GMER stopping mid scan

RayRay26 · September 24, 2018

Posted Yesterday, 01:59 PM

I'm a completely novice computer user. Recently, I have been having some malware issues on my PC which is Windows 10. I already have an antivirus, Quick Heal Total Security, and recently, it detected a Coinhive mining malware on my computer, plus, it keeps showing pop up windows that it has blocked access to multiple harmful websites even when I'm accessing reliable websites like Amazon and others. I researched a bit on the Coinhive virus and found out some serious things, and so I'm currently scanning my computer for all kinds of malware, spyware, adware, rootkits using a variety of tools just to be safe. I know I'm being paranoid, but better be paranoid than have my personal data compromised.

So far, I've used Malwarebytes to run a full system scan, TDSSKiller for rootkits, and a full system scan by my installed antivirus. All three of them came up clean after that one Coinhive virus was removed. I'm also planning to use more scanners like AdW, ESET, Rkill, as many as I have found to be on the safe side.

Now, I started running a scan with GMER for rootkits today, in safe mode, however, the first time, mid-scan, the window just disappeared off the screen. I ran it a second time, and it only showed two entries in the log list before a message was displayed that my system had run into an error and needed to restart. I booted the computer into safe mode once again and started GMER for the third time, and same thing happened. Two logs, then mid-scan, same error message and restart.

So, now I'm thinking I do have a rootkit that is stopping GMER from running a scan. I really don't know what to do right now. I also know that GMER is supposed to be for advanced users only, but my plan was to just get the results, save them and then show them to an expert, either here or if not possible, then to someone I know. However, given the fact that the scan won't even get halfway through, I don't know what to do.

Would be grateful if someone could point me in the right direction. GMER not being able to complete the scan does mean that I have some kind of rootkit stopping it from working, right? Or could there be any other reasons for that?

Thank you very much.

P.S. I know I need to backup my data before I run any tools recommended by experts here, but I'm actually worried about infecting my backup as well.

As I have already mentioned before, my computer was infected by a coinhive mining virus before, and even though it's removed now, I haven't deleted any old system restore points or registry files so it's possible the virus still persists. Plus, since my computer may have other kinds of malware right now including rootkits, if I try to back up my data now, isn't there a good possibility that I'm also infecting my back up? I back up all my data on an external hard drive, and they are even more susceptible to infection, just by plugging it in to my computer right now could transmit the malware. So, if in the end of the malware removal process, I lose some of my data and have to restore it from my backup, am I facing a chance of re-infection and also damage to my external hard drive? If so, then could you please suggest a safe way to backup all of my data? My data does not contain any applications or program files, it's only composed of documents, videos, music and images which are all stored in D and E drives, I'm not going to be backing up anything from C drive.

Is there no way to safely backup, or backup in a way so that when I restore it back on the clean PC, it does not reinfect? Because I currently have some important files on my computer that I can't lose, I know there is no 100% guaranteed way that if I backup it won't be infected, but how should I reduce the risks? I don't want to lose any files by running scans with the anti-malware tools, so please point me in the right direction of backing up my files relatively safely before I can use the suggested tools and post the logs.

Please suggest a safe backup method so I can proceed with the removal process.

nasdaq · September 25, 2018

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let start with this and see what we can find.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Wait for further instructions

RayRay26 · September 26, 2018

Okay, I'll do it immediately.

Just want to clarify couple of things first. I have a Bittorrent client, namely the bittorrent.exe or utorrent client on my computer. However, point to be noted, I don't use this client anymore. I used to use it to download torrents, but then I found out that AV companies were flagging it as harmful for the computer, and I immediately tried scanning with Malwarebytes and my installed AV so that it would weed out all traces of the application from my computer, but neither of those things flagged it as a virus. I can totally uninstall it, but my only question is, if it's bundled up with malware, will simply uninstalling the application be enough to wipe out all traces of it from my computer? If yes, then I can uninstall it right away, and if needed, I can also delete any files left behind by it but you'll have to guide me a bit regarding that.

Second, while running FRST, do I need to disable my installed AV? Will it interfere in any way?

And last but not least, I don't know much about what the FRST does, so have to ask this, will running a scan with this tool cause any malware present on my computer to counter-react, therefore posing the risk of me losing my personal data? What I mean is, right now I have absolutely no recent backup of my data, so if I run this tool wthout backing up, is there a chance I might potentially lose some important files? I'm only asking this because I'm not sure what FRST does, and I know malware removal tools can actually end up harming some data in the process.

Thank you so much. Sorry if I'm asking too many questions, just want to be thorough about everything.

nasdaq · September 26, 2018

Hi.

Bittorrent is P2P download manager.

It's a PUP (Potentially Unwanted Programs) use it at your own risk.

Anything downloaded with it should be check with Virus total to find out if it carries malware.

Link.

https://www.virustotal.com/#/home/upload

===

FRST will not delete anything.

It will only scan the computer and report.

RayRay26 · September 28, 2018

Okay, please allow me a couple of days time to post back the logs. Currently in a bit of a situation, will do it positively in a couple days. Sorry for the delay and thank you for your time.

nasdaq · September 29, 2018

Hi,

No problems.

RayRay26 · October 2, 2018

Started the scan, was facing a few issues with the computer that's why the delay. Will post back the logs in a few hours once the scan completes.

RayRay26 · October 13, 2018

Farber Recovery Tool Logs Below.

