13 00:33 - 2018-08-09 09:55 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2018-09-13 00:33 - 2018-08-09 09:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-09-13 00:33 - 2018-08-09 09:53 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2018-09-13 00:33 - 2018-08-09 09:53 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2018-09-13 00:33 - 2018-08-09 09:52 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-09-13 00:33 - 2018-08-09 09:52 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2018-09-13 00:33 - 2018-08-09 09:51 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-09-13 00:33 - 2018-08-09 09:43 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2018-09-13 00:33 - 2018-08-09 09:40 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2018-09-13 00:33 - 2018-08-09 09:39 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-09-13 00:33 - 2018-08-09 08:38 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls 2018-09-13 00:33 - 2018-08-09 08:38 - 000806416 _____ C:\WINDOWS\system32\locale.nls 2018-09-13 00:32 - 2018-08-31 13:15 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2018-09-13 00:32 - 2018-08-31 12:57 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2018-09-13 00:32 - 2018-08-31 12:57 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2018-09-13 00:32 - 2018-08-31 12:56 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys 2018-09-13 00:32 - 2018-08-31 12:55 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll 2018-09-13 00:32 - 2018-08-31 12:55 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe 2018-09-13 00:32 - 2018-08-31 12:54 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2018-09-13 00:32 - 2018-08-31 12:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2018-09-13 00:32 - 2018-08-31 12:11 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2018-09-13 00:32 - 2018-08-31 12:11 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2018-09-13 00:32 - 2018-08-31 12:10 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll 2018-09-13 00:32 - 2018-08-31 12:07 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-09-13 00:32 - 2018-08-31 09:14 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2018-09-13 00:32 - 2018-08-31 09:14 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-09-13 00:32 - 2018-08-31 09:14 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2018-09-13 00:32 - 2018-08-31 09:12 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2018-09-13 00:32 - 2018-08-31 09:12 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2018-09-13 00:32 - 2018-08-31 09:12 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2018-09-13 00:32 - 2018-08-31 08:58 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2018-09-13 00:32 - 2018-08-31 08:58 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2018-09-13 00:32 - 2018-08-31 08:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2018-09-13 00:32 - 2018-08-31 08:47 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll 2018-09-13 00:32 - 2018-08-31 08:45 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2018-09-13 00:32 - 2018-08-31 08:45 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys 2018-09-13 00:32 - 2018-08-31 08:44 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-09-13 00:32 - 2018-08-31 08:44 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-09-13 00:32 - 2018-08-31 08:43 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2018-09-13 00:32 - 2018-08-31 08:43 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2018-09-13 00:32 - 2018-08-31 08:42 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll 2018-09-13 00:32 - 2018-08-31 08:41 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2018-09-13 00:32 - 2018-08-31 08:41 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2018-09-13 00:32 - 2018-08-31 08:40 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2018-09-13 00:32 - 2018-08-31 08:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2018-09-13 00:32 - 2018-08-31 08:40 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2018-09-13 00:32 - 2018-08-31 08:39 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-09-13 00:32 - 2018-08-31 08:38 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2018-09-13 00:32 - 2018-08-31 08:37 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2018-09-13 00:32 - 2018-08-31 08:36 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2018-09-13 00:32 - 2018-08-31 07:27 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim 2018-09-13 00:32 - 2018-08-28 12:26 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2018-09-13 00:32 - 2018-08-28 12:19 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-09-13 00:32 - 2018-08-28 11:21 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2018-09-13 00:32 - 2018-08-14 07:44 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2018-09-13 00:32 - 2018-08-14 07:44 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2018-09-13 00:32 - 2018-08-09 15:01 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2018-09-13 00:32 - 2018-08-09 15:01 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2018-09-13 00:32 - 2018-08-09 14:47 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2018-09-13 00:32 - 2018-08-09 14:44 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2018-09-13 00:32 - 2018-08-09 14:44 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll 2018-09-13 00:32 - 2018-08-09 14:44 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2018-09-13 00:32 - 2018-08-09 14:43 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe 2018-09-13 00:32 - 2018-08-09 14:43 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll 2018-09-13 00:32 - 2018-08-09 14:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2018-09-13 00:32 - 2018-08-09 14:42 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2018-09-13 00:32 - 2018-08-09 14:41 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2018-09-13 00:32 - 2018-08-09 14:41 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2018-09-13 00:32 - 2018-08-09 14:40 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2018-09-13 00:32 - 2018-08-09 14:39 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll 2018-09-13 00:32 - 2018-08-09 14:39 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll 2018-09-13 00:32 - 2018-08-09 14:39 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2018-09-13 00:32 - 2018-08-09 14:06 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2018-09-13 00:32 - 2018-08-09 13:54 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2018-09-13 00:32 - 2018-08-09 13:53 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll 2018-09-13 00:32 - 2018-08-09 13:52 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-09-13 00:32 - 2018-08-09 13:52 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2018-09-13 00:32 - 2018-08-09 13:52 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe 2018-09-13 00:32 - 2018-08-09 13:51 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2018-09-13 00:32 - 2018-08-09 13:51 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe 2018-09-13 00:32 - 2018-08-09 13:51 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2018-09-13 00:32 - 2018-08-09 13:50 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2018-09-13 00:32 - 2018-08-09 13:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll 2018-09-13 00:32 - 2018-08-09 13:50 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll 2018-09-13 00:32 - 2018-08-09 13:49 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2018-09-13 00:32 - 2018-08-09 10:25 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2018-09-13 00:32 - 2018-08-09 10:24 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-09-13 00:32 - 2018-08-09 10:24 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-09-13 00:32 - 2018-08-09 10:24 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-09-13 00:32 - 2018-08-09 10:23 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-09-13 00:32 - 2018-08-09 10:23 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll 2018-09-13 00:32 - 2018-08-09 10:23 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll 2018-09-13 00:32 - 2018-08-09 09:59 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2018-09-13 00:32 - 2018-08-09 09:59 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll 2018-09-13 00:32 - 2018-08-09 09:57 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2018-09-13 00:32 - 2018-08-09 09:57 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe 2018-09-13 00:32 - 2018-08-09 09:56 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2018-09-13 00:32 - 2018-08-09 09:56 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2018-09-13 00:32 - 2018-08-09 09:56 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2018-09-13 00:32 - 2018-08-09 09:56 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2018-09-13 00:32 - 2018-08-09 09:56 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll 2018-09-13 00:32 - 2018-08-09 09:56 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll 2018-09-13 00:32 - 2018-08-09 09:56 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2018-09-13 