Jump to content

Infctd bad Win, 10 tried frst from thumb dr, in cmnd prmt, say not enough m


Recommended Posts

So almost all security features are blocked or something. Tried frst walkthrough from nasdaq using comand prompt in another thread (my external drive may have been infected from a previous attempt, oops) at the very top when cmnd prmt opens it says 'not enough memory space to run these commands' something to that effect any way. I've tried and failed, I like to figure these things myself and do fairly well, this time I gotta call it, I need help.

Somebody please.

 

 

Link to post
Share on other sites

Here are the log files

 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18.04.2019
Ran by Owner (19-04-2019 08:11:53)
Running from C:\Users\Owner\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1803 17134.706 (X64) (2019-03-30 08:36:26)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1153435190-900947857-1343882119-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1153435190-900947857-1343882119-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1153435190-900947857-1343882119-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1153435190-900947857-1343882119-501 - Limited - Disabled)
Owner (S-1-5-21-1153435190-900947857-1343882119-1001 - Administrator - Enabled) => C:\Users\Owner
WDAGUtilityAccount (S-1-5-21-1153435190-900947857-1343882119-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Audition CC 2019 (HKLM-x32\...\AUDT_12_0_1) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version:  - )
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1153435190-900947857-1343882119-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1153435190-900947857-1343882119-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-813CB5835A7A} -> [Creative Cloud Files] => C:\Users\Owner\Creative Cloud Files [2019-04-02 08:40]
CustomCLSID: HKU\S-1-5-21-1153435190-900947857-1343882119-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [1999-12-31] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {123D0655-6FEF-4B5C-986B-AF2840ACD725} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {19D2EDF3-E8A8-4CBF-944F-10DD20358A1B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe (Bitdefender SRL -> Bitdefender)
Task: {320548AF-ADC5-426B-A595-FEF7F40ED4B1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {36E65074-D9E3-4A32-9AD9-8653EC350045} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-jeremysherwood885@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {6CC2B409-B103-415E-B1FA-D0ABCEDE3249} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {E99C28E1-8063-45F7-8DB9-00312670DA05} - System32\Tasks\S-1-5-21-1153435190-900947857-1343882119-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {F5DCC4C5-CB6B-44E0-8315-C9818C152543} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {FDDCE6B8-F8DD-4BBD-844D-1E116B9EAA08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-30 02:06 - 2019-03-30 02:04 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1153435190-900947857-1343882119-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.20.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================
02-04-2019 01:46:17 Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706
19-04-2019 03:18:15 Windows Update
==================== Faulty Device Manager Devices =============
Name: Intel(R) Display Audio
Description: Intel(R) Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================
Application errors:
==================
Error: (04/19/2019 03:35:58 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC80.CRT,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64"'. Please refer to Help and Support for more information. HRESULT: 0x80073715. assembly interface: IAssemblyCacheItem, function: Commit, component: {844EFBA7-1C24-93B2-A01F-C8B3B9A1E18E}
Error: (04/13/2019 09:41:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.17134.1, time stamp: 0x5ace103a
Faulting module name: msvcrt.dll, version: 7.0.17134.1, time stamp: 0x5cbba6fd
Exception code: 0x40000015
Fault offset: 0x000000000000add2
Faulting process id: 0x1634
Faulting application start time: 0x01d4f27c24c8bff1
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report Id: 426a6cc8-4107-4063-8a11-257fc61cb22e
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (04/13/2019 08:35:18 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (04/13/2019 08:35:18 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (04/13/2019 08:25:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.17134.677 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: a8c
Start Time: 01d4e93bbefca08f
Termination Time: 0
Application Path: C:\Windows\explorer.exe
Report Id: 1d195e97-2a63-4567-aeff-8f8ab5bf9f82
Faulting package full name:
Faulting package-relative application ID:
Error: (04/12/2019 10:59:12 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (04/12/2019 10:59:12 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (04/02/2019 11:55:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Adobe Audition CC.exe version 12.0.1.34 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2d28
Start Time: 01d4e9e7d71126a6
Termination Time: 4294967295
Application Path: C:\Program Files\Adobe\Adobe Audition CC 2019\Adobe Audition CC.exe
Report Id: b51ab852-6a1b-4264-8a74-1fc0542699e9