Note: The List BCD, Drivers MD5, Shortcut.txt and 90 Days Files options were unchecked while scanning.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by hp (administrator) on LAPTOP-DO1RT005 (13-10-2018 02:16:54)
Running from C:\Users\hp\Desktop
Loaded Profiles: hp (Available Profiles: hp)
Platform: Windows 10 Home Single Language Version 1803 17134.285 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\scsecsvc.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE
() C:\Program Files\Quick Heal\Quick Heal Total Security\BSSISS.EXE
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki121190.inf_amd64_47cec0e8450d81b4\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\OPSSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\qhpisvr.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.EXE
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\emlproxy.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\scanwscs.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Greatis Software, LLC) C:\Program Files (x86)\StopUpdates10\SU10Guard.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki121190.inf_amd64_47cec0e8450d81b4\igfxEM.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\BitTorrent.exe
(BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\updates\7.10.4_44633\bittorrentie.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(BitTorrent Inc.) C:\Users\hp\AppData\Roaming\BitTorrent\updates\7.10.4_44633\bittorrentie.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\sapissvc.exe
() C:\Users\hp\Downloads\KillUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9216000 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [224384 2017-06-15] (Quick Heal Technologies Ltd.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-21] (HP Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [10150912 2018-02-22] (FreeDownloadManager.org)
HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)
HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\Run: [BitTorrent] => C:\Users\hp\AppData\Roaming\BitTorrent\BitTorrent.exe [1989824 2018-10-10] (BitTorrent Inc.)
HKU\S-1-5-21-177186563-2203864396-2981051637-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [1454592 2018-09-13] (Adobe Systems Incorporated)
IFEO\dismHost.exe: [Debugger] nul
IFEO\EOSNOTIFY.EXE: [Debugger] nul
IFEO\InstallAgent.exe: [Debugger] nul
IFEO\MusNotification.exe: [Debugger] nul
IFEO\remsh.exe: [Debugger] nul
IFEO\SIHClient.exe: [Debugger] nul
IFEO\UpdateAssistant.exe: [Debugger] nul
IFEO\UsoClient.exe: [Debugger] nul
IFEO\WaaSMedic.exe: [Debugger] nul
IFEO\Windows10Upgrade.exe: [Debugger] nul
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] nul
Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{5d7ec3e3-d1b0-4ab1-9443-f700c0927a7a}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{e73291ed-557f-433c-9647-50f919fe0057}: [NameServer] 72.16.0.1,4.2.2.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-177186563-2203864396-2981051637-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-177186563-2203864396-2981051637-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-07] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-07] (HP Inc.)
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-07] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)

Edge:
======
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.48.0_neutral__8wekyb3d8bbwe [2018-07-22]

FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-177186563-2203864396-2981051637-1001: @catalinahub.com/CatalinaGroup Update;version=3 -> C:\Users\hp\AppData\Local\CatalinaGroup\Update\1.3.25.213\npCatalinaUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-177186563-2203864396-2981051637-1001: @catalinahub.com/CatalinaGroup Update;version=9 -> C:\Users\hp\AppData\Local\CatalinaGroup\Update\1.3.25.213\npCatalinaUpdate3.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2018-10-13]
CHR Extension: (Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-10]
CHR Extension: (Free Download Manager) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2018-08-04]
CHR Extension: (Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-10]
CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-10]
CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-10]
CHR Extension: (uBlock Origin) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-26]
CHR Extension: (Tampermonkey) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-08-12]
CHR Extension: (Adobe Acrobat) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-10]
CHR Extension: (Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-10]
CHR Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Temporary Bookmarks) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gicpnnockilhclmgekhdnnjokdmlfhmk [2018-09-01]
CHR Extension: (No Coin - Block miners on the web!) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojamcfopckidlocpkbelmpjcgmbgjcl [2018-09-26]
CHR Extension: (Selectable - for fanfiction.net and more) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcidlhgdoojamkbpmhbpgldmajnobefd [2018-06-11]
CHR Extension: (Disconnect) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2018-09-26]
CHR Extension: (Video DownloadHelper) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2018-09-20]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-10-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-10]
CHR Extension: (Chrome Media Router) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]
CHR Extension: (Privacy Badger) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2018-10-07]
CHR HKU\S-1-5-21-177186563-2203864396-2981051637-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE [80000 2018-08-06] (Quick Heal Technologies Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [38512 2018-08-09] (Quick Heal Technologies Ltd.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [134624 2017-04-15] (Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [67200 2018-06-04] (Quick Heal Technologies Ltd.)
S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [339056 2018-08-06] (Quick Heal Technologies Ltd.)
R3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [339056 2018-08-06] (Quick Heal Technologies Ltd.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-10] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2210936 2017-02-09] (Intel Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-08] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-02] (HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-04] (HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-09-21] (Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-09-21] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [196200 2017-02-20] (Intel Corporation)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [71808 2017-06-15] (Quick Heal Technologies Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [173184 2017-07-04] (Quick Heal Technologies Ltd.)
R2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [43136 2018-02-10] (Quick Heal Technologies Ltd.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-13] (Realtek Semiconductor)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [367136 2018-06-20] (Quick Heal Technologies Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [638576 2018-02-10] (Quick Heal Technologies Ltd.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SU10Guard; C:\Program Files (x86)\StopUpdates10\SU10Guard.exe [67480 2018-10-04] (Greatis Software, LLC)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-08-24] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 arwflt; C:\WINDOWS\System32\DRIVERS\arwflt.sys [107592 2018-08-06] (Quick Heal Technologies Ltd.)
R3 atkldrvr; C:\WINDOWS\System32\DRIVERS\atkldrvr.sys [57144 2017-04-27] (Quick Heal Technologies Ltd.)
R1 bdsflt; C:\WINDOWS\System32\DRIVERS\bdsflt.sys [406648 2018-08-09] (Quick Heal Technologies Ltd.)
R2 bdsnm; C:\WINDOWS\system32\DRIVERS\bdsnm.sys [49960 2018-08-09] (Quick Heal Technologies Ltd.)
R3 bsfs; C:\WINDOWS\System32\DRIVERS\bsfs.sys [96784 2018-02-10] (Quick Heal Technologies Ltd.)
R2 catflt; C:\WINDOWS\System32\DRIVERS\catflt.sys [158576 2017-05-23] (Quick Heal Technologies Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67976 2017-02-09] (Intel Corporation)
S0 elamdrv; C:\WINDOWS\System32\DRIVERS\elamdrv.sys [37536 2016-01-25] (Quick Heal Technologies Ltd.)
R2 emlssx; C:\WINDOWS\system32\DRIVERS\emlssx.sys [39792 2016-04-12] (Quick Heal Technologies Ltd.)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355208 2017-02-09] (Intel Corporation)
R1 ggc; C:\WINDOWS\System32\DRIVERS\ggc.sys [95736 2018-05-31] (Quick Heal Technologies Ltd.)
R3 kbfltr; C:\WINDOWS\system32\DRIVERS\kbfltr.sys [39152 2017-04-27] (Quick Heal Technologies Ltd.)
S3 llio; C:\windows\system32\DRIVERS\llio.sys [92496 2018-09-26] (Quick Heal Technologies Ltd.)
S0 mscank; C:\WINDOWS\System32\DRIVERS\mscank.sys [62344 2017-04-27] (Quick Heal Technologies Ltd.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-14] (Realtek )
S3 RT8723DE; C:\WINDOWS\System32\drivers\rtl8723de.sys [6763672 2017-04-28] (Realtek Semiconductor Corporation )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [723920 2017-07-20] (Realtek Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-04-27] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6895984 2017-08-17] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [45144 2017-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [46680 2017-08-24] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
R0 webssx; C:\WINDOWS\System32\drivers\webssx8.sys [104496 2018-06-04] (Quick Heal Technologies Ltd.)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-13 02:16 - 2018-10-13 02:18 - 000024214 _____ C:\Users\hp\Desktop\FRST.txt
2018-10-13 02:15 - 2018-10-13 02:16 - 000000000 ____D C:\FRST
2018-10-13 02:14 - 2018-10-13 02:14 - 002414592 _____ (Farbar) C:\Users\hp\Desktop\FRST64.exe
2018-10-12 22:00 - 2018-10-12 22:00 - 000000000 ___HD C:\Users\hp\ScStore
2018-10-10 04:02 - 2018-10-12 22:01 - 000000000 ____D C:\Users\hp\AppData\LocalLow\BitTorrent
2018-10-07 06:55 - 2018-10-07 06:55 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-10-07 06:55 - 2018-10-07 06:55 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-10-07 06:55 - 2018-10-07 06:55 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-10-07 06:55 - 2018-10-07 06:55 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-10-07 06:55 - 2018-10-07 06:55 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-10-07 06:55 - 2018-10-07 06:55 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-10-07 06:55 - 2018-10-07 06:55 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-07 06:55 - 2018-10-07 06:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-10-06 05:59 - 2018-10-06 06:00 - 000112845 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E04.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to].torrent