00:32 - 2018-08-09 09:52 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2018-09-13 00:32 - 2018-08-09 09:43 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe 2018-09-13 00:32 - 2018-08-09 09:42 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2018-09-13 00:32 - 2018-08-09 09:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-09-13 00:32 - 2018-08-09 09:38 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-13 02:19 - 2018-02-10 04:57 - 000000000 ____D C:\Users\hp\AppData\Roaming\BitTorrent 2018-10-13 02:18 - 2018-04-12 05:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-10-13 02:13 - 2018-02-10 04:39 - 000000000 ____D C:\Users\hp\AppData\Local\Free Download Manager 2018-10-13 01:57 - 2018-04-12 05:00 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-10-13 01:46 - 2018-07-13 00:42 - 000004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C56856DE-1E7F-4CF7-8BF0-3A0B75BA9E47} 2018-10-13 00:44 - 2018-06-20 20:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-10-12 22:00 - 2018-06-20 20:28 - 000000000 ____D C:\Users\hp 2018-10-12 22:00 - 2018-02-09 19:28 - 000000000 __SHD C:\Users\hp\IntelGraphicsProfiles 2018-10-07 17:09 - 2018-06-20 20:53 - 000004212 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-10-07 06:54 - 2017-05-19 00:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-10-04 22:44 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-10-04 18:01 - 2018-04-12 05:08 - 000000000 ___HD C:\Program Files\WindowsApps 2018-10-04 16:29 - 2018-02-10 05:06 - 000000000 ____D C:\Program Files\CCleaner 2018-10-04 14:14 - 2018-02-10 05:18 - 000000000 ____D C:\ProgramData\ProductData 2018-10-03 23:58 - 2018-02-09 23:26 - 000000000 ____D C:\WINDOWS\SHELLNEW 2018-10-03 21:07 - 2018-02-10 05:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-10-02 22:53 - 2018-04-19 10:34 - 000000000 ____D C:\Users\hp\AppData\Roaming\vlc 2018-10-02 19:54 - 2018-02-10 04:49 - 000000000 ____D C:\Program Files (x86)\VideoLAN 2018-10-02 19:32 - 2018-02-10 04:51 - 000000000 ____D C:\KMPlayer 2018-09-27 12:05 - 2018-06-29 21:55 - 000000000 ____D C:\ProgramData\Packages 2018-09-26 11:05 - 2018-02-10 03:04 - 000092496 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\llio.sys 2018-09-25 05:05 - 2017-03-19 02:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-09-25 00:15 - 2018-02-10 02:58 - 000000000 ____D C:\WINDOWS\system32\gprodat 2018-09-24 13:09 - 2018-06-20 20:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-09-24 12:58 - 2018-04-12 02:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2018-09-24 12:44 - 2017-05-19 00:47 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2018-09-24 12:44 - 2017-05-19 00:47 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2018-09-22 15:39 - 2018-02-09 19:33 - 000000000 ___RD C:\Users\hp\OneDrive 2018-09-22 14:24 - 2018-06-20 20:53 - 000004008 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2018-09-22 14:24 - 2018-06-20 20:53 - 000003776 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2018-09-22 13:08 - 2018-04-04 23:49 - 000000000 ____D C:\temp 2018-09-22 12:07 - 2018-04-12 02:34 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2018-09-22 11:58 - 2017-12-11 08:08 - 000000000 ____D C:\ProgramData\Realtek 2018-09-22 09:53 - 2018-06-20 20:53 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-09-22 09:10 - 2018-06-20 20:22 - 000411272 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-09-21 10:10 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-09-19 17:56 - 2018-06-20 20:53 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-177186563-2203864396-2981051637-1001 2018-09-19 17:56 - 2018-06-20 20:28 - 000002361 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-09-19 07:51 - 2018-02-25 01:22 - 000000000 ____D C:\Users\hp\AppData\Roaming\MPC-HC 2018-09-19 03:34 - 2018-02-10 04:16 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-19 03:34 - 2018-02-10 04:16 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-09-17 22:01 - 2018-06-20 20:28 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-09-17 22:01 - 2018-04-12 05:06 - 000000000 ____D C:\WINDOWS\INF 2018-09-15 13:54 - 2018-04-05 00:00 - 000000920 _____ C:\Users\hp\Desktop\BitTorrent.lnk 2018-09-15 13:54 - 2018-02-10 04:57 - 000000900 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2018-09-15 13:43 - 2018-08-12 06:28 - 000000000 ____D C:\Users\hp\AppData\Local\D3DSCache 2018-09-15 12:42 - 2018-02-20 20:36 - 000000000 ____D C:\Users\hp\AppData\Local\Packages 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\TextInput 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\bcastdvr 2018-09-13 02:50 - 2018-04-12 02:34 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-09-13 01:24 - 2018-06-20 20:53 - 000004594 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-09-13 01:23 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-09-13 01:23 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\Macromed ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-06-20 20:22 ==================== End of FRST.txt ============================ Addition.txt Link to post Share on other sites More sharing options...
RayRay26 Posted October 13, 2018 Author ID:1275220 Share Posted October 13, 2018 Farber Recovery Tool Logs Below. Note: The List BCD, Drivers MD5, Shortcut.txt and 90 Days Files options were unchecked while scanning. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018 Ran by hp (administrator) on LAPTOP-DO1RT005 (13-10-2018 02:16:54) Running from C:\Users\hp\Desktop Loaded Profiles: hp (Available Profiles: hp) Platform: Windows 10 Home Single Language Version 1803 17134.285 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\scsecsvc.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE () C:\Program Files\Quick Heal\Quick Heal Total Security\BSSISS.EXE (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki121190.inf_amd64_47cec0e8450d81b4\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\OPSSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\qhpisvr.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.EXE (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\emlproxy.exe (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\scanwscs.exe (HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe (HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe (Greatis Software, LLC) C:\Program Files (x86)\StopUpdates10\SU10Guard.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki121190.inf_amd64_47cec0e8450d81b4\igfxEM.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\updates\7.10.4_44633\bittorrentie.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\updates\7.10.4_44633\bittorrentie.exe (HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\sapissvc.exe () C:\Users\hp\Downloads\KillUpdate.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9216000 2017-04-13] (Realtek Semiconductor) HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [224384 2017-06-15] (Quick Heal Technologies Ltd.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-21] (HP Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [10150912 2018-02-22] (FreeDownloadManager.org) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [BitTorrent] => C:\Users\hp\AppData\Roaming\BitTorrent\BitTorrent.exe [1989824 2018-10-10] (BitTorrent Inc.) HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [1454592 2018-09-13] (Adobe Systems Incorporated) IFEO\dismHost.exe: [Debugger] nul IFEO\EOSNOTIFY.EXE: [Debugger] nul IFEO\InstallAgent.exe: [Debugger] nul IFEO\MusNotification.exe: [Debugger] nul IFEO\remsh.exe: [Debugger] nul IFEO\SIHClient.exe: [Debugger] nul IFEO\UpdateAssistant.exe: [Debugger] nul IFEO\UsoClient.exe: [Debugger] nul IFEO\WaaSMedic.exe: [Debugger] nul IFEO\Windows10Upgrade.exe: [Debugger] nul IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] nul Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{5d7ec3e3-d1b0-4ab1-9443-f700c0927a7a}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{e73291ed-557f-433c-9647-50f919fe0057}: [NameServer] 72.16.0.1,4.2.2.2 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-177186563-2203864396-2981051637-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-177186563-2203864396-2981051637-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-07] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-07] (HP Inc.) BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-07] (HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation) Edge: ====== Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.48.0_neutral__8wekyb3d8bbwe [2018-07-22] FireFox: ======== FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-23] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-177186563-2203864396-2981051637-1001: @catalinahub.com/CatalinaGroup Update;version=3 -> C:\Users\hp\AppData\Local\CatalinaGroup\Update\1.3.25.213\npCatalinaUpdate3.dll [No File] FF Plugin HKU\S-1-5-21-177186563-2203864396-2981051637-1001: @catalinahub.com/CatalinaGroup Update;version=9 -> C:\Users\hp\AppData\Local\CatalinaGroup\Update\1.3.25.213\npCatalinaUpdate3.dll [No File] Chrome: ======= CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2018-10-13] CHR Extension: (Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-10] CHR Extension: (Free Download Manager) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2018-08-04] CHR Extension: (Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-10] CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-10] CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-10] CHR Extension: (uBlock Origin) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-26] CHR Extension: (Tampermonkey) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-12] CHR Extension: (Adobe Acrobat) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-10] CHR Extension: (Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-10] CHR Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20] CHR Extension: (Temporary Bookmarks) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gicpnnockilhclmgekhdnnjokdmlfhmk [2018-09-01] CHR Extension: (No Coin - Block miners on the web!) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojamcfopckidlocpkbelmpjcgmbgjcl [2018-09-26] CHR Extension: (Selectable - for fanfiction.net and more) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcidlhgdoojamkbpmhbpgldmajnobefd [2018-06-11] CHR Extension: (Disconnect) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2018-09-26] CHR Extension: (Video DownloadHelper) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-09-20] CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-10-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-10] CHR Extension: (Chrome Media Router) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19] CHR Extension: (Privacy Badger) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2018-10-07] CHR HKU\S-1-5-21-177186563-2203864396-2981051637-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE [80000 2018-08-06] (Quick Heal Technologies Ltd.) R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [38512 2018-08-09] (Quick Heal Technologies Ltd.) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [134624 2017-04-15] (Realtek Semiconductor Corp.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation) R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [67200 2018-06-04] (Quick Heal Technologies Ltd.) S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [339056 2018-08-06] (Quick Heal Technologies Ltd.) R3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [339056 2018-08-06] (Quick Heal Technologies Ltd.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-10] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-10] (Dropbox, Inc.) R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2210936 2017-02-09] (Intel Corporation) S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent) R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-08] (HP Inc.) [File not signed] R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-02] (HP Inc.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-04] (HP Inc.) R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Corporation) S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [196200 2017-02-20] (Intel Corporation) R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [71808 2017-06-15] (Quick Heal Technologies Ltd.) R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [173184 2017-07-04] (Quick Heal Technologies Ltd.) R2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [43136 2018-02-10] (Quick Heal Technologies Ltd.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-13] (Realtek Semiconductor) R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [367136 2018-06-20] (Quick Heal Technologies Ltd.) R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [638576 2018-02-10] (Quick Heal Technologies Ltd.) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R2 SU10Guard; C:\Program Files (x86)\StopUpdates10\SU10Guard.exe [67480 2018-10-04] (Greatis Software, LLC) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-08-24] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-03] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 arwflt; C:\WINDOWS\System32\DRIVERS\arwflt.sys [107592 2018-08-06] (Quick Heal Technologies Ltd.) R3 atkldrvr; C:\WINDOWS\System32\DRIVERS\atkldrvr.sys [57144 2017-04-27] (Quick Heal Technologies Ltd.) R1 bdsflt; C:\WINDOWS\System32\DRIVERS\bdsflt.sys [406648 2018-08-09] (Quick Heal Technologies Ltd.) R2 bdsnm; C:\WINDOWS\system32\DRIVERS\bdsnm.sys [49960 2018-08-09] (Quick Heal Technologies Ltd.) R3 bsfs; C:\WINDOWS\System32\DRIVERS\bsfs.sys [96784 2018-02-10] (Quick Heal Technologies Ltd.) R2 catflt; C:\WINDOWS\System32\DRIVERS\catflt.sys [158576 2017-05-23] (Quick Heal Technologies Ltd.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67976 2017-02-09] (Intel Corporation) S0 elamdrv; C:\WINDOWS\System32\DRIVERS\elamdrv.sys [37536 2016-01-25] (Quick Heal Technologies Ltd.) R2 emlssx; C:\WINDOWS\system32\DRIVERS\emlssx.sys [39792 2016-04-12] (Quick Heal Technologies Ltd.) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355208 2017-02-09] (Intel Corporation) R1 ggc; C:\WINDOWS\System32\DRIVERS\ggc.sys [95736 2018-05-31] (Quick Heal Technologies Ltd.) R3 kbfltr; C:\WINDOWS\system32\DRIVERS\kbfltr.sys [39152 2017-04-27] (Quick Heal Technologies Ltd.) S3 llio; C:\windows\system32\DRIVERS\llio.sys [92496 2018-09-26] (Quick Heal Technologies Ltd.) S0 mscank; C:\WINDOWS\System32\DRIVERS\mscank.sys [62344 2017-04-27] (Quick Heal Technologies Ltd.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-14] (Realtek ) S3 RT8723DE; C:\WINDOWS\System32\drivers\rtl8723de.sys [6763672 2017-04-28] (Realtek Semiconductor Corporation ) R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [723920 2017-07-20] (Realtek Semiconductor Corporation) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-27] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6895984 2017-08-17] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [45144 2017-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [46680 2017-08-24] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation) R0 webssx; C:\WINDOWS\System32\drivers\webssx8.sys [104496 2018-06-04] (Quick Heal Technologies Ltd.) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-13 02:16 - 2018-10-13 02:18 - 000024214 _____ C:\Users\hp\Desktop\FRST.txt 2018-10-13 02:15 - 2018-10-13 02:16 - 000000000 ____D C:\FRST 2018-10-13 02:14 - 2018-10-13 02:14 - 002414592 _____ (Farbar) C:\Users\hp\Desktop\FRST64.exe 2018-10-12 22:00 - 2018-10-12 22:00 - 000000000 ___HD C:\Users\hp\ScStore 2018-10-10 04:02 - 2018-10-12 22:01 - 000000000 ____D C:\Users\hp\AppData\LocalLow\BitTorrent 2018-10-07 06:55 - 2018-10-07 06:55 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-10-07 06:55 - 2018-10-07 06:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2018-10-06 05:59 - 2018-10-06 06:00 - 000112845 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E04.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to].torrent 2018-10-06 02:32 - 2018-10-06 02:32 - 000000000 ____D C:\Users\hp\AppData\Local\ElevatedDiagnostics 2018-10-06 02:29 - 2018-10-06 02:29 - 000046682 _____ C:\Users\hp\Downloads\wushowhide.diagcab 2018-10-06 01:23 - 2018-10-06 01:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StopUpdates10 2018-10-06 01:22 - 2018-10-07 19:42 - 000000000 ____D C:\Program Files (x86)\StopUpdates10 2018-10-06 01:19 - 2018-10-04 23:36 - 001325560 _____ (Greatis Software ) C:\Users\hp\Downloads\stopupdates10setup.exe 2018-10-05 02:57 - 2018-10-05 08:13 - 000003084 _____ C:\WINDOWS\System32\Tasks\Kill-Update 2018-10-05 02:56 - 2018-10-05 02:56 - 000000000 ____D C:\Users\hp\AppData\Roaming\Kill-Update 2018-10-05 02:53 - 2018-10-05 02:53 - 000274952 _____ () C:\Users\hp\Downloads\KillUpdate (2).exe 2018-10-05 02:38 - 2018-10-05 02:38 - 000274952 _____ () C:\Users\hp\Downloads\KillUpdate.exe 2018-10-05 02:05 - 2018-10-05 02:05 - 001611639 _____ C:\Users\hp\Downloads\stopupdates10portable (1).zip 2018-10-05 01:41 - 2018-10-05 01:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-177186563-2203864396-2981051637-1001 2018-10-04 23:36 - 2018-10-04 23:36 - 001298187 _____ C:\Users\hp\Downloads\stopupdates10.zip 2018-10-04 16:50 - 2018-10-04 16:50 - 000000000 ____D C:\Users\hp\AppData\Roaming\IObit 2018-10-04 14:08 - 2018-10-04 14:08 - 000000000 ____D C:\Program Files (x86)\IObit 2018-10-04 00:15 - 2018-10-04 00:15 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (3).torrent 2018-10-04 00:14 - 2018-10-04 00:14 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent 2018-10-03 23:56 - 2018-10-03 23:56 - 000000000 ___RD C:\Users\hp\Documents\Notes 2018-10-03 20:59 - 2018-10-03 20:59 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent 2018-10-03 18:32 - 2018-10-03 18:32 - 000121445 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to] (1).torrent 2018-10-03 02:44 - 2018-10-03 02:44 - 000125310 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.1080p.HDTV.x264-MTB[rartv]-[rarbg.to].torrent 2018-10-03 02:42 - 2018-10-03 02:42 - 000121445 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to].torrent 2018-10-03 02:40 - 2018-10-03 02:40 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-03 00:25 - 2018-10-03 00:25 - 000088014 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E02.