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (04/19/2019 08:12:56 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (04/19/2019 08:10:20 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JVDR68A)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/19/2019 08:07:59 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JVDR68A)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/19/2019 08:07:54 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JVDR68A)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/19/2019 08:07:49 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JVDR68A)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/19/2019 08:07:44 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JVDR68A)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/19/2019 08:07:39 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JVDR68A)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/19/2019 08:07:34 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-JVDR68A)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Windows Defender:
===================================
Date: 2019-04-13 22:05:53.963
Description: 
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2019-04-14T05:05:53.962Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
Signature Version: 1.291.972.0
Engine Version: 1.1.15800.1
Product Version: 4.18.1902.2
Date: 2019-04-13 21:52:39.301
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {96189AAA-B92F-4D2A-9339-80CC1C60D2F5}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-04-13 20:35:42.817
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {674EC754-6EB6-4C2F-832A-A9F732586090}
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2019-04-02 10:14:08.542
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DADEDC94-E0DC-44A8-9E59-C95232E47BF4}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-04-02 09:23:47.302
Description: 
C:\Program Files\Adobe\Adobe Audition CC 2019\Adobe Audition CC.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2019-04-02T16:23:47.302Z
Path: %userprofile%\Documents
Process Name: C:\Program Files\Adobe\Adobe Audition CC 2019\Adobe Audition CC.exe
Signature Version: 1.291.972.0
Engine Version: 1.1.15800.1
Product Version: 4.18.1902.2
Date: 2019-04-19 07:51:47.925
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.291.2275.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15800.1
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Date: 2019-04-19 07:41:35.343
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-04-19 01:52:46.902
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.291.2168.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15800.1
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Date: 2019-04-19 01:42:29.621
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2019-04-17 23:01:15.950
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.291.2168.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15800.1
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 62%
Total physical RAM: 6024.27 MB
Available physical RAM: 2244.7 MB
Total Virtual: 6984.27 MB
Available Virtual: 3380.57 MB
==================== Drives ================================
Drive 😄 (Acer) (Fixed) (Total:914.69 GB) (Free:841.13 GB) NTFS
Drive f: () (Removable) (Total:14.96 GB) (Free:13.33 GB) FAT32
\\?\Volume{37d72136-1102-4fa9-882a-6aaf474e7c4f}\ (Recovery) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFS
\\?\Volume{5d1c42d9-1ba5-48a0-8652-ba2fd211f19d}\ (Push Button Reset) (Fixed) (Total:16.01 GB) (Free:1.04 GB) NTFS
\\?\Volume{6ba71b48-7f86-41ac-9158-b7b91f0b2411}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EB47F973)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18.04.2019
Ran by Owner (administrator) on DESKTOP-JVDR68A (19-04-2019 08:07:24)
Running from C:\Users\Owner\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Owner (Available Profiles: defaultuser0 & Owner)
Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> dwm.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1903.4-0\MsMpEng.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Failed to access process -> WmiPrvSE.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PickerHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-12] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18371072 2017-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
HKU\S-1-5-21-1153435190-900947857-1343882119-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{6cb70d36-2959-4617-9874-f53088493957}: [DhcpNameServer] 192.168.20.1
Internet Explorer:
==================
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-12] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 1999-12-31] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\NisSrv.exe [3856504 2019-04-17] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1903.4-0\MsMpEng.exe [113992 2019-04-17] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318648 2016-08-28] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
S3 b57xdbd; C:\WINDOWS\System32\drivers\b57xdbd.sys [72912 2013-07-10] (Broadcom Corporation -> Broadcom Corporation)
S3 b57xdmp; C:\WINDOWS\System32\drivers\b57xdmp.sys [25296 2013-07-10] (Broadcom Corporation -> Broadcom Corporation)
S3 BEHRINGER_2902; C:\WINDOWS\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (Ploytec GmbH -> BEHRINGER)
S3 bScsiMSa; C:\WINDOWS\System32\drivers\bScsiMSa.sys [59088 2013-07-23] (Broadcom Corporation -> Broadcom Corporation)