2018-10-06 02:32 - 2018-10-06 02:32 - 000000000 ____D C:\Users\hp\AppData\Local\ElevatedDiagnostics
2018-10-06 02:29 - 2018-10-06 02:29 - 000046682 _____ C:\Users\hp\Downloads\wushowhide.diagcab
2018-10-06 01:23 - 2018-10-06 01:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StopUpdates10
2018-10-06 01:22 - 2018-10-07 19:42 - 000000000 ____D C:\Program Files (x86)\StopUpdates10
2018-10-06 01:19 - 2018-10-04 23:36 - 001325560 _____ (Greatis Software ) C:\Users\hp\Downloads\stopupdates10setup.exe
2018-10-05 02:57 - 2018-10-05 08:13 - 000003084 _____ C:\WINDOWS\System32\Tasks\Kill-Update
2018-10-05 02:56 - 2018-10-05 02:56 - 000000000 ____D C:\Users\hp\AppData\Roaming\Kill-Update
2018-10-05 02:53 - 2018-10-05 02:53 - 000274952 _____ () C:\Users\hp\Downloads\KillUpdate (2).exe
2018-10-05 02:38 - 2018-10-05 02:38 - 000274952 _____ () C:\Users\hp\Downloads\KillUpdate.exe
2018-10-05 02:05 - 2018-10-05 02:05 - 001611639 _____ C:\Users\hp\Downloads\stopupdates10portable (1).zip
2018-10-05 01:41 - 2018-10-05 01:41 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-177186563-2203864396-2981051637-1001
2018-10-04 23:36 - 2018-10-04 23:36 - 001298187 _____ C:\Users\hp\Downloads\stopupdates10.zip
2018-10-04 16:50 - 2018-10-04 16:50 - 000000000 ____D C:\Users\hp\AppData\Roaming\IObit
2018-10-04 14:08 - 2018-10-04 14:08 - 000000000 ____D C:\Program Files (x86)\IObit
2018-10-04 00:15 - 2018-10-04 00:15 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (3).torrent
2018-10-04 00:14 - 2018-10-04 00:14 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent
2018-10-03 23:56 - 2018-10-03 23:56 - 000000000 ___RD C:\Users\hp\Documents\Notes
2018-10-03 20:59 - 2018-10-03 20:59 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent
2018-10-03 18:32 - 2018-10-03 18:32 - 000121445 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to] (1).torrent
2018-10-03 02:44 - 2018-10-03 02:44 - 000125310 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.1080p.HDTV.x264-MTB[rartv]-[rarbg.to].torrent
2018-10-03 02:42 - 2018-10-03 02:42 - 000121445 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E03.INTERNAL.1080p.HDTV.x264-FaiLED[rartv]-[rarbg.to].torrent
2018-10-03 02:40 - 2018-10-03 02:40 - 000160084 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E01.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent
2018-10-03 00:25 - 2018-10-03 00:25 - 000088014 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E02.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent
2018-10-02 21:32 - 2018-10-03 00:15 - 2414105171 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.The.Fourth.Of.July.1080p.STAN.WEB-DL.DDP5.1.H264-SiGMA.mkv
2018-10-02 21:32 - 2018-10-02 21:32 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (4).torrent
2018-10-02 21:31 - 2018-10-02 21:31 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (3).torrent
2018-10-02 20:11 - 2018-10-02 20:11 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent
2018-10-02 20:05 - 2018-10-02 20:05 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent
2018-10-02 19:58 - 2018-10-02 19:58 - 000084428 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E04.Family.Matters.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent
2018-10-02 19:54 - 2018-10-02 19:54 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-10-02 19:54 - 2018-10-02 19:54 - 000000000 ____D C:\Program Files\VideoLAN
2018-10-02 19:50 - 2018-10-02 19:52 - 041486400 _____ C:\Users\hp\Downloads\vlc-3.0.4-win64.exe
2018-10-02 19:36 - 2018-10-02 19:36 - 000000000 ____D C:\Users\hp\AppData\Roaming\KMP
2018-10-02 19:33 - 2018-10-02 19:33 - 000000898 _____ C:\Users\hp\Desktop\KMPlayer 64X.lnk
2018-10-02 19:33 - 2018-10-02 19:33 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KMPlayer 64X
2018-10-02 19:21 - 2018-10-02 19:32 - 000000000 ____D C:\Program Files\KMPlayer 64X
2018-10-02 17:31 - 2018-10-02 17:31 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (2).torrent
2018-10-02 17:28 - 2018-10-02 17:28 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to].torrent
2018-10-02 16:47 - 2018-10-02 16:47 - 000092716 _____ C:\Users\hp\Downloads\The.Truth.About.the.Harry.Quebert.Affair.S01E03.1080p.STAN.WEBRip.DDP5.1.x264-SiGMA[rartv]-[rarbg.to] (1).torrent
2018-09-29 01:59 - 2018-10-04 02:37 - 000000000 ____D C:\Users\hp\Downloads\HQ
2018-09-29 01:55 - 2018-09-28 16:44 - 000066206 ____N C:\Users\hp\Downloads\the.truth.about.the.harry.quebert.affair.s01e02.hdtv.x264-mtb.srt
2018-09-29 01:53 - 2018-09-29 01:53 - 000025101 _____ C:\Users\hp\Downloads\94234-the-truth-about-the-harry-quebert-affair-s01e02-[English-subtitles.org].zip
2018-09-28 16:13 - 2018-09-28 16:54 - 000110547 _____ C:\Users\hp\Downloads\Flypaper.2011.720p.BrRip.x264.YIFY.srt
2018-09-28 16:12 - 2018-09-28 17:08 - 578713985 _____ C:\Users\hp\Downloads\Flypaper.2011.720p.BrRip.x264.YIFY.mp4
2018-09-28 16:06 - 2018-09-28 16:06 - 000011887 _____ C:\Users\hp\Downloads\Flypaper (2011) [BluRay] [720p] [YTS.AM].torrent
2018-09-26 16:04 - 2018-09-26 16:04 - 000014014 _____ C:\Users\hp\Downloads\a-discovery-of-witches_english-1847411.zip
2018-09-26 14:12 - 2018-10-02 21:33 - 000000030 _____ C:\Users\hp\Downloads\RARBG.txt
2018-09-24 13:09 - 2018-09-24 13:09 - 000000000 ___HD C:\ProgramData\temp
2018-09-24 12:44 - 2018-09-28 16:30 - 000000000 ____D C:\WINDOWS\Minidump
2018-09-24 12:31 - 2018-09-24 12:32 - 000380928 _____ C:\Users\hp\Downloads\vz6qpidg.exe
2018-09-24 12:25 - 2018-09-24 12:28 - 000299650 _____ C:\TDSSKiller.3.1.0.17_24.09.2018_12.25.23_log.txt
2018-09-24 12:18 - 2018-09-24 13:07 - 000445636 _____ C:\WINDOWS\ntbtlog.txt
2018-09-24 12:18 - 2018-09-24 12:59 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-09-24 11:23 - 2018-09-24 11:26 - 000000000 ____D C:\Users\hp\Documents\#2 Softwares to search for stored Passwords in Windows
2018-09-22 16:39 - 2018-09-22 16:40 - 002771496 _____ C:\Users\hp\Downloads\avast_secure_browser_setup.exe
2018-09-22 10:01 - 2018-09-22 10:01 - 000000000 _____ C:\Users\hp\Downloads\migrate
2018-09-22 07:14 - 2018-09-22 07:14 - 000000000 ___HD C:\OneDriveTemp
2018-09-21 14:37 - 2018-09-21 14:37 - 000060314 _____ C:\Users\hp\Downloads\[limetorrents.info]No.Reservations[2007]DvDrip[Eng]-FXG (1).torrent
2018-09-21 14:14 - 2018-09-21 14:14 - 000060314 _____ C:\Users\hp\Downloads\[limetorrents.info]No.Reservations[2007]DvDrip[Eng]-FXG.torrent
2018-09-21 14:05 - 2018-09-21 14:05 - 000057105 _____ C:\Users\hp\Downloads\No.Reservations[2007]DvDrip[Eng]-FXG.torrent
2018-09-21 14:00 - 2018-09-21 14:00 - 000014829 _____ C:\Users\hp\Downloads\Something Borrowed (2011) [BluRay] [720p] [YTS.AM] (1).torrent
2018-09-21 13:59 - 2018-09-21 13:59 - 000014829 _____ C:\Users\hp\Downloads\Something Borrowed (2011) [BluRay] [720p] [YTS.AM].torrent
2018-09-21 13:52 - 2018-09-21 13:52 - 000013705 _____ C:\Users\hp\Downloads\Made of Honor (2008) [BluRay] [720p] [YTS.AM].torrent
2018-09-21 13:32 - 2018-10-13 00:26 - 000000000 ____D C:\Users\hp\Documents\#1 Priority Movies
2018-09-21 13:32 - 2018-09-21 13:32 - 000000714 _____ C:\Users\hp\Documents\Music - Shortcut.lnk
2018-09-21 06:12 - 2018-09-21 06:12 - 001474296 _____ C:\Users\hp\Downloads\segment-4-v1-a1.ts
2018-09-21 03:38 - 2018-09-21 03:38 - 000000000 ____D C:\Users\hp\AppData\Roaming\WinRAR
2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-09-21 03:37 - 2018-09-21 03:37 - 000000000 ____D C:\Program Files\WinRAR