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-02 21:32 - 2018-10-03 00:15 - 2414105171 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.The.Fourth.Of.July.1080p.STAN.WEB-DL.DDP5.1.H264-SiGMA.mkv 2018-10-02 21:32 - 2018-10-02 21:32 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (4).torrent 2018-10-02 21:31 - 2018-10-02 21:31 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (3).torrent 2018-10-02 20:11 - 2018-10-02 20:11 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent 2018-10-02 20:05 - 2018-10-02 20:05 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent 2018-10-02 19:58 - 2018-10-02 19:58 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-02 19:54 - 2018-10-02 19:54 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk 2018-10-02 19:54 - 2018-10-02 19:54 - 000000000 ____D C:\Program Files\VideoLAN 2018-10-02 19:50 - 2018-10-02 19:52 - 041486400 _____ C:\Users\hp\Downloads\vlc-3.0.4-win64.exe 2018-10-02 19:36 - 2018-10-02 19:36 - 000000000 ____D C:\Users\hp\AppData\Roaming\KMP 2018-10-02 19:33 - 2018-10-02 19:33 - 000000898 _____ C:\Users\hp\Desktop\KMPlayer 64X.lnk 2018-10-02 19:33 - 2018-10-02 19:33 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KMPlayer 64X 2018-10-02 19:21 - 2018-10-02 19:32 - 000000000 ____D C:\Program Files\KMPlayer 64X 2018-10-02 17:31 - 2018-10-02 17:31 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent 2018-10-02 17:28 - 2018-10-02 17:28 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent 2018-10-02 16:47 - 2018-10-02 16:47 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent 2018-09-29 01:59 - 2018-10-04 02:37 - 000000000 ____D C:\Users\hp\Downloads\HQ 2018-09-29 01:55 - 2018-09-28 16:44 - 000066206 ____N C:\Users\hp\Downloads\the.truth.about.the.harry.quebert.affair.s01e02.hdtv.x264-mtb.srt 2018-09-29 01:53 - 2018-09-29 01:53 - 000025101 _____ C:\Users\hp\Downloads\94234-the-truth-about-the-harry-quebert-affair-s01e02-[English-subtitles.org].zip 2018-09-28 16:13 - 2018-09-28 16:54 - 000110547 _____ C:\Users\hp\Downloads\Flypaper.2011.720p.BrRip.x264.YIFY.srt 2018-09-28 16:12 - 2018-09-28 17:08 - 578713985 _____ C:\Users\hp\Downloads\Flypaper.2011.720p.BrRip.x264.YIFY.mp4 2018-09-28 16:06 - 2018-09-28 16:06 - 000011887 _____ C:\Users\hp\Downloads\Flypaper (2011) [BluRay] [720p] [YTS.AM].torrent 2018-09-26 16:04 - 2018-09-26 16:04 - 000014014 _____ C:\Users\hp\Downloads\a-discovery-of-witches_english-1847411.zip 2018-09-26 14:12 - 2018-10-02 21:33 - 000000030 _____ C:\Users\hp\Downloads\RARBG.txt 2018-09-24 13:09 - 2018-09-24 13:09 - 000000000 ___HD C:\ProgramData\temp 2018-09-24 12:44 - 2018-09-28 16:30 - 000000000 ____D C:\WINDOWS\Minidump 2018-09-24 12:31 - 2018-09-24 12:32 - 000380928 _____ C:\Users\hp\Downloads\vz6qpidg.exe 2018-09-24 12:25 - 2018-09-24 12:28 - 000299650 _____ C:\TDSSKiller.3.1.0.17_24.09.2018_12.25.23_log.txt 2018-09-24 12:18 - 2018-09-24 13:07 - 000445636 _____ C:\WINDOWS\ntbtlog.txt 2018-09-24 12:18 - 2018-09-24 12:59 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2018-09-24 11:23 - 2018-09-24 11:26 - 000000000 ____D C:\Users\hp\Documents\#2 Softwares to search for stored Passwords in Windows 2018-09-22 16:39 - 2018-09-22 16:40 - 002771496 _____ C:\Users\hp\Downloads\avast_secure_browser_setup.exe 2018-09-22 10:01 - 2018-09-22 10:01 - 000000000 _____ C:\Users\hp\Downloads\migrate 2018-09-22 07:14 - 2018-09-22 07:14 - 000000000 ___HD C:\OneDriveTemp 2018-09-21 14:37 - 2018-09-21 14:37 - 000060314 _____ C:\Users\hp\Downloads\[limetorrents.info]No.Reservations[2007]DvDrip[Eng]-FXG (1).torrent 2018-09-21 14:14 - 2018-09-21 14:14 - 000060314 _____ C:\Users\hp\Downloads\[limetorrents.info]No.Reservations[2007]DvDrip[Eng]-FXG.torrent 2018-09-21 14:05 - 2018-09-21 14:05 - 000057105 _____ C:\Users\hp\Downloads\No.Reservations[2007]DvDrip[Eng]-FXG.torrent 2018-09-21 14:00 - 2018-09-21 14:00 - 000014829 _____ C:\Users\hp\Downloads\Something Borrowed (2011) [BluRay] [720p] [YTS.AM] (1).torrent 2018-09-21 13:59 - 2018-09-21 13:59 - 000014829 _____ C:\Users\hp\Downloads\Something Borrowed (2011) [BluRay] [720p] [YTS.AM].torrent 2018-09-21 13:52 - 2018-09-21 13:52 - 000013705 _____ C:\Users\hp\Downloads\Made of Honor (2008) [BluRay] [720p] [YTS.AM].torrent 2018-09-21 13:32 - 2018-10-13 00:26 - 000000000 ____D C:\Users\hp\Documents\#1 Priority Movies 2018-09-21 13:32 - 2018-09-21 13:32 - 000000714 _____ C:\Users\hp\Documents\Music - Shortcut.lnk 2018-09-21 06:12 - 2018-09-21 06:12 - 001474296 _____ C:\Users\hp\Downloads\segment-4-v1-a1.ts 2018-09-21 03:38 - 2018-09-21 03:38 - 000000000 ____D C:\Users\hp\AppData\Roaming\WinRAR 2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\Program Files\WinRAR 2018-09-21 03:36 - 2018-09-21 03:36 - 003110776 _____ (Alexander Roshal) C:\Users\hp\Downloads\winrar-x64-560.exe 2018-09-21 02:37 - 2018-09-21 02:37 - 010398952 ____N ( ) C:\Users\hp\Downloads\yodot-rar-repair.exe 2018-09-21 02:10 - 2013-11-21 09:40 - 410785946 _____ C:\Users\hp\Downloads\Bank Robber (1993).avi 2018-09-20 23:25 - 2018-09-21 00:31 - 410786119 _____ C:\Users\hp\Downloads\Ba93rob.part3.rar 2018-09-20 22:55 - 2018-09-20 22:55 - 000000000 ____D C:\Users\hp\Documents\Bandicam 2018-09-20 22:51 - 2018-09-20 22:53 - 017477064 _____ (Bandicam Company) C:\Users\hp\Downloads\bdcamsetup.exe 2018-09-20 22:31 - 2018-09-20 22:33 - 017327632 _____ (Remo Software ) C:\Users\hp\Downloads\remo-repair-avi.exe 2018-09-20 22:20 - 2018-09-20 22:20 - 000000000 _RSHD C:\ProgramData\Key-Base 2018-09-20 22:20 - 2018-09-20 22:20 - 000000000 ____D C:\ProgramData\{FA8C6B5E-65E7-1B9C-CB74-7C140A269F45} 2018-09-20 22:18 - 2018-09-20 22:18 - 021187224 _____ (Stellar Information Technology Pvt Ltd ) C:\Users\hp\Downloads\StellarPhoenixVideoRepair.exe 2018-09-20 21:06 - 2018-09-20 22:41 - 000000000 ____D C:\Users\hp\Documents\My DAP Downloads 2018-09-20 21:05 - 2018-09-20 21:05 - 000172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\WINDOWS\SysWOW64\AniGIF.ocx 2018-09-20 21:04 - 2018-09-20 21:04 - 010818216 _____ C:\Users\hp\Downloads\dap10_full (1).exe 2018-09-20 20:29 - 2018-09-20 20:39 - 087474376 _____ (WonderFox Soft, Inc.) C:\Users\hp\Downloads\hd-video-converter-pro.exe 2018-09-20 19:38 - 2018-09-20 19:38 - 000000025 _____ C:\WINDOWS\libem.INI 2018-09-20 19:38 - 2018-09-20 19:38 - 000000000 ____D C:\Users\hp\AppData\Roaming\BITS 2018-09-20 19:28 - 2018-09-20 19:30 - 000000159 _____ C:\Users\hp\Downloads\Try it.mp4 2018-09-20 19:20 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Pt. 2.avi 2018-09-20 18:18 - 2018-09-20 19:19 - 524288000 _____ C:\Users\hp\Downloads\Ba93rob.part2 (1).rar 2018-09-20 18:08 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Copy.avi 2018-09-20 17:02 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Pt. 1.avi 2018-09-20 15:35 - 2018-09-20 17:02 - 524288000 _____ C:\Users\hp\Downloads\Ba93rob.part1.rar 2018-09-20 15:28 - 2018-09-20 15:29 - 007662969 _____ C:\Users\hp\Downloads\videoplayback.mp4 2018-09-20 14:37 - 2018-09-20 14:37 - 005737217 _____ C:\Users\hp\Downloads\video.mp4 2018-09-20 14:15 - 2018-09-20 14:16 - 921718039 _____ C:\Users\hp\Downloads\CPs0ZJ29wP3f8FD.mp4.fdmdownload 2018-09-20 13:49 - 2018-09-20 13:50 - 000000000 ____D C:\Users\hp\dwhelper 2018-09-20 13:20 - 2018-09-20 13:20 - 000092138 _____ C:\Users\hp\Downloads\2552 (1) [SubtitleTools.com].srt 2018-09-20 13:18 - 2018-09-20 13:18 - 000086792 _____ C:\Users\hp\Downloads\2552 (2).vtt 2018-09-20 13:02 - 2018-09-20 13:02 - 000086792 _____ C:\Users\hp\Downloads\2552.vtt 2018-09-20 12:46 - 2018-09-20 12:47 - 000245340 _____ C:\Users\hp\Downloads\480-0089.ts 2018-09-19 07:12 - 2018-09-19 07:12 - 000021223 _____ C:\Users\hp\Downloads\Hacksaw Ridge (2016) [BluRay] [720p] [YTS.AM].torrent 2018-09-19 05:32 - 2018-10-06 06:58 - 000000000 ____D C:\Users\hp\Downloads\Discovery of Witches 2018-09-19 03:53 - 2018-09-19 03:53 - 000133830 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E01.1080p.HDTV.x264-MTB[rartv]-[rarbg.to].torrent 2018-09-18 05:33 - 2018-09-18 05:33 - 000033761 _____ C:\Users\hp\Downloads\Everything, Everything (2017) [BluRay] [720p] [YTS.AM].torrent 2018-09-18 05:32 - 2018-09-18 05:32 - 000031941 _____ C:\Users\hp\Downloads\Midnight Sun (2018) [BluRay] [720p] [YTS.AM].torrent 2018-09-18 04:00 - 2018-09-18 04:01 - 000027684 _____ C:\Users\hp\Downloads\The.Truth.About.The.Harry.Quebert.Affair.S01E02.HDTV.x264-MTB[rartv]-[rarbg.to].torrent 2018-09-18 02:49 - 2018-09-18 02:49 - 000023906 _____ C:\Users\hp\Downloads\[glodls.to]The.Truth.About.The.Harry.Quebert.Affair.S01E02.720p.HDTV.x264-MTB[TGx].torrent 2018-09-17 23:24 - 2018-09-17 23:24 - 000245985 _____ C:\Users\hp\Downloads\Summer_Fling_-_Tarrah_Anders.epub 2018-09-17 12:31 - 2018-09-17 12:32 - 000117354 _____ C:\Users\hp\Downloads\Watch Set It Up (2018) Full Movie on FMovies.to.vtt 2018-09-16 12:56 - 2018-09-16 12:57 - 001577552 _____ (Opera Software) C:\Users\hp\Downloads\OperaSetup.exe 2018-09-16 11:52 - 2018-09-16 11:53 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Mozilla 