R3 bScsiSDa; C:\WINDOWS\System32\drivers\bScsiSDa.sys [99560 2015-09-27] (Broadcom Corporation -> Broadcom Corporation)
S3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
S3 BUSB_AUDIO_WDM; C:\WINDOWS\system32\drivers\busbwdm.sys [49728 2009-10-30] (Ploytec GmbH -> BEHRINGER)
S3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2017-01-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2014-12-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Mobile Communications)
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated -> Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-04-19] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-19] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated -> Acer Incorporated)
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2014-12-02] (Microsoft Windows Hardware Compatibility Publisher -> MobileTop)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2014-12-02] (MCCI Corporation -> MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2014-12-02] (MCCI Corporation -> MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2014-12-02] (MCCI Corporation -> MCCI)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2014-12-02] (MCCI Corporation -> MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2014-12-02] (MCCI Corporation -> MCCI Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2017-01-15] (Samsung Electronics CO., LTD. -> QUALCOMM Incorporated)
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2014-12-02] (MCCI Corporation -> MCCI Corporation)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43648 2017-01-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [343520 2019-04-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [68576 2019-04-17] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-04-19 07:41 - 2019-04-19 07:41 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-19 03:41 - 2019-04-02 01:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-19 03:41 - 2019-04-02 01:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-19 03:41 - 2019-04-01 22:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-19 03:40 - 2019-04-02 05:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-19 03:40 - 2019-04-02 05:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-19 03:40 - 2019-04-02 05:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-19 03:40 - 2019-04-02 05:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-19 03:40 - 2019-04-02 05:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-19 03:40 - 2019-04-02 05:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-19 03:40 - 2019-04-02 05:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-19 03:40 - 2019-04-02 05:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-19 03:40 - 2019-04-02 05:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-19 03:40 - 2019-04-02 05:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-19 03:40 - 2019-04-02 05:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-19 03:40 - 2019-04-02 05:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-19 03:40 - 2019-04-02 05:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-19 03:40 - 2019-04-02 05:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-19 03:40 - 2019-04-02 05:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-19 03:40 - 2019-04-02 05:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-19 03:40 - 2019-04-02 02:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-19 03:40 - 2019-04-02 02:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-19 03:40 - 2019-04-02 02:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-19 03:40 - 2019-04-02 02:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-19 03:40 - 2019-04-02 02:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-19 03:40 - 2019-04-02 02:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-19 03:40 - 2019-04-02 02:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-19 03:40 - 2019-04-02 02:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-19 03:40 - 2019-04-02 02:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-19 03:40 - 2019-04-02 01:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-19 03:40 - 2019-04-02 01:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-19 03:40 - 2019-04-02 01:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-19 03:40 - 2019-04-02 01:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-19 03:40 - 2019-04-02 01:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-19 03:40 - 2019-04-02 01:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-19 03:40 - 2019-04-02 01:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-19 03:40 - 2019-04-02 01:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-19 03:40 - 2019-04-02 01:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-19 03:40 - 2019-04-02 01:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-19 03:40 - 2019-04-02 01:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-19 03:40 - 2019-04-02 01:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-19 03:40 - 2019-04-02 01:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-19 03:40 - 2019-04-02 01:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-19 03:40 - 2019-04-02 01:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-19 03:40 - 2019-04-02 00:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-19 03:40 - 2019-04-02 00:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-19 03:40 - 2019-04-02 00:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-19 03:40 - 2019-04-02 00:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-19 03:40 - 2019-04-02 00:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-19 03:40 - 2019-04-02 00:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-19 03:40 - 2019-04-02 00:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-19 03:40 - 2019-04-02 00:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-19 03:40 - 2019-04-02 00:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-19 03:40 - 2019-04-02 00:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-19 03:40 - 2019-04-02 00:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-19 03:40 - 2019-04-02 00:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-19 03:40 - 2019-04-02 00:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-19 03:40 - 2019-04-02 00:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-19 03:40 - 2019-04-02 00:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-19 03:40 - 2019-04-02 00:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-19 03:40 - 2019-04-02 00:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-19 03:40 - 2019-04-02 00:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-19 03:40 - 2019-04-01 23:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-19 03:40 - 2019-04-01 22:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-19 03:40 - 2019-04-01 22:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-19 03:40 - 2019-04-01 22:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-19 03:40 - 2019-04-01 22:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-19 03:40 - 2019-04-01 21:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-19 03:40 - 2019-04-01 21:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-19 03:40 - 2019-04-01 21:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-19 03:40 - 2019-04-01 21:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-19 03:40 - 2019-04-01 21:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-19 03:40 - 2019-04-01 21:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-19 03:40 - 2019-04-01 21:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-19 03:40 - 2019-04-01 21:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-19 03:40 - 2019-04-01 21:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-19 03:40 - 2019-04-01 21:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-19 03:40 - 2019-04-01 21:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-19 03:40 - 2019-03-16 05:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-19 03:40 - 2019-03-16 02:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-19 03:40 - 2019-03-13 18:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-19 03:40 - 2019-03-13 18:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-19 03:40 - 2019-03-13 18:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-19 03:40 - 2019-03-13 18:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-19 03:40 - 2019-03-13 18:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-04-19 01:37 - 2019-04-19 01:37 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2019-04-19 01:37 - 2019-04-19 01:37 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2019-04-17 22:47 - 2019-04-19 07:41 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-04-17 22:47 - 2019-04-17 22:47 - 000000000 ____D C:\Users\Owner\AppData\Local\mbamtray
2019-04-17 22:47 - 2019-04-17 22:47 - 000000000 ____D C:\Users\Owner\AppData\Local\mbam
2019-04-17 22:46 - 2019-04-17 22:46 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-04-17 22:46 - 2019-04-17 22:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-04-17 22:46 - 2019-04-17 22:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-04-17 22:46 - 2019-04-17 22:46 - 000000000 ____D C:\Program Files\Malwarebytes
2019-04-17 22:46 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-04-17 22:46 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-17 22:43 - 2019-04-17 22:43 - 004326427 _____ C:\Users\Owner\Downloads\Malwarebytes User Guide.pdf
2019-04-13 23:02 - 2019-04-19 07:40 - 078118912 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-04-13 22:05 - 2019-04-13 22:05 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1153435190-900947857-1343882119-1001
2019-04-13 21:39 - 2019-04-19 05:08 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2019-04-13 21:37 - 2019-04-13 23:02 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2019-04-13 17:18 - 2019-04-13 20:04 - 000000000 ____D C:\Users\Owner\Desktop\audit,poss
2019-04-03 05:57 - 2019-04-03 05:57 - 039762840 _____ C:\Users\Owner\Documents\bassln.wav
2019-04-03 05:57 - 2019-04-03 05:57 - 000621260 _____ C:\Users\Owner\Documents\bassln.pkf
2019-04-03 05:49 - 2019-04-03 05:49 - 104422800 _____ C:\Users\Owner\Documents\newsong.wav
2019-04-03 05:49 - 2019-04-03 05:49 - 001631540 _____ C:\Users\Owner\Documents\newsong.pkf
2019-04-03 05:30 - 2019-04-03 05:30 - 084737424 _____ C:\Users\Owner\Documents\gut2sw.wav
2019-04-03 05:30 - 2019-04-03 05:30 - 001323956 _____ C:\Users\Owner\Documents\gut2sw.pkf
2019-04-02 23:19 - 2019-04-02 23:19 - 000000000 ____D C:\Users\Owner\AppData\Local\D3DSCache
2019-04-02 10:36 - 2019-04-02 18:55 - 082712974 _____ C:\Users\Owner\Documents\switchright.wav
2019-04-02 10:36 - 2019-04-02 18:55 - 001292348 _____ C:\Users\Owner\Documents\switchright.pkf
2019-04-02 10:06 - 2019-04-02 10:06 - 001284172 _____ C:\Users\Owner\Documents\switcharmonic.pkf
2019-04-02 09:05 - 2019-04-02 09:05 - 000001119 _____ C:\ulog_HeadlightsCC_AppCrash__e5c93a36-dccf-4e06-bbe6-316d7b11a634_0.xml
2019-04-02 08:40 - 2019-04-13 22:05 - 000000000 ___RD C:\Users\Owner\Creative Cloud Files
2019-04-02 02:30 - 2019-04-02 10:06 - 082190190 _____ C:\Users\Owner\Documents\switcharmonic.wav
2019-04-02 02:17 - 2019-04-02 02:17 - 000003730 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-jeremysherwood885@outlook.com
2019-04-02 02:11 - 2019-04-02 02:11 - 000000000 ____D C:\Users\Owner\AppData\Local\CEF
2019-04-02 02:10 - 2019-04-02 02:10 - 000001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2019.lnk
2019-04-02 02:10 - 2019-04-02 02:10 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-04-02 02:05 - 2019-04-02 02:10 - 000000000 ____D C:\Program Files\Adobe
2019-04-02 01:56 - 2019-04-02 08:40 - 000000000 ____D C:\ProgramData\Adobe
2019-04-02 01:56 - 2019-04-02 01:56 - 000001410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2019-04-02 01:56 - 2019-04-02 01:56 - 000001398 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2019-04-02 01:44 - 2019-04-02 01:47 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-02 01:40 - 2019-04-02 02:03 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-04-02 01:40 - 2019-04-02 01:40 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1153435190-900947857-1343882119-1001
2019-04-02 01:35 - 2019-04-13 22:05 - 000000000 ____D C:\Users\Owner\AppData\Local\Adobe
2019-04-02 00:28 - 2019-04-02 00:28 - 000249327 _____ C:\Users\Owner\Downloads\AdExplorer.zip
2019-04-02 00:21 - 2019-04-02 00:21 - 001640992 _____ C:\Users\Owner\Downloads\Autoruns.zip
2019-04-02 00:20 - 2019-04-02 00:23 - 025511363 _____ C:\Users\Owner\Downloads\SysinternalsSuite.zip
2019-04-01 01:20 - 2019-04-19 08:07 - 000000000 ____D C:\FRST
2019-04-01 01:20 - 2019-04-01 01:20 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-03-31 17:36 - 2019-03-31 18:51 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-03-31 17:36 - 2019-03-31 17:36 - 000103940 _____ C:\ProgramData\agent.1554078996.bdinstall.v2.bin
2019-03-31 17:36 - 2019-03-31 17:36 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-03-30 10:53 - 2019-03-30 10:58 - 872415232 _____ C:\Users\Owner\Downloads\bitdefender-rescue-cd.iso
2019-03-30 10:53 - 2019-03-30 10:53 - 003990528 _____ C:\Users\Owner\Downloads\stickifier.exe
2019-03-30 10:51 - 2019-03-30 10:51 - 000066216 _____ C:\Users\Owner\Downloads\stickifier-src.zip
2019-03-30 09:36 - 2019-04-19 08:04 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-03-30 09:36 - 2019-04-19 07:46 - 001489348 _____ C:\WINDOWS\ntbtlog.txt
2019-03-30 09:01 - 2019-04-19 03:40 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-30 09:01 - 2019-04-19 03:37 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-30 08:59 - 2019-04-19 03:20 - 000000000 ____D C:\Program Files\rempl
2019-03-30 08:59 - 2019-03-30 08:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-03-30 08:59 - 2019-03-30 08:59 - 000000000 ____D C:\Users\Owner\AppData\Local\DBG
2019-03-30 08:59 - 2019-03-30 08:55 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-03-30 08:56 - 2019-03-30 08:56 - 000000000 ____D C:\Users\Owner\AppData\Local\PlaceholderTileLogoFolder
2019-03-30 02:28 - 2019-04-02 01:45 - 000000000 ____D C:\WINDOWS\usb-audio.deBehringer2902
2019-03-30 02:28 - 2009-10-30 13:39 - 000460864 _____ (BEHRINGER) C:\WINDOWS\system32\Drivers\BUSB2902.sys
2019-03-30 02:28 - 2009-10-30 13:39 - 000049728 _____ (BEHRINGER) C:\WINDOWS\system32\Drivers\busbwdm.sys
2019-03-30 02:26 - 2019-03-30 02:26 - 000000000 ____D C:\Users\Owner\Downloads\BEHRINGER_2902_X64_2.8.40
2019-03-30 02:20 - 2019-03-30 02:20 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-03-30 02:19 - 2019-04-03 05:39 - 000000000 ____D C:\Windows.old
2019-03-30 02:19 - 2019-03-30 02:19 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-03-30 02:17 - 2019-03-30 02:17 - 000000000 ____D C:\Program Files\Elantech
2019-03-30 02:16 - 2019-03-30 02:16 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-03-30 02:15 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\Setup
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2019-03-30 02:12 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\te-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\or-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\km-KH
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\is-IS
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\id-ID
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\be-BY
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\as-IN
2019-03-30 02:12 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\OCR
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\Program Files\MSBuild
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-03-30 02:12 - 2019-03-30 02:12 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\system32\0409
2019-03-30 02:11 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\DigitalLocker
2019-03-30 02:09 - 2019-04-01 10:51 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-30 02:09 - 2019-04-01 10:51 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-30 02:08 - 2019-03-30 02:08 - 000000000 ____D C:\Users\Owner\AppData\Local\Comms
2019-03-30 02:06 - 2019-04-19 05:29 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-30 02:06 - 2019-04-19 05:29 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-30 02:06 - 2019-04-19 05:28 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-30 02:06 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-30 02:06 - 2019-04-19 05:07 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-30 02:06 - 2019-04-19 01:59 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-03-30 02:06 - 2019-04-17 22:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-30 02:06 - 2019-04-02 02:50 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-03-30 02:06 - 2019-04-02 01:51 - 000000000 ____D C:\ProgramData\Packages
2019-03-30 02:06 - 2019-04-02 01:42 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-03-30 02:06 - 2019-04-02 01:40 - 000000000 ___RD C:\Program Files (x86)
2019-03-30 02:06 - 2019-04-02 01:32 - 000000000 ____D C:\WINDOWS\appcompat
2019-03-30 02:06 - 2019-03-30 09:09 - 000000000 ____D C:\Program Files\Windows Defender
2019-03-30 02:06 - 2019-03-30 02:19 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-03-30 02:06 - 2019-03-30 02:19 - 000000000 __RHD C:\Users\Public\Libraries
2019-03-30 02:06 - 2019-03-30 02:19 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\ta-in
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\si-lk
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\setup
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\system32\am-et
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\WINDOWS\Provisioning
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-03-30 02:06 - 2019-03-30 02:15 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-30 02:06 - 2019-03-30 02:12 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-03-30 02:06 - 2019-03-30 02:11 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2019-03-30 02:06 - 2019-03-30 02:11 - 000000000 ___SD C:\WINDOWS\system32\dsc
2019-03-30 02:06 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-03-30 02:06 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2019-03-30 02:06 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-03-30 02:06 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-03-30 02:06 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-03-30 02:06 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\system32\com
2019-03-30 02:06 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\IME
2019-03-30 02:06 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\Help
2019-03-30 02:06 - 2019-03-30 02:11 - 000000000 ____D C:\Program Files\Common Files\system
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 __RSD C:\WINDOWS\media
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ___SD C:\WINDOWS\system32\Nui
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\Web
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\WaaS
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\Vss
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\tracing
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\TAPI
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SystemResources
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SystemApps
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\winevt
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\ras
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\my-mm
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\IME
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\icsxml
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\ias
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\DriverState
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\downlevel
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\DDFs
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\System
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SKB
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\ServiceState
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\security
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\schemas
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\SchCache
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\Resources
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\rescache
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\Registration
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\PLA
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\Performance
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\L2Schemas
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\InputMethod
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\IdentityCRL
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\Globalization
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\Cursors
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\Branding
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\addins
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\Program Files\Windows Security
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\Program Files\Windows Portable Devices
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\Program Files\windows nt
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\Program Files\Common Files\Services
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\Program Files (x86)\windows nt
2019-03-30 02:06 - 2019-03-30 02:06 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2019-03-30 02:06 - 2019-03-30 02:04 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2019-03-30 02:06 - 2019-03-30 02:04 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2019-03-30 02:06 - 2019-03-30 02:04 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2019-03-30 02:06 - 2019-03-30 02:04 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2019-03-30 02:06 - 2019-03-30 02:04 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2019-03-30 02:06 - 2019-03-30 02:04 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-03-30 02:06 - 2019-03-30 02:04 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2019-03-30 02:06 - 2019-03-30 02:04 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2019-03-30 02:06 - 2019-03-30 02:04 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2019-03-30 02:06 - 2019-03-30 02:04 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2019-03-30 02:06 - 2019-03-30 02:04 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2019-03-30 02:06 - 2019-03-30 02:04 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2019-03-30 02:06 - 2019-03-30 02:04 - 000000219 _____ C:\WINDOWS\system.ini
2019-03-30 02:06 - 2019-03-30 02:04 - 000000092 _____ C:\WINDOWS\win.ini
2019-03-30 02:06 - 2019-03-30 01:35 - 000000000 ____D C:\WINDOWS\system32\spool
2019-03-30 02:06 - 2019-03-30 01:35 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-03-30 02:06 - 2019-03-30 01:27 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-03-30 02:06 - 2019-03-30 01:27 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-03-30 02:06 - 2019-03-30 01:24 - 000000000 ____D C:\ProgramData\USOPrivate
2019-03-30 02:04 - 2019-04-19 07:47 - 000000000 ____D C:\WINDOWS\INF
2019-03-30 01:58 - 2019-04-19 03:48 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-30 01:52 - 2019-03-30 01:52 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-03-30 01:51 - 2019-04-19 07:40 - 015728640 _____ C:\WINDOWS\system32\config\SYSTEM
2019-03-30 01:51 - 2019-04-19 07:40 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2019-03-30 01:51 - 2019-04-19 07:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-03-30 01:51 - 2019-04-19 07:40 - 000049152 _____ C:\WINDOWS\system32\config\SECURITY
2019-03-30 01:51 - 2019-04-19 07:40 - 000032768 _____ C:\WINDOWS\system32\config\SAM
2019-03-30 01:51 - 2019-03-30 08:54 - 000000000 ____D C:\Users\Owner\AppData\Local\MicrosoftEdge
2019-03-30 01:51 - 2019-03-30 02:11 - 000000000 ____D C:\WINDOWS\servicing
2019-03-30 01:51 - 2019-03-30 02:06 - 000000000 ____D C:\WINDOWS\system32\SMI
2019-03-30 01:51 - 2019-03-30 01:36 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-30 01:51 - 2019-03-30 01:36 - 000000000 ____D C:\WINDOWS\Panther
2019-03-30 01:50 - 2019-03-30 01:50 - 000000000 ____D C:\Users\Owner\AppData\Local\Publishers
2019-03-30 01:49 - 2019-04-02 19:21 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2019-03-30 01:49 - 2019-04-02 01:50 - 000000000 ____D C:\Users\Owner\AppData\Local\ConnectedDevicesPlatform
2019-03-30 01:49 - 2019-04-02 01:37 - 000000000 ____D C:\Users\Owner\AppData\Local\Packages
2019-03-30 01:49 - 2019-03-30 01:49 - 000000020 ___SH C:\Users\Owner\ntuser.ini
2019-03-30 01:49 - 2019-03-30 01:49 - 000000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2019-03-30 01:37 - 2019-04-19 07:47 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-30 01:36 - 2019-03-30 01:36 - 000000000 _SHDL C:\Users\Default User
2019-03-30 01:36 - 2019-03-30 01:36 - 000000000 _SHDL C:\Users\All Users
2019-03-30 01:35 - 2019-04-19 05:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-30 01:35 - 2019-04-17 22:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-03-30 01:34 - 2019-03-30 01:34 - 000017884 _____ C:\Users\Owner\Desktop\Removed Apps.html
2019-03-30 01:34 - 2019-03-30 01:34 - 000016778 _____ C:\Users\defaultuser0\Desktop\Removed Apps.html
2019-03-30 01:30 - 2019-04-02 08:40 - 000000000 ____D C:\Users\Owner
2019-03-30 01:30 - 2019-04-02 01:40 - 000002367 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-30 01:30 - 2019-03-30 01:34 - 000000000 ____D C:\Users\defaultuser0
2019-03-30 01:30 - 2018-04-11 16:34 - 000001105 _____ C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-30 01:25 - 2019-04-19 05:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-30 01:25 - 2019-03-30 01:25 - 002033046 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2019-03-30 01:25 - 2019-03-30 01:25 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2019-03-30 01:25 - 2019-03-30 01:25 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2019-03-30 01:25 - 2019-03-30 01:25 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-03-30 01:25 - 2019-03-30 01:25 - 000000000 ____D C:\WINDOWS\system32\DAX2
2019-03-30 01:25 - 2019-03-30 01:25 - 000000000 ____D C:\Program Files\Realtek
2019-03-30 01:25 - 2019-03-30 01:25 - 000000000 ____D C:\Program Files\Common Files\Atheros
2019-03-30 01:25 - 1999-12-31 17:00 - 000103960 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2019-03-30 01:25 - 1999-12-31 17:00 - 000099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2019-03-30 01:24 - 2019-03-30 01:24 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2019-03-30 01:24 - 2019-03-30 01:24 - 000000000 ____D C:\ProgramData\USOShared
2019-03-30 01:24 - 2019-03-30 01:24 - 000000000 ____D C:\Program Files\Intel
2019-03-30 01:24 - 2019-03-30 01:24 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2019-03-30 01:24 - 2018-04-11 16:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-03-30 01:21 - 2019-04-19 07:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-30 01:21 - 2019-04-19 05:09 - 000234720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-30 00:42 - 2019-03-30 02:20 - 000000000 ___HD C:\$SysReset
2019-03-29 23:47 - 2019-03-30 02:26 - 000001109 _____ C:\Users\Owner\Desktop\BEHRINGER_2902_X64_2.8.40.zip - Shortcut.lnk
2019-03-29 23:46 - 2019-03-29 23:46 - 000841555 _____ C:\Users\Owner\Downloads\BEHRINGER_2902_X64_2.8.40 (1).zip
2019-03-29 21:56 - 2019-03-29 21:56 - 000293147 _____ C:\Users\Owner\Downloads\sfcinst.html
2019-03-29 21:56 - 2019-03-29 21:56 - 000000000 ____D C:\Users\Owner\Downloads\sfcinst_files
2019-03-29 19:15 - 2019-03-29 19:16 - 000000000 ____D C:\9d3970e300d67de88fd5412504aa
2019-03-29 01:48 - 2019-03-14 07:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-03-29 01:48 - 2019-03-14 07:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-03-29 01:48 - 2019-03-14 07:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-03-29 01:48 - 2019-03-14 07:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-29 01:48 - 2019-03-14 07:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-03-29 01:48 - 2019-03-14 07:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-03-29 01:48 - 2019-03-14 07:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-03-29 01:48 - 2019-03-14 07:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-03-29 01:48 - 2019-03-14 07:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-03-29 01:48 - 2019-03-14 07:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-03-29 01:48 - 2019-03-14 07:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-03-29 01:48 - 2019-03-14 07:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-03-29 01:48 - 2019-03-14 07:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-03-29 01:48 - 2019-03-14 06:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-03-29 01:48 - 2019-03-14 06:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-03-29 01:48 - 2019-03-14 06:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-03-29 01:48 - 2019-03-14 06:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-03-29 01:48 - 2019-03-14 06:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-03-29 01:48 - 2019-03-14 06:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-03-29 01:48 - 2019-03-14 01:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-03-29 01:48 - 2019-03-14 01:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-03-29 01:48 - 2019-03-14 01:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-29 01:48 - 2019-03-14 01:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-03-29 01:48 - 2019-03-14 01:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-03-29 01:48 - 2019-03-14 01:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-29 01:48 - 2019-03-14 01:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-29 01:48 - 2019-03-14 01:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-03-29 01:48 - 2019-03-14 01:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-29 01:48 - 2019-03-14 01:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-03-29 01:48 - 2019-03-14 01:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-03-29 01:48 - 2019-03-14 01:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-29 01:48 - 2019-03-14 01:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-29 01:48 - 2019-03-14 01:26 - 001457576 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-29 01:48 - 2019-03-14 01:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-29 01:48 - 2019-03-14 01:26 - 001140984 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-29 01:48 - 2019-03-14 01:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-29 01:48 - 2019-03-14 01:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-29 01:48 - 2019-03-14 01:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-29 01:48 - 2019-03-14 01:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-03-29 01:48 - 2019-03-14 01:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-03-29 01:48 - 2019-03-14 01:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-29 01:48 - 2019-03-14 01:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-29 01:48 - 2019-03-14 01:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-29 01:48 - 2019-03-14 01:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-29 01:48 - 2019-03-14 01:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-29 01:48 - 2019-03-14 01:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-03-29 01:48 - 2019-03-14 01:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-29 01:48 - 2019-03-14 01:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-03-29 01:48 - 2019-03-14 01:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-29 01:48 - 2019-03-14 01:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-03-29 01:48 - 2019-03-14 01:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-29 01:48 - 2019-03-14 01:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-03-29 01:48 - 2019-03-14 01:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-03-29 01:48 - 2019-03-14 01:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-03-29 01:48 - 2019-03-14 01:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-29 01:48 - 2019-03-14 01:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-03-29 01:48 - 2019-03-14 01:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

First please post the previous topic link I helped you with.

I need to see you run the Farbar program is normal mode.
Please post the logs for my review.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.