2018-09-21 03:36 - 2018-09-21 03:36 - 003110776 _____ (Alexander Roshal) C:\Users\hp\Downloads\winrar-x64-560.exe
2018-09-21 02:37 - 2018-09-21 02:37 - 010398952 ____N ( ) C:\Users\hp\Downloads\yodot-rar-repair.exe
2018-09-21 02:10 - 2013-11-21 09:40 - 410785946 _____ C:\Users\hp\Downloads\Bank Robber (1993).avi
2018-09-20 23:25 - 2018-09-21 00:31 - 410786119 _____ C:\Users\hp\Downloads\Ba93rob.part3.rar
2018-09-20 22:55 - 2018-09-20 22:55 - 000000000 ____D C:\Users\hp\Documents\Bandicam
2018-09-20 22:51 - 2018-09-20 22:53 - 017477064 _____ (Bandicam Company) C:\Users\hp\Downloads\bdcamsetup.exe
2018-09-20 22:31 - 2018-09-20 22:33 - 017327632 _____ (Remo Software ) C:\Users\hp\Downloads\remo-repair-avi.exe
2018-09-20 22:20 - 2018-09-20 22:20 - 000000000 _RSHD C:\ProgramData\Key-Base
2018-09-20 22:20 - 2018-09-20 22:20 - 000000000 ____D C:\ProgramData\{FA8C6B5E-65E7-1B9C-CB74-7C140A269F45}
2018-09-20 22:18 - 2018-09-20 22:18 - 021187224 _____ (Stellar Information Technology Pvt Ltd ) C:\Users\hp\Downloads\StellarPhoenixVideoRepair.exe
2018-09-20 21:06 - 2018-09-20 22:41 - 000000000 ____D C:\Users\hp\Documents\My DAP Downloads
2018-09-20 21:05 - 2018-09-20 21:05 - 000172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\WINDOWS\SysWOW64\AniGIF.ocx
2018-09-20 21:04 - 2018-09-20 21:04 - 010818216 _____ C:\Users\hp\Downloads\dap10_full (1).exe
2018-09-20 20:29 - 2018-09-20 20:39 - 087474376 _____ (WonderFox Soft, Inc.) C:\Users\hp\Downloads\hd-video-converter-pro.exe
2018-09-20 19:38 - 2018-09-20 19:38 - 000000025 _____ C:\WINDOWS\libem.INI
2018-09-20 19:38 - 2018-09-20 19:38 - 000000000 ____D C:\Users\hp\AppData\Roaming\BITS
2018-09-20 19:28 - 2018-09-20 19:30 - 000000159 _____ C:\Users\hp\Downloads\Try it.mp4
2018-09-20 19:20 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Pt. 2.avi
2018-09-20 18:18 - 2018-09-20 19:19 - 524288000 _____ C:\Users\hp\Downloads\Ba93rob.part2 (1).rar
2018-09-20 18:08 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Copy.avi
2018-09-20 17:02 - 2013-11-21 09:40 - 524287882 _____ C:\Users\hp\Downloads\Bank Robber (1993) - Pt. 1.avi
2018-09-20 15:35 - 2018-09-20 17:02 - 524288000 _____ C:\Users\hp\Downloads\Ba93rob.part1.rar
2018-09-20 15:28 - 2018-09-20 15:29 - 007662969 _____ C:\Users\hp\Downloads\videoplayback.mp4
2018-09-20 14:37 - 2018-09-20 14:37 - 005737217 _____ C:\Users\hp\Downloads\video.mp4
2018-09-20 14:15 - 2018-09-20 14:16 - 921718039 _____ C:\Users\hp\Downloads\CPs0ZJ29wP3f8FD.mp4.fdmdownload
2018-09-20 13:49 - 2018-09-20 13:50 - 000000000 ____D C:\Users\hp\dwhelper
2018-09-20 13:20 - 2018-09-20 13:20 - 000092138 _____ C:\Users\hp\Downloads\2552 (1) [SubtitleTools.com].srt
2018-09-20 13:18 - 2018-09-20 13:18 - 000086792 _____ C:\Users\hp\Downloads\2552 (2).vtt
2018-09-20 13:02 - 2018-09-20 13:02 - 000086792 _____ C:\Users\hp\Downloads\2552.vtt
2018-09-20 12:46 - 2018-09-20 12:47 - 000245340 _____ C:\Users\hp\Downloads\480-0089.ts
2018-09-19 07:12 - 2018-09-19 07:12 - 000021223 _____ C:\Users\hp\Downloads\Hacksaw Ridge (2016) [BluRay] [720p] [YTS.AM].torrent
2018-09-19 05:32 - 2018-10-06 06:58 - 000000000 ____D C:\Users\hp\Downloads\Discovery of Witches
2018-09-19 03:53 - 2018-09-19 03:53 - 000133830 _____ C:\Users\hp\Downloads\A.Discovery.Of.Witches.S01E01.1080p.HDTV.x264-MTB[rartv]-[rarbg.to].torrent
2018-09-18 05:33 - 2018-09-18 05:33 - 000033761 _____ C:\Users\hp\Downloads\Everything, Everything (2017) [BluRay] [720p] [YTS.AM].torrent
2018-09-18 05:32 - 2018-09-18 05:32 - 000031941 _____ C:\Users\hp\Downloads\Midnight Sun (2018) [BluRay] [720p] [YTS.AM].torrent
2018-09-18 04:00 - 2018-09-18 04:01 - 000027684 _____ C:\Users\hp\Downloads\The.Truth.About.The.Harry.Quebert.Affair.S01E02.HDTV.x264-MTB[rartv]-[rarbg.to].torrent
2018-09-18 02:49 - 2018-09-18 02:49 - 000023906 _____ C:\Users\hp\Downloads\[glodls.to]The.Truth.About.The.Harry.Quebert.Affair.S01E02.720p.HDTV.x264-MTB[TGx].torrent
2018-09-17 23:24 - 2018-09-17 23:24 - 000245985 _____ C:\Users\hp\Downloads\Summer_Fling_-_Tarrah_Anders.epub
2018-09-17 12:31 - 2018-09-17 12:32 - 000117354 _____ C:\Users\hp\Downloads\Watch Set It Up (2018) Full Movie on FMovies.to.vtt
2018-09-16 12:56 - 2018-09-16 12:57 - 001577552 _____ (Opera Software) C:\Users\hp\Downloads\OperaSetup.exe
2018-09-16 11:52 - 2018-09-16 11:53 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Mozilla
2018-09-16 11:43 - 2018-09-16 11:47 - 055828704 _____ C:\Users\hp\Downloads\torbrowser-install-win64-8.0_en-US (1).exe
2018-09-16 11:42 - 2018-09-16 11:46 - 055828704 _____ C:\Users\hp\Downloads\torbrowser-install-win64-8.0_en-US.exe
2018-09-16 04:07 - 2018-09-16 04:07 - 000000000 ____D C:\Users\hp\AppData\Local\mbam
2018-09-16 02:05 - 2018-09-16 02:05 - 000030747 _____ C:\Users\hp\Downloads\FCF317C57E227E556B9DD882A0410EB30C5D78C0.torrent
2018-09-15 13:52 - 2018-09-15 13:52 - 003128648 _____ (BitTorrent Inc.) C:\Users\hp\Downloads\BitTorrent (3).exe
2018-09-15 12:40 - 2018-09-15 12:40 - 000103206 _____ C:\Users\hp\Downloads\greys-anatomy-2-x-27-DVDRip TOPAZ UNCUT-86684-www.My-Subs.Com.srt
2018-09-15 12:39 - 2018-09-05 04:06 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-09-14 21:43 - 2018-09-14 21:44 - 000374942 _____ C:\Users\hp\Downloads\Trailer_Park_Virgin_-_Alexa_Riley.epub
2018-09-14 04:28 - 2018-09-14 04:28 - 001232964 _____ C:\Users\hp\Downloads\Salman_Rushdie_-_The_Satanic_Verses_-_1988.fb2
2018-09-14 04:21 - 2018-09-14 04:21 - 000515296 _____ C:\Users\hp\Downloads\Salman_Rushdie_-_The_Satanic_Verses.epub
2018-09-14 03:26 - 2018-09-14 03:26 - 000641665 _____ C:\Users\hp\Downloads\Beautiful_Bastard_-_Christina_Lauren.epub
2018-09-13 23:38 - 2018-09-13 23:39 - 000806688 _____ C:\Users\hp\Downloads\Kiss_the_Girl_3_-_Tara_Sivec.epub
2018-09-13 00:51 - 2018-08-31 09:12 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-13 00:51 - 2018-08-31 09:12 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-13 00:51 - 2018-08-31 09:12 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-13 00:51 - 2018-08-31 08:58 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-13 00:51 - 2018-08-31 08:56 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-13 00:51 - 2018-08-31 08:51 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-13 00:51 - 2018-08-31 08:50 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-13 00:51 - 2018-08-31 08:48 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-13 00:51 - 2018-08-31 08:45 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-13 00:51 - 2018-08-28 12:47 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-13 00:51 - 2018-08-09 15:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-13 00:51 - 2018-08-09 09:52 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-13 00:51 - 2018-08-09 09:39 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-13 00:50 - 2018-08-31 08:58 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-13 00:50 - 2018-08-31 08:46 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-13 00:50 - 2018-08-31 08:46 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-13 00:50 - 2018-08-31 08:45 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-13 00:50 - 2018-08-31 08:45 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-13 00:50 - 2018-08-31 08:40 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-13 00:50 - 2018-08-09 15:01 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-13 00:50 - 2018-08-09 