2018-09-16 11:43 - 2018-09-16 11:47 - 055828704 _____ C:\Users\hp\Downloads\torbrowser-install-win64-8.0_en-US (1).exe 2018-09-16 11:42 - 2018-09-16 11:46 - 055828704 _____ C:\Users\hp\Downloads\torbrowser-install-win64-8.0_en-US.exe 2018-09-16 04:07 - 2018-09-16 04:07 - 000000000 ____D C:\Users\hp\AppData\Local\mbam 2018-09-16 02:05 - 2018-09-16 02:05 - 000030747 _____ C:\Users\hp\Downloads\FCF317C57E227E556B9DD882A0410EB30C5D78C0.torrent 2018-09-15 13:52 - 2018-09-15 13:52 - 003128648 _____ (BitTorrent Inc.) C:\Users\hp\Downloads\BitTorrent (3).exe 2018-09-15 12:40 - 2018-09-15 12:40 - 000103206 _____ C:\Users\hp\Downloads\greys-anatomy-2-x-27-DVDRip TOPAZ UNCUT-86684-www.My-Subs.Com.srt 2018-09-15 12:39 - 2018-09-05 04:06 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2018-09-14 21:43 - 2018-09-14 21:44 - 000374942 _____ C:\Users\hp\Downloads\Trailer_Park_Virgin_-_Alexa_Riley.epub 2018-09-14 04:28 - 2018-09-14 04:28 - 001232964 _____ C:\Users\hp\Downloads\Salman_Rushdie_-_The_Satanic_Verses_-_1988.fb2 2018-09-14 04:21 - 2018-09-14 04:21 - 000515296 _____ C:\Users\hp\Downloads\Salman_Rushdie_-_The_Satanic_Verses.epub 2018-09-14 03:26 - 2018-09-14 03:26 - 000641665 _____ C:\Users\hp\Downloads\Beautiful_Bastard_-_Christina_Lauren.epub 2018-09-13 23:38 - 2018-09-13 23:39 - 000806688 _____ C:\Users\hp\Downloads\Kiss_the_Girl_3_-_Tara_Sivec.epub 2018-09-13 00:51 - 2018-08-31 09:12 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-09-13 00:51 - 2018-08-31 09:12 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-09-13 00:51 - 2018-08-31 09:12 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-09-13 00:51 - 2018-08-31 08:58 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-09-13 00:51 - 2018-08-31 08:56 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-09-13 00:51 - 2018-08-31 08:51 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-09-13 00:51 - 2018-08-31 08:50 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-09-13 00:51 - 2018-08-31 08:48 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-09-13 00:51 - 2018-08-31 08:45 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-09-13 00:51 - 2018-08-28 12:47 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2018-09-13 00:51 - 2018-08-09 15:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2018-09-13 00:51 - 2018-08-09 09:52 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-09-13 00:51 - 2018-08-09 09:39 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-09-13 00:50 - 2018-08-31 08:58 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-09-13 00:50 - 2018-08-31 08:46 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-09-13 00:50 - 2018-08-31 08:46 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2018-09-13 00:50 - 2018-08-31 08:45 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-09-13 00:50 - 2018-08-31 08:45 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2018-09-13 00:50 - 2018-08-31 08:40 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-09-13 00:50 - 2018-08-09 15:01 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2018-09-13 00:50 - 2018-08-09 14:44 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-09-13 00:50 - 2018-08-09 13:54 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-09-13 00:50 - 2018-08-09 09:58 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2018-09-13 00:34 - 2018-08-31 13:13 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2018-09-13 00:34 - 2018-08-31 12:53 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2018-09-13 00:34 - 2018-08-31 12:23 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2018-09-13 00:34 - 2018-08-31 09:14 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-09-13 00:34 - 2018-08-31 09:14 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-09-13 00:34 - 2018-08-31 09:12 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-09-13 00:34 - 2018-08-31 09:12 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2018-09-13 00:34 - 2018-08-31 08:58 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2018-09-13 00:34 - 2018-08-31 08:46 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-09-13 00:34 - 2018-08-31 08:44 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2018-09-13 00:34 - 2018-08-31 08:44 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-09-13 00:34 - 2018-08-31 08:43 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2018-09-13 00:34 - 2018-08-31 08:41 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2018-09-13 00:34 - 2018-08-31 08:41 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-09-13 00:34 - 2018-08-31 08:40 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-09-13 00:34 - 2018-08-31 08:40 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-09-13 00:34 - 2018-08-31 08:39 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2018-09-13 00:34 - 2018-08-31 08:37 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-09-13 00:34 - 2018-08-28 12:18 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll 2018-09-13 00:34 - 2018-08-09 14:46 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2018-09-13 00:34 - 2018-08-09 14:41 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-09-13 00:34 - 2018-08-09 14:41 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2018-09-13 00:34 - 2018-08-09 13:51 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-09-13 00:34 - 2018-08-09 10:32 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2018-09-13 00:34 - 2018-08-09 10:24 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2018-09-13 00:34 - 2018-08-09 10:23 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-09-13 00:34 - 2018-08-09 09:59 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-09-13 00:34 - 2018-08-09 09:59 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2018-09-13 00:34 - 2018-08-09 09:59 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2018-09-13 00:34 - 2018-08-09 09:55 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2018-09-13 00:34 - 2018-08-09 09:54 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2018-09-13 00:34 - 2018-08-09 09:53 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2018-09-13 00:34 - 2018-08-09 09:53 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2018-09-13 00:34 - 2018-08-09 09:41 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2018-09-13 00:34 - 2018-08-09 09:40 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2018-09-13 00:33 - 2018-08-31 13:16 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-09-13 00:33 - 2018-08-31 13:12 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2018-09-13 00:33 - 2018-08-31 12:54 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2018-09-13 00:33 - 2018-08-31 12:53 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2018-09-13 00:33 - 2018-08-31 12:52 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2018-09-13 00:33 - 2018-08-31 12:52 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2018-09-13 00:33 - 2018-08-31 12:25 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2018-09-13 00:33 - 2018-08-31 12:07 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2018-09-13 00:33 - 2018-08-31 12:07 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2018-09-13 00:33 - 2018-08-31 12:06 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2018-09-13 00:33 - 2018-08-31 09:20 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll 2018-09-13 00:33 - 2018-08-31 09:20 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll 2018-09-13 00:33 - 2018-08-31 09:14 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2018-09-13 00:33 - 2018-08-31 09:13 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2018-09-13 00:33 - 2018-08-31 09:13 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-09-13 00:33 - 2018-08-31 09:12 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-09-13 00:33 - 2018-08-31 09:12 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-09-13 00:33 - 2018-08-31 09:12 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-09-13 00:33 - 2018-08-31 09:12 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll 2018-09-13 00:33 - 2018-08-31 09:12 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2018-09-13 00:33 - 2018-08-31 09:12 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2018-09-13 00:33 - 2018-08-31 08:58 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2018-09-13 00:33 - 2018-08-31 08:58 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-09-13 00:33 - 2018-08-31 08:58 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll 2018-09-13 00:33 - 2018-08-31 08:45 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-09-13 00:33 - 2018-08-31 08:44 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2018-09-13 00:33 - 2018-08-31 08:42 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-09-13 00:33 - 2018-08-31 08:41 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-09-13 00:33 - 2018-08-31 08:41 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2018-09-13 00:33 - 2018-08-31 08:41 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-09-13 00:33 - 2018-08-31 08:40 