14:44 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-13 00:50 - 2018-08-09 13:54 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-13 00:50 - 2018-08-09 09:58 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-13 00:34 - 2018-08-31 13:13 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-13 00:34 - 2018-08-31 12:53 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-13 00:34 - 2018-08-31 12:23 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-13 00:34 - 2018-08-31 09:14 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-13 00:34 - 2018-08-31 09:14 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-13 00:34 - 2018-08-31 09:12 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-13 00:34 - 2018-08-31 09:12 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-13 00:34 - 2018-08-31 08:58 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-13 00:34 - 2018-08-31 08:46 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-13 00:34 - 2018-08-31 08:44 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-13 00:34 - 2018-08-31 08:44 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-13 00:34 - 2018-08-31 08:43 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-13 00:34 - 2018-08-31 08:41 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-13 00:34 - 2018-08-31 08:41 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-13 00:34 - 2018-08-31 08:40 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-13 00:34 - 2018-08-31 08:40 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-13 00:34 - 2018-08-31 08:39 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-13 00:34 - 2018-08-31 08:37 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-13 00:34 - 2018-08-28 12:18 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-13 00:34 - 2018-08-09 14:46 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-13 00:34 - 2018-08-09 14:41 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-13 00:34 - 2018-08-09 14:41 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-13 00:34 - 2018-08-09 13:51 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-13 00:34 - 2018-08-09 10:32 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-13 00:34 - 2018-08-09 10:24 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-13 00:34 - 2018-08-09 10:23 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-13 00:34 - 2018-08-09 09:59 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-13 00:34 - 2018-08-09 09:59 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-13 00:34 - 2018-08-09 09:59 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-13 00:34 - 2018-08-09 09:55 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-13 00:34 - 2018-08-09 09:54 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-13 00:34 - 2018-08-09 09:53 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-13 00:34 - 2018-08-09 09:53 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-13 00:34 - 2018-08-09 09:41 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-13 00:34 - 2018-08-09 09:40 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-13 00:33 - 2018-08-31 13:16 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-13 00:33 - 2018-08-31 13:12 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-13 00:33 - 2018-08-31 12:54 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-13 00:33 - 2018-08-31 12:53 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-13 00:33 - 2018-08-31 12:52 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-13 00:33 - 2018-08-31 12:52 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-13 00:33 - 2018-08-31 12:25 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-13 00:33 - 2018-08-31 12:07 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-13 00:33 - 2018-08-31 12:07 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-13 00:33 - 2018-08-31 12:06 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-13 00:33 - 2018-08-31 09:20 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-13 00:33 - 2018-08-31 09:20 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-13 00:33 - 2018-08-31 09:14 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-13 00:33 - 2018-08-31 09:13 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-13 00:33 - 2018-08-31 09:13 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-13 00:33 - 2018-08-31 09:12 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-13 00:33 - 2018-08-31 09:12 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-13 00:33 - 2018-08-31 09:12 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-13 00:33 - 2018-08-31 09:12 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-13 00:33 - 2018-08-31 09:12 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-13 00:33 - 2018-08-31 09:12 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-13 00:33 - 2018-08-31 09:12 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-13 00:33 - 2018-08-31 09:12 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-13 00:33 - 2018-08-31 09:12 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-13 00:33 - 2018-08-31 08:58 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-13 00:33 - 2018-08-31 08:58 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-13 00:33 - 2018-08-31 08:58 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-13 00:33 - 2018-08-31 08:45 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-13 00:33 - 2018-08-31 08:44 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-13 00:33 - 2018-08-31 08:42 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-13 00:33 - 2018-08-31 08:41 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-13 00:33 - 2018-08-31 08:41 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-13 00:33 - 2018-08-31 08:41 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-13 00:33 - 2018-08-31 08:40 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-13 00:33 - 2018-08-31 08:40 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-13 00:33 - 2018-08-31 08:40 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-13 00:33 - 2018-08-31 08:37 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-13 00:33 - 2018-08-28 12:15 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-13 00:33 - 2018-08-09 15:01 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-13 00:33 - 2018-08-09 14:43 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-13 00:33 - 2018-08-09 14:43 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-13 00:33 - 2018-08-09 14:42 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-13 00:33 - 2018-08-09 14:41 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-13 00:33 - 2018-08-09 14:40 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-13 00:33 - 2018-08-09 14:40 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-13 00:33 - 2018-08-09 14:06 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-13 00:33 - 2018-08-09 13:53 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-13 00:33 - 2018-08-09 13:53 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-13 00:33 - 2018-08-09 13:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-13 00:33 - 2018-08-09 13:50 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-13 00:33 - 2018-08-09 10:31 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-13 00:33 - 2018-08-09 10:24 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-13 00:33 - 2018-08-09 10:23 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-13 00:33 - 2018-08-09 10:23 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-13 00:33 - 2018-08-09 10:23 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-13 00:33 - 2018-08-09 10:23 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-13 00:33 - 2018-08-09 10:00 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-13 00:33 - 2018-08-09 10:00 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-13 00:33 - 2018-08-09 09:58 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-13 00:33 - 2018-08-09 09:57 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-13 00:33 - 2018-08-09 09:55 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-13 00:33 - 2018-08-09 09:55 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-13 00:33 - 2018-08-09 09:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-13 00:33 - 2018-08-09 09:53 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-13 00:33 - 2018-08-09 09:53 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-13 00:33 - 2018-08-09 09:52 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-13 00:33 - 2018-08-09 09:52 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-13 00:33 - 2018-08-09 09:51 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-13 00:33 - 2018-08-09 09:43 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-13 00:33 - 2018-08-09 09:40 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-13 00:33 - 2018-08-09 09:39 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-13 00:33 - 2018-08-09 08:38 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-13 00:33 - 2018-08-09 08:38 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-13 00:32 - 2018-08-31 13:15 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-13 00:32 - 2018-08-31 12:57 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-13 00:32 - 2018-08-31 12:57 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-13 00:32 - 2018-08-31 12:56 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-13 00:32 - 2018-08-31 12:55 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-13 00:32 - 2018-08-31 12:55 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-13 00:32 - 2018-08-31 12:54 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-13 00:32 - 2018-08-31 12:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-13 00:32 - 2018-08-31 12:11 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-13 00:32 - 2018-08-31 12:11 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-13 00:32 - 2018-08-31 12:10 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-13 00:32 - 2018-08-31 12:07 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-13 00:32 - 2018-08-31 09:14 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-13 00:32 - 2018-08-31 09:14 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-13 00:32 - 2018-08-31 09:14 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-13 00:32 - 2018-08-31 09:12 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-13 00:32 - 2018-08-31 09:12 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-13 00:32 - 2018-08-31 09:12 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-09-13 00:32 - 2018-08-31 08:58 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-13 00:32 - 2018-08-31 08:58 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-13 00:32 - 2018-08-31 08:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-13 00:32 - 2018-08-31 08:47 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-13 00:32 - 2018-08-31 08:45 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-13 00:32 - 2018-08-31 08:45 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-13 00:32 - 2018-08-31 08:44 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-13 00:32 - 2018-08-31 08:44 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-13 00:32 - 2018-08-31 08:43 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-13 00:32 - 2018-08-31 08:43 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-13 00:32 - 2018-08-31 08:42 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-13 00:32 - 2018-08-31 08:41 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-13 00:32 - 2018-08-31 08:41 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-13 00:32 - 2018-08-31 08:40 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-13 00:32 - 2018-08-31 08:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-13 00:32 - 2018-08-31 08:40 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-13 00:32 - 2018-08-31 08:39 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-13 00:32 - 2018-08-31 08:38 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-13 00:32 - 2018-08-31 08:37 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-13 00:32 - 2018-08-31 08:36 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-13 00:32 - 2018-08-31 07:27 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-13 00:32 - 2018-08-28 12:26 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-13 00:32 - 2018-08-28 12:19 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-13 00:32 - 2018-08-28 11:21 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-13 00:32 - 2018-08-14 07:44 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-13 00:32 - 2018-08-14 07:44 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-13 00:32 - 2018-08-09 15:01 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-13 00:32 - 2018-08-09 15:01 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-13 00:32 - 2018-08-09 14:47 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-13 00:32 - 2018-08-09 14:44 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-13 00:32 - 2018-08-09 14:44 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-13 00:32 - 2018-08-09 14:44 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-13 00:32 - 2018-08-09 14:43 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-13 00:32 - 2018-08-09 14:43 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-13 00:32 - 2018-08-09 14:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-13 00:32 - 2018-08-09 14:42 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-13 00:32 - 2018-08-09 14:41 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-13 00:32 - 2018-08-09 14:41 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-13 00:32 - 2018-08-09 14:40 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-13 00:32 - 2018-08-09 14:39 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-13 00:32 - 2018-08-09 14:39 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-13 00:32 - 2018-08-09 14:39 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-13 00:32 - 2018-08-09 14:06 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-13 00:32 - 2018-08-09 13:54 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-13 00:32 - 2018-08-09 13:53 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-13 00:32 - 2018-08-09 13:52 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-13 00:32 - 2018-08-09 13:52 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-13 00:32 - 2018-08-09 13:52 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-13 00:32 - 2018-08-09 13:51 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-13 00:32 - 2018-08-09 13:51 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-13 00:32 - 2018-08-09 13:51 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-13 00:32 - 2018-08-09 13:50 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-13 00:32 - 2018-08-09 13:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-13 