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2018-09-13 00:33 - 2018-08-31 08:40 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-09-13 00:33 - 2018-08-31 08:40 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-09-13 00:33 - 2018-08-31 08:37 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2018-09-13 00:33 - 2018-08-28 12:15 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2018-09-13 00:33 - 2018-08-09 15:01 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2018-09-13 00:33 - 2018-08-09 14:43 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2018-09-13 00:33 - 2018-08-09 14:43 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2018-09-13 00:33 - 2018-08-09 14:42 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2018-09-13 00:33 - 2018-08-09 14:41 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2018-09-13 00:33 - 2018-08-09 14:40 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe 2018-09-13 00:33 - 2018-08-09 14:40 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-09-13 00:33 - 2018-08-09 14:06 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2018-09-13 00:33 - 2018-08-09 13:53 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2018-09-13 00:33 - 2018-08-09 13:53 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2018-09-13 00:33 - 2018-08-09 13:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2018-09-13 00:33 - 2018-08-09 13:50 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2018-09-13 00:33 - 2018-08-09 10:31 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2018-09-13 00:33 - 2018-08-09 10:24 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2018-09-13 00:33 - 2018-08-09 10:23 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-09-13 00:33 - 2018-08-09 10:23 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2018-09-13 00:33 - 2018-08-09 10:23 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2018-09-13 00:33 - 2018-08-09 10:23 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2018-09-13 00:33 - 2018-08-09 10:00 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2018-09-13 00:33 - 2018-08-09 10:00 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2018-09-13 00:33 - 2018-08-09 09:58 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2018-09-13 00:33 - 2018-08-09 09:57 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-09-13 00:33 - 2018-08-09 09:55 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2018-09-13 00:33 - 2018-08-09 09:55 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2018-09-13 00:33 - 2018-08-09 09:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-09-13 00:33 - 2018-08-09 09:53 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2018-09-13 00:33 - 2018-08-09 09:53 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2018-09-13 00:33 - 2018-08-09 09:52 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-09-13 00:33 - 2018-08-09 09:52 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2018-09-13 00:33 - 2018-08-09 09:51 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-09-13 00:33 - 2018-08-09 09:43 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2018-09-13 00:33 - 2018-08-09 09:40 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2018-09-13 00:33 - 2018-08-09 09:39 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-09-13 00:33 - 2018-08-09 08:38 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls 2018-09-13 00:33 - 2018-08-09 08:38 - 000806416 _____ C:\WINDOWS\system32\locale.nls 2018-09-13 00:32 - 2018-08-31 13:15 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2018-09-13 00:32 - 2018-08-31 12:57 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2018-09-13 00:32 - 2018-08-31 12:57 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2018-09-13 00:32 - 2018-08-31 12:56 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys 2018-09-13 00:32 - 2018-08-31 12:55 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll 2018-09-13 00:32 - 2018-08-31 12:55 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe 2018-09-13 00:32 - 2018-08-31 12:54 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2018-09-13 00:32 - 2018-08-31 12:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2018-09-13 00:32 - 2018-08-31 12:11 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2018-09-13 00:32 - 2018-08-31 12:11 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2018-09-13 00:32 - 2018-08-31 12:10 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll 2018-09-13 00:32 - 2018-08-31 12:07 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-09-13 00:32 - 2018-08-31 09:14 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2018-09-13 00:32 - 2018-08-31 09:14 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-09-13 00:32 - 2018-08-31 09:14 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2018-09-13 00:32 - 2018-08-31 09:12 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2018-09-13 00:32 - 2018-08-31 09:12 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2018-09-13 00:32 - 2018-08-31 09:12 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2018-09-13 00:32 - 2018-08-31 08:58 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2018-09-13 00:32 - 2018-08-31 08:58 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2018-09-13 00:32 - 2018-08-31 08:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2018-09-13 00:32 - 2018-08-31 08:47 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll 2018-09-13 00:32 - 2018-08-31 08:45 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2018-09-13 00:32 - 2018-08-31 08:45 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys 2018-09-13 00:32 - 2018-08-31 08:44 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-09-13 00:32 - 2018-08-31 08:44 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-09-13 00:32 - 2018-08-31 08:43 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2018-09-13 00:32 - 2018-08-31 08:43 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2018-09-13 00:32 - 2018-08-31 08:42 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll 2018-09-13 00:32 - 2018-08-31 08:41 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2018-09-13 00:32 - 2018-08-31 08:41 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2018-09-13 00:32 - 2018-08-31 08:40 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2018-09-13 00:32 - 2018-08-31 08:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2018-09-13 00:32 - 2018-08-31 08:40 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2018-09-13 00:32 - 2018-08-31 08:39 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-09-13 00:32 - 2018-08-31 08:38 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2018-09-13 00:32 - 2018-08-31 08:37 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2018-09-13 00:32 - 2018-08-31 08:36 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2018-09-13 00:32 - 2018-08-31 07:27 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim 2018-09-13 00:32 - 2018-08-28 12:26 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2018-09-13 00:32 - 2018-08-28 12:19 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-09-13 00:32 - 2018-08-28 11:21 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2018-09-13 00:32 - 2018-08-14 07:44 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2018-09-13 00:32 - 2018-08-14 07:44 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2018-09-13 00:32 - 2018-08-09 15:01 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2018-09-13 00:32 - 2018-08-09 15:01 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2018-09-13 00:32 - 2018-08-09 14:47 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2018-09-13 00:32 - 2018-08-09 14:44 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2018-09-13 00:32 - 2018-08-09 14:44 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll 2018-09-13 00:32 - 2018-08-09 14:44 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2018-09-13 00:32 - 2018-08-09 14:43 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe 2018-09-13 00:32 - 2018-08-09 14:43 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll 2018-09-13 00:32 - 2018-08-09 14:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2018-09-13 00:32 - 2018-08-09 14:42 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2018-09-13 00:32 - 2018-08-09 14:41 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2018-09-13 00:32 - 2018-08-09 14:41 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2018-09-13 00:32 - 2018-08-09 14:40 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2018-09-13 00:32 - 2018-08-09 14:39 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll 2018-09-13 00:32 - 2018-08-09 14:39 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll 2018-09-13 00:32 - 2018-08-09 14:39 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2018-09-13 00:32 - 2018-08-09 14:06 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2018-09-13 00:32 - 2018-08-09 13:54 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2018-09-13 00:32 - 2018-08-09 13:53 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll 2018-09-13 00:32 - 2018-08-09 13:52 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-09-13 00:32 - 2018-08-09 13:52 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2018-09-13 00:32 - 2018-08-09 13:52 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe 2018-09-13 00:32 - 2018-08-09 13:51 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2018-09-13 00:32 - 2018-08-09 13:51 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe 2018-09-13 00:32 - 2018-08-09 13:51 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2018-09-13 00:32 - 2018-08-09 13:50 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2018-09-13 00:32 - 2018-08-09 13:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll 2018-09-13 00:32 - 2018-08-09 13:50 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll 2018-09-13 00:32 - 2018-08-09 13:49 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2018-09-13 00:32 - 2018-08-09 10:25 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2018-09-13 00:32 - 2018-08-09 10:24 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-09-13 00:32 - 2018-08-09 10:24 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-09-13 00:32 - 2018-08-09 10:24 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-09-13 00:32 - 2018-08-09 10:23 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-09-13 00:32 - 2018-08-09 10:23 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll 2018-09-13 00:32 - 2018-08-09 10:23 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll 2018-09-13 00:32 - 2018-08-09 09:59 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2018-09-13 00:32 - 2018-08-09 09:59 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll 2018-09-13 00:32 - 2018-08-09 09:57 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2018-09-13 00:32 - 2018-08-09 09:57 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe 2018-09-13 00:32 - 2018-08-09 09:56 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2018-09-13 00:32 - 2018-08-09 09:56 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2018-09-13 00:32 - 2018-08-09 09:56 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2018-09-13 00:32 - 2018-08-09 09:56 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2018-09-13 00:32 - 2018-08-09 09:56 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll 2018-09-13 00:32 - 2018-08-09 09:56 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll 2018-09-13 00:32 - 2018-08-09 09:56 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2018-09-13 00:32 - 2018-08-09 09:55 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2018-09-13 00:32 - 2018-08-09 09:52 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2018-09-13 00:32 - 2018-08-09 09:43 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe 2018-09-13 00:32 - 2018-08-09 09:42 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll 2018-09-13 00:32 - 2018-08-09 09:41 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2018-09-13 00:32 - 2018-08-09 09:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-09-13 00:32 - 2018-08-09 09:38 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-13 02:19 - 2018-02-10 04:57 - 000000000 ____D C:\Users\hp\AppData\Roaming\BitTorrent 2018-10-13 02:18 - 2018-04-12 05:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-10-13 02:13 - 2018-02-10 04:39 - 000000000 ____D C:\Users\hp\AppData\Local\Free Download Manager 2018-10-13 01:57 - 2018-04-12 05:00 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-10-13 01:46 - 2018-07-13 00:42 - 000004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C56856DE-1E7F-4CF7-8BF0-3A0B75BA9E47} 2018-10-13 00:44 - 2018-06-20 20:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-10-12 22:00 - 2018-06-20 20:28 - 000000000 ____D C:\Users\hp 2018-10-12 22:00 - 2018-02-09 19:28 - 000000000 __SHD C:\Users\hp\IntelGraphicsProfiles 2018-10-07 17:09 - 2018-06-20 20:53 - 000004212 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-10-07 06:54 - 2017-05-19 00:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-10-04 22:44 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-10-04 18:01 - 2018-04-12 05:08 - 000000000 ___HD C:\Program Files\WindowsApps 2018-10-04 16:29 - 2018-02-10 05:06 - 000000000 ____D C:\Program Files\CCleaner 2018-10-04 14:14 - 2018-02-10 05:18 - 000000000 ____D C:\ProgramData\ProductData 2018-10-03 23:58 - 2018-02-09 23:26 - 000000000 ____D C:\WINDOWS\SHELLNEW 2018-10-03 21:07 - 2018-02-10 05:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-10-02 22:53 - 2018-04-19 10:34 - 000000000 ____D C:\Users\hp\AppData\Roaming\vlc 2018-10-02 19:54 - 2018-02-10 04:49 - 000000000 ____D C:\Program Files (x86)\VideoLAN 2018-10-02 19:32 - 2018-02-10 04:51 - 000000000 ____D C:\KMPlayer 2018-09-27 12:05 - 2018-06-29 21:55 - 000000000 ____D C:\ProgramData\Packages 2018-09-26 11:05 - 2018-02-10 03:04 - 000092496 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\llio.sys 2018-09-25 05:05 - 2017-03-19 02:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-09-25 00:15 - 2018-02-10 02:58 - 000000000 ____D C:\WINDOWS\system32\gprodat 2018-09-24 13:09 - 2018-06-20 20:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-09-24 12:58 - 2018-04-12 02:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2018-09-24 12:44 - 2017-05-19 00:47 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2018-09-24 12:44 - 2017-05-19 00:47 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2018-09-22 15:39 - 2018-02-09 19:33 - 000000000 ___RD C:\Users\hp\OneDrive 2018-09-22 14:24 - 2018-06-20 20:53 - 000004008 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2018-09-22 14:24 - 2018-06-20 20:53 - 000003776 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2018-09-22 13:08 - 2018-04-04 23:49 - 000000000 ____D C:\temp 2018-09-22 12:07 - 2018-04-12 02:34 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2018-09-22 11:58 - 2017-12-11 08:08 - 000000000 ____D C:\ProgramData\Realtek 2018-09-22 09:53 - 2018-06-20 20:53 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-09-22 09:10 - 2018-06-20 20:22 - 000411272 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-09-21 10:10 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-09-19 17:56 - 2018-06-20 20:53 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-177186563-2203864396-2981051637-1001 2018-09-19 17:56 - 2018-06-20 20:28 - 000002361 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-09-19 07:51 - 2018-02-25 01:22 - 000000000 ____D C:\Users\hp\AppData\Roaming\MPC-HC 2018-09-19 03:34 - 2018-02-10 04:16 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-19 03:34 - 2018-02-10 04:16 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-09-17 22:01 - 2018-06-20 20:28 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-09-17 22:01 - 2018-04-12 05:06 - 000000000 ____D C:\WINDOWS\INF 2018-09-15 13:54 - 2018-04-05 00:00 - 000000920 _____ C:\Users\hp\Desktop\BitTorrent.lnk 2018-09-15 13:54 - 2018-02-10 04:57 - 000000900 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2018-09-15 13:43 - 2018-08-12 06:28 - 000000000 ____D C:\Users\hp\AppData\Local\D3DSCache 2018-09-15 12:42 - 2018-02-20 20:36 - 000000000 ____D C:\Users\hp\AppData\Local\Packages 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\TextInput 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\bcastdvr 2018-09-13 02:50 - 2018-04-12 02:34 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-09-13 01:24 - 2018-06-20 20:53 - 000004594 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-09-13 01:23 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-09-13 01:23 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\Macromed ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-06-20 20:22 ==================== End of FRST.txt ============================ Addition.txt Link to post Share on other sites More sharing options...
nasdaq Posted October 13, 2018 ID:1275301 Share Posted October 13, 2018 Hi, Not sure you need these processes. Why are you running them? (Greatis Software, LLC) C:\Program Files (x86)\StopUpdates10\SU10Guard.exe () C:\Users\hp\Downloads\KillUpdate.exe R2 SU10Guard; C:\Program Files (x86)\StopUpdates10\SU10Guard.exe [67480 2018-10-04] (Greatis Software, LLC) StopUpdates10 version 2.0.32 (HKLM-x32\...\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1) (Version: 2.0.32 - Greatis Software) Task: {91647DAE-D05D-4422-B69A-4840BC2E2AF6} - System32\Tasks\Kill-Update => C:\Users\hp\Downloads\KillUpdate.exe [2018-10-05] () === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === This may mean nothing but do you see this error notification when it occurs? Quoted from your Addition.txt log. Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Searching for this error I found this article. StopUpdates10 version 2.0.32 (HKLM-x32\...\{C186B659-50F8-4F40-9822-2B1163AAAEF2}_is1) (Version: 2.0.32 - Greatis Software) hi joydeep mam run sfc /scannow and dism restore health and run apps troubleshooter and issues got fixed. If you do get notified we may have to proceed with the solution found on the topic. Let me know. === Please post the Fixlog.txt and let me know if of any remaining issues? fixlist.txt Link to post Share on other sites More sharing options...