00:32 - 2018-08-09 13:50 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-13 00:32 - 2018-08-09 13:49 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-13 00:32 - 2018-08-09 10:25 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-13 00:32 - 2018-08-09 10:24 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-13 00:32 - 2018-08-09 10:24 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-13 00:32 - 2018-08-09 10:24 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-13 00:32 - 2018-08-09 10:23 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-13 00:32 - 2018-08-09 10:23 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-13 00:32 - 2018-08-09 10:23 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-13 00:32 - 2018-08-09 09:59 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-13 00:32 - 2018-08-09 09:59 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-13 00:32 - 2018-08-09 09:57 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-13 00:32 - 2018-08-09 09:57 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-13 00:32 - 2018-08-09 09:56 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-13 00:32 - 2018-08-09 09:56 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-13 00:32 - 2018-08-09 09:56 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-13 00:32 - 2018-08-09 09:56 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-13 00:32 - 2018-08-09 09:56 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-13 00:32 - 2018-08-09 09:56 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-13 00:32 - 2018-08-09 09:56 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-13 00:32 - 2018-08-09 09:55 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-13 00:32 - 2018-08-09 09:55 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-13 00:32 - 2018-08-09 09:55 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-13 00:32 - 2018-08-09 09:55 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-13 00:32 - 2018-08-09 09:52 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-13 00:32 - 2018-08-09 09:43 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-13 00:32 - 2018-08-09 09:42 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-13 00:32 - 2018-08-09 09:41 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-13 00:32 - 2018-08-09 09:41 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-13 00:32 - 2018-08-09 09:41 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-13 00:32 - 2018-08-09 09:41 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-13 00:32 - 2018-08-09 09:41 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-13 00:32 - 2018-08-09 09:41 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-13 00:32 - 2018-08-09 09:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-13 00:32 - 2018-08-09 09:38 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-13 02:19 - 2018-02-10 04:57 - 000000000 ____D C:\Users\hp\AppData\Roaming\BitTorrent
2018-10-13 02:18 - 2018-04-12 05:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-13 02:13 - 2018-02-10 04:39 - 000000000 ____D C:\Users\hp\AppData\Local\Free Download Manager
2018-10-13 01:57 - 2018-04-12 05:00 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-13 01:46 - 2018-07-13 00:42 - 000004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C56856DE-1E7F-4CF7-8BF0-3A0B75BA9E47}
2018-10-13 00:44 - 2018-06-20 20:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-12 22:00 - 2018-06-20 20:28 - 000000000 ____D C:\Users\hp
2018-10-12 22:00 - 2018-02-09 19:28 - 000000000 __SHD C:\Users\hp\IntelGraphicsProfiles
2018-10-07 17:09 - 2018-06-20 20:53 - 000004212 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-10-07 06:54 - 2017-05-19 00:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-10-04 22:44 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-04 18:01 - 2018-04-12 05:08 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-04 16:29 - 2018-02-10 05:06 - 000000000 ____D C:\Program Files\CCleaner
2018-10-04 14:14 - 2018-02-10 05:18 - 000000000 ____D C:\ProgramData\ProductData
2018-10-03 23:58 - 2018-02-09 23:26 - 000000000 ____D C:\WINDOWS\SHELLNEW
2018-10-03 21:07 - 2018-02-10 05:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-02 22:53 - 2018-04-19 10:34 - 000000000 ____D C:\Users\hp\AppData\Roaming\vlc
2018-10-02 19:54 - 2018-02-10 04:49 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-10-02 19:32 - 2018-02-10 04:51 - 000000000 ____D C:\KMPlayer
2018-09-27 12:05 - 2018-06-29 21:55 - 000000000 ____D C:\ProgramData\Packages
2018-09-26 11:05 - 2018-02-10 03:04 - 000092496 _____ (Quick Heal Technologies Ltd.) C:\WINDOWS\system32\Drivers\llio.sys
2018-09-25 05:05 - 2017-03-19 02:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-09-25 00:15 - 2018-02-10 02:58 - 000000000 ____D C:\WINDOWS\system32\gprodat
2018-09-24 13:09 - 2018-06-20 20:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-24 12:58 - 2018-04-12 02:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-09-24 12:44 - 2017-05-19 00:47 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-09-24 12:44 - 2017-05-19 00:47 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-09-22 15:39 - 2018-02-09 19:33 - 000000000 ___RD C:\Users\hp\OneDrive
2018-09-22 14:24 - 2018-06-20 20:53 - 000004008 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-22 14:24 - 2018-06-20 20:53 - 000003776 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-09-22 13:08 - 2018-04-04 23:49 - 000000000 ____D C:\temp
2018-09-22 12:07 - 2018-04-12 02:34 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-09-22 11:58 - 2017-12-11 08:08 - 000000000 ____D C:\ProgramData\Realtek
2018-09-22 09:53 - 2018-06-20 20:53 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-09-22 09:10 - 2018-06-20 20:22 - 000411272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-21 10:10 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-19 17:56 - 2018-06-20 20:53 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-177186563-2203864396-2981051637-1001
2018-09-19 17:56 - 2018-06-20 20:28 - 000002361 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-19 07:51 - 2018-02-25 01:22 - 000000000 ____D C:\Users\hp\AppData\Roaming\MPC-HC
2018-09-19 03:34 - 2018-02-10 04:16 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-09-19 03:34 - 2018-02-10 04:16 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-09-17 22:01 - 2018-06-20 20:28 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-17 22:01 - 2018-04-12 05:06 - 000000000 ____D C:\WINDOWS\INF
2018-09-15 13:54 - 2018-04-05 00:00 - 000000920 _____ C:\Users\hp\Desktop\BitTorrent.lnk
2018-09-15 13:54 - 2018-02-10 04:57 - 000000900 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2018-09-15 13:43 - 2018-08-12 06:28 - 000000000 ____D C:\Users\hp\AppData\Local\D3DSCache
2018-09-15 12:42 - 2018-02-20 20:36 - 000000000 ____D C:\Users\hp\AppData\Local\Packages
2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-13 02:50 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-13 02:50 - 2018-04-12 02:34 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-13 01:24 - 2018-06-20 20:53 - 000004594 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-09-13 01:23 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-09-13 01:23 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-20 20:22

==================== End of FRST.txt ============================

Addition.txt

RayRay26 · October 13, 2018