RayRay26 Posted October 19, 2018 Author ID:1276518 Share Posted October 19, 2018 On 10/13/2018 at 9:04 PM, nasdaq said: Not sure you need these processes. Why are you running them? Actually, these two I've recently installed to block the Windows 10 October Update temporarily. The Windows update came with a horrible file deleting bug, as you must know, and my data hasn't been backed up yet, and I couldn't back up because malware could be there on my PC and you told me to run the FRST scan first before suggesting how I should back up my data. Also, the update is causing BSOD on HP computers and mine is HP, so I don't want to install the update until all the bugs are fixed. Windows 10 Home doesn't really give you a choice to block updates, so I installed these two programs to give me some protection. Do they seem malicious? I found them suggested in the windows central site, so I thought they would be okay. I can uninstall them as soon as I back up my data. On 10/13/2018 at 9:04 PM, nasdaq said: This may mean nothing but do you see this error notification when it occurs? I haven't seen an error notification pop up on my screen about this, but it seems to be related to the StopUpdates process? It will go away probably when I uninstall the program. Please do suggest how I can backup safely at this point. With the Windows update, it is worrying me even more. I will run the fixlist and post back the logs asap. Thank you very much. Link to post Share on other sites More sharing options...
RayRay26 Posted October 19, 2018 Author ID:1276524 Share Posted October 19, 2018 UPDATE: Okay, two things happened today. 1) After my installed AV, Quick Heal finished its daily update today, it immediately detected a trojan.IGeneric. The file that was detected was actually the older version of program that has since been updated. I didn't even know that the older versions got stored in the Updates folder even after the program has been updated. I deleted all the other older versions that had been there in the folder, keeping only the current .exe file. Don't know how the program got infected as such, maybe it became vulnerable somehow. My AV automatically updates daily, and it only detected the file today, so does that mean the infection only happened recently? I have run full scans with my AV only a few days ago and back then it detected nothing. Don't know what to make of this, waiting for your opinion. 2) I use an internet download manager for downloading my files, namely the Free Download Manager. I've used this program for years now, never ran into any problems with it. However, today, I opened my task manager and saw FDM eating up a lot of CPU power. And the application wasn't even open. Even when it is open and downloading something, it never uses this much CPU. My CPU process was upto 70% and I was forced to delete all files associated with the program. Again, totally clueless about this sudden behaviour. Please guide me as to how to proceed. Link to post Share on other sites More sharing options...
nasdaq Posted October 20, 2018 ID:1276643 Share Posted October 20, 2018 Hi, My AV automatically updates daily, and it only detected the file today, so does that mean the infection only happened recently? The reason we have AV install is to protect us. These programs are updated by the vendor on a daily basis. If you feel that what is found is a false positive you can scan the file problematic file at VirusTotal https://www.virustotal.com/#/home/upload If the file comes out clean then you can contact your vendor and submit the file for their review. If it comes clean then they will update their database. I did say earlier that you were using a P2P Utorrent. If you download and run the AdwCleaner program that will possibly be identified as Potentially Unwanted Program. It's your decision if you want to keep it. Please download AdwCleaner by Xplode onto your Desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Click the LogFile button and the report will open in Notepad. IMPORTANT If you click the Clean button all items listed in the report will be removed. If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Check off the element(s) you wish to keep. Click on the Clean button follow the prompts. A log file will automatically open after the scan has finished. Please post the content of that log file with your next answer. You can find the log file at C:\AdwCleanerCx.txt (x is a number). === Link to post Share on other sites More sharing options...
RayRay26 Posted October 22, 2018 Author ID:1276971 Share Posted October 22, 2018 Hello, I do not think what my AV detected was a false positive. The AV deleted the file in question, so I wasn't able to directly upload it to virustotal, however, since it was a legitimate program file, I was able to download the same file from the internet, and run a scan with my AV again. It did not detect it, which means the program itself is not malicious, but something on my computer infected it. Meanwhile, More threats and odd behaviour. 1) Ran a full scan with my AV after the last trojan I told you about was detected, and the scan detected another Trojan.IGeneric in the D drive this time, which is my recovery partition. The path of the file was as follows - D:\preload\install17.swm/noname.xmp/PDMgr.dll D drive is my Windows Recovery Partition, and I do not how it got infected. Again, when I had run a full scan with my AV only a few days ago, this had not been detected. 2) Whenever I open Google Chrome, my CPU spikes up to 100%, with Chrome eating up unusually high cpu power, around 60-70%. However, this only lasts for a few short seconds. Once the browser has fully loaded, the CPU usage slowly drops down to a minimal 17-20%. Is this normal, or is this a sign that Chrome has been infected by malware? --------------------------------------------------------------------------------------------------------------------------------------------------------------- ****************************************************************************************************** --------------------------------------------------------------------------------------------------------------------------------------------------------------- As you advised, I ran a scan with AdwCleaner, it didn't detect Bittorrent (at least from what I could decipher from the log file, which is not much. However, I will still uninstall Bittorrent once the computer has been cleaned otherwise.) I did not clean any of the files detected by the Cleaner, because I could see some Microsoft and Internet Explorer files in it, and something called pens n paper and I don't understand what any of that means, so I decided it was better to let you review everything on the list and then remove them. Please find the AdwCleaner log file below and let me know if it's safe to remove all entries listed. AdwCleaner Log: # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-25-2018 # Database: 2018-09-21.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 10-22-2018 # Duration: 00:00:26 # OS: Windows 10 Home Single Language # Scanned: 42056 # Detected: 20 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.AdvancedSystemCare C:\Users\hp\AppData\LocalLow\IObit\Advanced SystemCare ***** [ Files ] ***** PUP.Optional.Shopper C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Citrio.lnk ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy HKCU\Software\SpeedBit PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F} PUP.Optional.Legacy HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F} PUP.Optional.SafePCKit HKCU\Software\Sunisoft PUP.Optional.Shopper HKCU\Software\CatalinaGroup PUP.Optional.Shopper HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13660822-39AC-408C-BA99-702EBEE3EF26} PUP.Optional.Shopper HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6} PUP.Optional.Shopper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6} PUP.Optional.Shopper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{841F4080-C687-4E9C-BD6E-EB5EECF4FAE6} PUP.Optional.Shopper HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71216BD6-4D03-4387-BD01-7FE8D9512541} PUP.Optional.Shopper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{71216BD6-4D03-4387-BD01-7FE8D9512541} PUP.Optional.Shopper HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71216BD6-4D03-4387-BD01-7FE8D9512541} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** PUP.Optional.SafeFinder pens n paper ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## -------------------------------------------------------------------------------------------------------------------------------------------------------- ************************************************************************************************** ---------------------------------------------------------------------------------------------------------------------------------------------------------- I don't know how each day these new threats are being detected by my AV, but it can only mean there is more malware in my PC. Please suggest the next step and a safe backup option for my data. Thank you very much for your time. Link to post Share on other sites More sharing options...
nasdaq Posted October 23, 2018 ID:1277211 Share Posted October 23, 2018 Hi, Whenever I open Google Chrome, my CPU spikes up to 100%, with Chrome eating up unusually high cpu power, around 60-70%. However, this only lasts for a few short seconds. Once the browser has fully loaded, the CPU usage slowly drops down to a minimal 17-20%. Is this normal, or is this a sign that Chrome has been infected by malware? Your copy of Chrome has been compromised Remove Chrome from your Computer and reinstall a fresh copy later. If you remove the syncing of your account you must remove it before you save your bookmarks etc... Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ Before you remove Chrome Export your Bookmarks Chrome will export your bookmarks as a HTML file, which you can then import into another browser. How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks Before you remove Chrome Export your Passwords How to export your saved passwords from Chromehttps://betanews.com/2018/03/09/export-chrome-passwords/ Clear your Chrome cache and cookieshttps://support.google.com/chromebook/answer/183083?hl=en Remove Chrome using the the instructions on this page.https://support.google.com/chrome/answer/95319?hl=en Re-install Chrome and the Bookmarks. <<<>>> If not already done please run the AdwCleaner tool and delete all the entries that will be found. Run the program one more time and post the clean log for my review. === --RogueKiller-- Download & SAVE to your Desktop Download RogueKiller Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or above, right-click the program file and select "Run as Administrator" Accept the user agreements. Execute the scan and wait until it has finished. If a Windows opens to explain what [PUM's] are, read about it. Click the RoguKiller icon on your taksbar to return to the report. Click open the Report Click Export TXT button Save the file as ReportRogue.txt Click the Remove button to delete the items in RED Click Finish and close the program. Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next. ======= I keep all my important files and 3rd party programs in an External Drive. You can if you wish use a Flash drive or CDs. Let me know what problem persists. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 7, 2018 Root Admin ID:1285431 Share Posted December 7, 2018 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts