Jump to content

Recommended Posts

Hi, 

I have msi GL62M 7RDx laptop. 

Suddenly, windows 10 boot up got slowed down nearly takes 10-15 min to get to the desktop view. After my laptop got started, I tried to open d: drive (internal) and it was even more slower. Then I have restated my pc, again booting time was longer and this time unable to access d: drive at and c: drive got slowed down too.Also, start menu was not working. Then I decided to reset pc with keep my files option but didn't see any improvement. So again did reset pc with remove files option, only windows installed drive.More or less same behaviour with only exception c drive got faster. One suspicious thing which I observed is in c drive a file called "nvcontainerrecoverynvdi...reg" (attached the image) got created and deleted every few seconds. Also, 2 more suspicious batch files in c:\windows\, nvcontainerrecovery.bat and nvtelemetry recovery.bat not sure whether this has any impact. Kindly help me to fix my laptop and also help me to recover my d: drive without losing data. 

Regards,

Arv

IMG_20190917_194801.jpg

IMG_20190917_190018.jpg

IMG_20190918_012255.jpg

Share this post


Link to post
Share on other sites
Hello Arv45 and welcome to Malwarebytes,

Continue with the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

Hi Kevin,

Thanks for the help!!!

Here is the FRST.txt log...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2019
Ran by vaira (administrator) on MSI (Micro-Star International Co., Ltd. GL62M 7RDX) (18-09-2019 06:38:46)
Running from C:\Users\vaira\Desktop
Loaded Profiles: vaira (Available Profiles: vaira)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(A-Volute -> ) C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
(A-Volute -> ) C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(A-Volute -> Nahimic) C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
(Dynamic Digital Depth Australia Pty Ltd -> DDD Group Plc.) C:\Program Files (x86)\TriDef\SmartCam\TriDefSmartCamService64.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\MSI\MSI Remind Manager\40\MSIOnlineRegister.exe
(Micro-Star International CO., LTD. -> ) [File not signed] C:\Program Files (x86)\SCM\SCM.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Program Files (x86)\SCM\MSIService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.2.3\NS.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.9.2.3\NS.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-06-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-06-09] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [709816 2017-05-19] (A-Volute -> Nahimic)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] (Micro-Star International CO., LTD. -> ) [File not signed]
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1883704 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
HKU\S-1-5-21-3508199185-296706971-2626689586-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\vaira\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3508199185-296706971-2626689586-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\vaira\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3508199185-296706971-2626689586-1001\...\RunOnce: [Uninstall 17.3.6816.0313\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vaira\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64"
HKU\S-1-5-21-3508199185-296706971-2626689586-1001\...\RunOnce: [Uninstall 17.3.6816.0313] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vaira\AppData\Local\Microsoft\OneDrive\17.3.6816.0313"

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10131F57-E6EA-4692-9B8C-06E686018779} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.6.0.12\\Ara.exe [848152 2015-07-10] (Symantec Corporation -> Symantec Corporation)
Task: {1B4F14BD-69B7-44A3-B237-57B7D3CBA4D4} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [721976 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2D30E81C-1638-4D29-8285-C96896EC4616} - System32\Tasks\MSISCMTsk => C:\Program Files (x86)\MSI\MSI Remind Manager\MSISCMTsk.exe [285464 2017-05-31] (Micro-Star International CO., LTD. -> Application) [File not signed]
Task: {2F74EA63-E487-4A27-A7F8-5E5FF3720C82} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {3441ACAA-3EC5-4ACB-88F7-7F46483683A8} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [393728 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
Task: {4E20BBAC-C764-498B-BAB3-1BD68EE89C5D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A5903FE-5128-4EE8-B4EA-6B1946484235} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [947768 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6F204501-DB52-49AB-B8DC-903ED4DC6BBC} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter]
Task: {77E1EABA-573F-492B-9645-CC985AE77E2F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {7FB2BC14-BD77-4BAB-8DAE-2C5D1B45EA59} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.9.2.3\WSCStub.exe [3791568 2017-04-10] (Symantec Corporation -> Symantec Corporation)
Task: {88E365C5-2EA7-4CAE-9177-810C664BEE88} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [431384 2017-06-19] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed]
Task: {89E4F54D-F657-4924-9A73-3D10177CA7AA} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.9.2.3\SymErr.exe [102016 2017-04-10] (Symantec Corporation -> Symantec Corporation)
Task: {8A924589-0923-45C0-A75C-7C99C3D7A4FE} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [709816 2017-05-19] (A-Volute -> Nahimic)
Task: {8C8896D7-75BA-4E9F-AB8C-CBB8256EBBB7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {98DC9150-C275-4D81-8E1E-E10AA895119E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649272 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9BA6F4DB-47F0-4DED-BA06-190F8D71143E} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.9.2.3\SymErr.exe [102016 2017-04-10] (Symantec Corporation -> Symantec Corporation)
Task: {A3B1D9D6-99CD-4685-8299-492708B0C662} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [3791568 2017-04-10] (Symantec Corporation -> Symantec Corporation)
Task: {C380B825-4A7A-4AB6-8806-A31C46FFCEBB} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2059960 2017-05-19] (A-Volute -> )
Task: {CFFAC80B-CC3C-450B-9F8B-1384BC647753} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [117728 2019-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {D18464C4-3203-4EA8-A09F-9BF9D87C3144} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {D38463A2-4E7A-4875-91E9-605BF0387D1D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [437816 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D8798903-E984-4EB7-8C18-5AF235DF9F23} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1428640 2019-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {D8B20ABA-259D-4C57-80F3-4E63FB6B65CD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27367016 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {D9605CCE-DF01-4DEE-8FE3-8A4DF2B0BD0D} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.9.2.3\SymErr.exe [102016 2017-04-10] (Symantec Corporation -> Symantec Corporation)
Task: {DF313414-7947-4BA0-AEB0-D92E1FA4F7D7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [649272 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E1B7E2C3-8932-4640-A861-06B482C2470C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [721976 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E3E0BD98-A455-44F1-A2C2-925494442E89} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [513720 2017-05-19] (A-Volute -> )
Task: {FE644E12-D51B-481D-8D12-802CB01878B2} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [5122840 2017-06-15] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 49.205.75.2
Tcpip\..\Interfaces\{9f62a8d0-0a3a-4890-ac09-3f93ebb88cfb}: [DhcpNameServer] 8.8.8.8 49.205.75.2

Internet Explorer:
==================
DownloadDir: C:\Users\vaira\Desktop
SearchScopes: HKU\S-1-5-21-3508199185-296706971-2626689586-1001 -> {D1B3280E-8529-4501-A8F2-FBF78D8B05D7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-09-17] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.2.3\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.2.3\coFFAddon [2019-09-17] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.9.2.3\coFFAddon
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-09-17] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.2.3\Exts\Chrome.crx [2017-06-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.9.2.3\Exts\Chrome.crx [2017-06-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11568144 2019-08-30] (Microsoft Corporation -> Microsoft Corporation)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413720 2017-06-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-06-05] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2017-06-08] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [62392 2017-04-24] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> )
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362568 2015-06-18] (Symantec Corporation -> Symantec Corporation)
R2 NS; C:\Program Files\Norton Security\Engine\22.9.2.3\NS.exe [326152 2017-04-10] (Symantec Corporation -> Symantec Corporation)
S2 SymSilent; C:\Program Files (x86)\SymSilent\SymSilent.exe [1071488 2017-06-23] (Symantec Corporation -> Symantec Corporation)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [399440 2018-08-29] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TriDefSmartCamService; c:\program files (x86)\tridef\smartcam\tridefsmartcamservice64.exe [11076576 2017-03-10] (Dynamic Digital Depth Australia Pty Ltd -> DDD Group Plc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\BASHDefs\20190916.001\BHDrvx64.sys [1935880 2019-09-16] (Symantec Corporation -> Symantec Corporation)
S3 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0406000.00C\ccSetx64.sys [173808 2015-06-24] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NSx64\1609020.003\ccSetx64.sys [174232 2017-04-10] (Symantec Corporation -> Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516784 2019-09-18] (Symantec Corporation -> Symantec Corporation)
U3 EraserUtilDrv11910; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11910.sys [154288 2019-09-18] (Symantec Corporation -> Symantec Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70632 2017-06-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [174600 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 IDSVia64; C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\IPSDefs\20190917.063\IDSvia64.sys [1451016 2019-09-17] (Symantec Corporation -> Symantec Corporation)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [161096 2016-09-19] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-11] (Microsoft Windows -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmi.inf_amd64_9cd951c47b0da577\nvlddmkm.sys [17213200 2018-08-22] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31800 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [28216 2017-06-23] (NVIDIA Corporation -> Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [49208 2017-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2018-01-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2017-06-23] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [69168 2017-12-05] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [56912 2018-08-29] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\system32\drivers\NSx64\1609020.003\SRTSP64.SYS [770200 2017-04-10] (Symantec Corporation -> Symantec Corporation)
R3 SRTSPX; C:\WINDOWS\system32\drivers\NSx64\1609020.003\SRTSPX64.SYS [49304 2017-04-10] (Symantec Corporation -> Symantec Corporation)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSx64\1609020.003\SYMEFASI64.SYS [1716888 2017-04-10] (Symantec Corporation -> Symantec Corporation)
S4 SymELAM; C:\WINDOWS\system32\drivers\NSx64\1609020.003\SymELAM.sys [24608 2017-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-06-23] (Symantec Corporation -> Symantec Corporation)
R3 SymIRON; C:\WINDOWS\system32\drivers\NSx64\1609020.003\Ironx64.SYS [291480 2017-04-10] (Symantec Corporation -> Symantec Corporation)
R3 SymNetS; C:\WINDOWS\system32\drivers\NSx64\1609020.003\SYMNETS.SYS [567496 2017-04-10] (Symantec Corporation -> Symantec Corporation)
R3 TriDefSmartCam; C:\WINDOWS\system32\DRIVERS\TriDefSmartCam.sys [48304 2017-02-20] (Dynamic Digital Depth Australia Pty Ltd -> DDD Group Plc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] (Micro-Star Int'l Co. Ltd. -> )
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20190918.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.9.2.3\Definitions\SDSDefs\20190918.003\NAVEX15.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-18 06:38 - 2019-09-18 06:39 - 000026263 _____ C:\Users\vaira\Desktop\FRST.txt
2019-09-18 06:38 - 2019-09-18 06:38 - 000000000 ____D C:\Users\vaira\Desktop\FRST-OlderVersion
2019-09-18 06:37 - 2019-09-18 06:38 - 001615360 _____ (Farbar) C:\Users\vaira\Desktop\FRST64.exe
2019-09-18 06:36 - 2019-09-18 06:36 - 001615360 _____ (Farbar) C:\Users\vaira\Downloads\FRST64.exe
2019-09-18 06:34 - 2019-09-18 06:38 - 000000000 ____D C:\FRST
2019-09-18 06:30 - 2019-09-18 06:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-09-18 06:30 - 2019-09-18 06:30 - 000000000 ____D C:\Program Files\Common Files\AV
2019-09-18 06:25 - 2019-09-18 06:25 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3508199185-296706971-2626689586-1001
2019-09-17 15:56 - 2019-09-17 16:35 - 000000000 ____D C:\WINDOWS\Panther
2019-09-17 15:56 - 2019-09-17 15:56 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-09-17 15:55 - 2019-09-18 06:28 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-17 15:53 - 2019-09-18 05:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-09-17 15:53 - 2019-09-17 16:36 - 000003676 _____ C:\WINDOWS\System32\Tasks\Norton Online Backup ARA
2019-09-17 15:53 - 2019-09-17 15:53 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-09-17 15:53 - 2019-09-17 15:53 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-09-17 15:53 - 2019-09-17 15:53 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-09-17 15:53 - 2019-09-17 15:53 - 000002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-09-17 15:53 - 2019-09-17 15:53 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-09-17 15:53 - 2019-09-17 15:53 - 000002942 _____ C:\WINDOWS\System32\Tasks\Dragon_Center_updater
2019-09-17 15:53 - 2019-09-17 15:53 - 000002846 _____ C:\WINDOWS\System32\Tasks\MSI_Help_Desk_Agent
2019-09-17 15:53 - 2019-09-17 15:53 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-09-17 15:53 - 2019-09-17 15:53 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-09-17 15:53 - 2019-09-17 15:53 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-09-17 15:53 - 2019-09-17 15:53 - 000002608 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-09-17 15:53 - 2019-09-17 15:53 - 000002396 _____ C:\WINDOWS\System32\Tasks\Nahimic2UILauncherRun
2019-09-17 15:53 - 2019-09-17 15:53 - 000002384 _____ C:\WINDOWS\System32\Tasks\Nahimic2Svc64Run
2019-09-17 15:53 - 2019-09-17 15:53 - 000002376 _____ C:\WINDOWS\System32\Tasks\Nahimic2Svc32Run
2019-09-17 15:53 - 2019-09-17 15:53 - 000002262 _____ C:\WINDOWS\System32\Tasks\MSI_Dragon Center
2019-09-17 15:53 - 2019-09-17 15:53 - 000002196 _____ C:\WINDOWS\System32\Tasks\MSISCMTsk
2019-09-17 15:53 - 2019-09-17 15:53 - 000000000 _SHDL C:\Users\Default User
2019-09-17 15:53 - 2019-09-17 15:53 - 000000000 _SHDL C:\Users\All Users
2019-09-17 15:53 - 2019-09-17 15:53 - 000000000 _SHDL C:\Documents and Settings
2019-09-17 15:53 - 2019-09-17 15:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-09-17 15:53 - 2019-09-17 08:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2019-09-17 15:53 - 2018-04-11 15:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-09-17 15:52 - 2019-09-17 15:52 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2019-09-17 15:49 - 2019-09-17 16:13 - 000000000 ____D C:\Windows.old
2019-09-17 15:47 - 2019-09-17 15:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2019-09-17 15:47 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\IAStorAfsService
2019-09-17 15:37 - 2019-09-17 15:37 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-09-17 15:37 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\Setup
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\te-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\or-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\km-KH
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\is-IS
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\id-ID
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\be-BY
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\as-IN
2019-09-17 15:36 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\0409
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\DigitalLocker
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\Program Files\MSBuild
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-09-17 15:36 - 2019-09-17 15:36 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-09-17 15:36 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\OCR
2019-09-17 15:35 - 2019-09-17 15:35 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-09-17 15:33 - 2019-05-30 17:57 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-09-17 15:33 - 2019-05-30 17:57 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-09-17 15:32 - 2019-09-17 15:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-09-17 15:32 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-09-17 15:32 - 2019-09-17 15:31 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2019-09-17 15:32 - 2019-09-17 15:31 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2019-09-17 15:32 - 2019-09-17 15:31 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2019-09-17 15:32 - 2019-09-17 15:31 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2019-09-17 15:32 - 2019-09-17 15:31 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-09-17 15:32 - 2019-09-17 15:31 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2019-09-17 15:32 - 2019-09-17 15:31 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2019-09-17 15:32 - 2019-09-17 15:31 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2019-09-17 15:32 - 2019-09-17 15:31 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2019-09-17 15:31 - 2019-09-18 06:34 - 000000000 ___HD C:\Program Files\WindowsApps
2019-09-17 15:31 - 2019-09-18 06:34 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-09-17 15:31 - 2019-09-18 06:28 - 000000000 ____D C:\WINDOWS\INF
2019-09-17 15:31 - 2019-09-18 06:25 - 000000000 ____D C:\WINDOWS\appcompat
2019-09-17 15:31 - 2019-09-18 06:20 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-09-17 15:31 - 2019-09-17 16:35 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-09-17 15:31 - 2019-09-17 15:53 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-09-17 15:31 - 2019-09-17 15:53 - 000000000 ____D C:\WINDOWS\Registration
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\TextInput
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ta-in
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\si-lk
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\setup
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\system32\am-et
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\Provisioning
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\Program Files\Windows Defender
2019-09-17 15:31 - 2019-09-17 15:37 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-09-17 15:31 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2019-09-17 15:31 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-09-17 15:31 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-09-17 15:31 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\system32\com
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___SD C:\WINDOWS\system32\dsc
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ___RD C:\Program Files (x86)
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\spool
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\IME
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\Help
2019-09-17 15:31 - 2019-09-17 15:34 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-09-17 15:31 - 2019-09-17 15:33 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-09-17 15:31 - 2019-09-17 15:33 - 000000000 ____D C:\Program Files\Common Files\system
2019-09-17 15:31 - 2019-09-17 15:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ___SD C:\WINDOWS\system32\Nui
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\my-mm
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\icsxml
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\ias
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\downlevel
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\DDFs
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2019-09-17 15:31 - 2019-09-17 15:32 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 __RSD C:\WINDOWS\media
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 __RHD C:\Users\Public\Libraries
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Web
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\WaaS
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Vss
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\tracing
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\TAPI
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SystemResources
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SystemApps
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\winevt
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\ras
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\IME
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\DriverState
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\System
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SKB
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\ServiceState
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\security
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\schemas
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\SchCache
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Resources
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\rescache
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\PLA
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Performance
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\L2Schemas
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\InputMethod
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\IdentityCRL
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Globalization
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Cursors
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\Branding
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\addins
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\ProgramData\USOShared
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\ProgramData\USOPrivate
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files\Windows Security
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files\Windows Portable Devices
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files\windows nt
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files\Common Files\Services
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files (x86)\windows nt
2019-09-17 15:31 - 2019-09-17 15:31 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2019-09-17 15:31 - 2019-09-17 09:22 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2019-09-17 15:31 - 2019-09-17 05:39 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-09-17 15:31 - 2019-09-17 05:23 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-09-17 15:30 - 2019-09-18 06:39 - 000000000 ____D C:\ProgramData\NVIDIA
2019-09-17 15:30 - 2019-09-17 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-09-17 15:30 - 2019-09-17 15:34 - 000000000 ____D C:\ProgramData\Intel
2019-09-17 15:30 - 2019-09-17 15:34 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2019-09-17 15:30 - 2019-09-17 15:34 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-09-17 15:30 - 2019-09-17 15:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-09-17 15:30 - 2019-09-17 15:33 - 000000000 ____D C:\Program Files\Intel
2019-09-17 15:30 - 2019-09-17 15:33 - 000000000 ____D C:\Intel
2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 ____D C:\WINDOWS\system32\DAX3
2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 ____D C:\WINDOWS\system32\DAX2
2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 ____D C:\Program Files\Realtek
2019-09-17 15:30 - 2019-09-17 15:30 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2019-09-17 15:30 - 2018-11-21 02:25 - 000136288 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2019-09-17 15:30 - 2018-11-21 02:25 - 000111200 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2019-09-17 15:30 - 2018-08-12 22:03 - 005947888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-09-17 15:30 - 2018-08-12 22:03 - 002612432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-09-17 15:30 - 2018-08-12 22:03 - 001767280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-09-17 15:30 - 2018-08-12 22:03 - 000633712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-09-17 15:30 - 2018-08-12 22:03 - 000451056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-09-17 15:30 - 2018-08-12 22:03 - 000124112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-09-17 15:30 - 2018-08-12 22:03 - 000083336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-09-17 15:30 - 2018-08-03 01:47 - 008273432 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-09-17 15:30 - 2018-06-14 02:45 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-09-17 15:29 - 2019-09-17 16:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-09-17 15:28 - 2019-09-17 15:36 - 000000000 ____D C:\WINDOWS\servicing
2019-09-17 15:28 - 2019-09-17 15:31 - 000000000 ____D C:\WINDOWS\system32\SMI
2019-09-17 15:28 - 2019-09-17 12:09 - 101711872 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-09-17 15:28 - 2019-09-17 12:09 - 030932992 _____ C:\WINDOWS\system32\config\SYSTEM
2019-09-17 15:28 - 2019-09-17 12:09 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT
2019-09-17 15:28 - 2019-09-17 12:09 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2019-09-17 15:28 - 2019-09-17 12:09 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2019-09-17 15:28 - 2019-09-17 12:09 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2019-09-17 15:28 - 2019-09-17 05:28 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-09-17 15:27 - 2019-09-17 15:49 - 000234496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-09-17 15:27 - 2019-09-17 15:27 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-09-17 15:27 - 2019-09-17 11:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-09-17 14:29 - 2019-09-17 16:15 - 000000000 ___HD C:\$SysReset
2019-09-17 09:26 - 2019-09-18 06:20 - 000000000 ____D C:\Users\vaira\AppData\Local\CrashDumps
2019-09-17 05:52 - 2019-09-17 05:52 - 000000000 ____D C:\Users\vaira\AppData\Local\Micro-Star_International_
2019-09-17 05:44 - 2019-09-17 05:44 - 000000000 ____D C:\Users\vaira\AppData\Local\D3DSCache
2019-09-17 05:43 - 2019-09-17 05:43 - 000000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2019-09-17 05:43 - 2019-09-17 05:43 - 000000001 _____ C:\ProgramData\Documents\dgc_DC.txt
2019-09-17 05:40 - 2019-09-17 05:40 - 000000000 ____D C:\Users\vaira\AppData\Local\Comms
2019-09-17 05:29 - 2019-09-18 05:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security
2019-09-17 05:26 - 2019-09-17 05:26 - 000000000 ____D C:\Users\vaira\AppData\Roaming\Intel Corporation
2019-09-17 05:25 - 2019-09-18 06:25 - 000000000 ___RD C:\Users\vaira\OneDrive
2019-09-17 05:25 - 2019-09-17 09:01 - 000000000 ____D C:\Users\vaira\AppData\Local\NVIDIA Corporation
2019-09-17 05:25 - 2019-09-17 05:25 - 000000000 ____D C:\Users\vaira\AppData\Local\MSI
2019-09-17 05:23 - 2019-09-18 06:32 - 000000000 ____D C:\Users\vaira\AppData\Local\Packages
2019-09-17 05:23 - 2019-09-18 05:53 - 000000000 __SHD C:\Users\vaira\IntelGraphicsProfiles
2019-09-17 05:23 - 2019-09-17 05:26 - 000000101 _____ C:\FindOSInstall.txt
2019-09-17 05:23 - 2019-09-17 05:24 - 000000000 ____D C:\Users\vaira\AppData\Local\Intel
2019-09-17 05:23 - 2019-09-17 05:23 - 000000056 _____ C:\tmp-diskpart.txt
2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ___RD C:\Users\vaira\3D Objects
2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Roaming\Intel
2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Roaming\Adobe
2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Local\VirtualStore
2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Local\Publishers
2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Local\DBG
2019-09-17 05:23 - 2019-09-17 05:23 - 000000000 ____D C:\Users\vaira\AppData\Local\ConnectedDevicesPlatform
2019-09-17 04:15 - 2019-09-17 04:15 - 000002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-09-17 04:15 - 2019-09-17 04:15 - 000002472 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-09-17 04:15 - 2019-09-17 04:15 - 000002468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-09-17 04:15 - 2019-09-17 04:15 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-09-17 04:15 - 2019-09-17 04:15 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-09-17 04:15 - 2019-09-17 04:15 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-09-17 04:15 - 2019-09-17 04:15 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-09-17 04:15 - 2019-09-17 04:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\أدوات Microsoft Office
2019-09-17 04:14 - 2019-09-17 04:14 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-09-17 04:10 - 2019-09-18 06:25 - 000002370 _____ C:\Users\vaira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-09-17 04:10 - 2019-09-17 05:25 - 000000000 ____D C:\Users\vaira
2019-09-17 04:10 - 2019-09-17 04:10 - 000000020 ___SH C:\Users\vaira\ntuser.ini
2019-09-17 04:10 - 2019-09-17 04:09 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-09-17 04:06 - 2019-09-18 06:34 - 000000000 ____D C:\ProgramData\Packages

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-17 15:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-09-17 15:34 - 2017-06-23 17:39 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef
2019-09-17 15:34 - 2017-06-23 17:39 - 000000000 ____D C:\ProgramData\TriDef SmartCam
2019-09-17 15:34 - 2017-06-23 17:39 - 000000000 ____D C:\Program Files (x86)\TriDef
2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\NARAx64
2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\Users\Public\Symantec
2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\ProgramData\Symantec
2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\Program Files (x86)\SymSilent
2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\Program Files (x86)\Symantec
2019-09-17 15:34 - 2017-06-23 17:29 - 000000000 ____D C:\Program Files (x86)\Norton Online Backup ARA
2019-09-17 15:34 - 2017-06-23 17:28 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-09-17 15:34 - 2017-06-23 17:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSx64
2019-09-17 15:34 - 2017-06-23 17:28 - 000000000 ____D C:\ProgramData\NortonInstaller
2019-09-17 15:34 - 2017-06-23 17:28 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2019-09-17 15:34 - 2017-06-23 17:14 - 000000000 ____D C:\WINDOWS\RE_DRIVE
2019-09-17 15:34 - 2017-06-23 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2019-09-17 15:34 - 2017-06-23 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sizing Options
2019-09-17 15:34 - 2017-06-23 17:13 - 000000000 ____D C:\Program Files (x86)\MSI
2019-09-17 15:34 - 2017-06-23 17:12 - 000000000 ____D C:\Program Files (x86)\SCM
2019-09-17 15:34 - 2017-06-23 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnRecovery
2019-09-17 15:34 - 2017-06-23 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nahimic 2 Audio Driver
2019-09-17 15:34 - 2017-06-23 16:50 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2019-09-17 15:34 - 2017-06-23 16:47 - 000000000 ____D C:\ProgramData\Downloaded Installations
2019-09-17 15:34 - 2017-06-23 16:45 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-09-17 15:34 - 2017-06-23 16:45 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2019-09-17 15:34 - 2017-06-23 16:44 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-09-17 15:34 - 2017-06-23 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-09-17 15:34 - 2017-06-23 16:44 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-09-17 15:34 - 2017-06-23 16:41 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-17 15:34 - 2017-06-23 00:20 - 000000000 ____D C:\User Manual
2019-09-17 15:34 - 2017-05-16 14:28 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2019-09-17 15:34 - 2017-03-18 18:31 - 000000000 ____D C:\WINDOWS\HoloShell
2019-09-17 15:33 - 2017-06-23 17:28 - 000000000 ____D C:\Program Files\Norton Security
2019-09-17 15:33 - 2017-06-23 17:28 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2019-09-17 15:33 - 2017-06-23 17:11 - 000000000 ____D C:\Program Files (x86)\BurnRecovery
2019-09-17 15:33 - 2017-06-23 16:54 - 000000000 ____D C:\Program Files\Nahimic
2019-09-17 15:33 - 2017-06-23 16:50 - 000000000 ____D C:\Program Files\Common Files\Intel
2019-09-17 15:33 - 2017-06-23 16:49 - 000000000 ____D C:\Program Files\DIFX
2019-09-17 15:33 - 2017-06-23 16:48 - 000000000 ____D C:\Program Files\Synaptics
2019-09-17 15:33 - 2017-06-23 16:47 - 000000000 ____D C:\Program Files\Rivet Networks
2019-09-17 15:33 - 2017-06-23 16:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-09-17 15:33 - 2017-06-23 16:42 - 000000000 ____D C:\Program Files (x86)\Intel
2019-09-17 15:33 - 2017-05-16 14:58 - 000000000 ____D C:\Program Files\Microsoft Office 15
2019-09-17 05:28 - 2017-06-23 17:28 - 000000000 ____D C:\ProgramData\Norton
2019-09-17 05:24 - 2017-06-23 17:14 - 000000000 ____D C:\ProgramData\MSI
2019-09-17 05:23 - 2017-05-16 14:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-09-17 04:14 - 2017-05-16 14:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

And attached the Addition.txt log...

 

Regards,

ARV

 

Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

Hello Arv45 and welcome to Malwarebytes,

I do not see any obvious Malware or Infection in your logs. DR1 is flagged as having a bad block, that is your D:\ drive. That will need attention..

Quote

System errors:
=============
Error: (09/18/2019 06:59:54 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Regarding your C:\ drive try the following and let me know the findings...

Open and elevated command prompt, at the prompt type or copy/paste the following:

DISM /Online /Cleanup-Image /ScanHealth then hit the enter key. What results do you get..?

Thanks,

Kevin.

Share this post


Link to post
Share on other sites

Hi Kevin,

 

Ran the DISM command and it is successful . Attached the image for reference.But still start menu ,settings , network ,.... is not getting opened.

Also, please suggest me how to fix D: drive since it has some important data I don't want it to format.Is there any other way to fix it ?

 

DISM_Status.jpg

Share this post


Link to post
Share on other sites

Run this command:

DISM /Online /Cleanup-Image /RestoreHealth

Let me know the findings...

Share this post


Link to post
Share on other sites

Command executed successfully.

But still couldn't open start menu and so on...

DISM_Restore_HealthStatus.jpg

Share this post


Link to post
Share on other sites

Run the following from elevated prompt... 

SFC /SCANNOW

Wait for the scan to finish - make a note of any error messages - and then reboot.

Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply.

 

 

Share this post


Link to post
Share on other sites

SFC scan is done , please find the attached image and CBS.log.

Following problem still persist:

Longer boot time

Start menu ,settings and few more is not functioning properly

D: drive is not accessible

Thank you.

SFC_Scan_Status.jpg

CBS.zip

Share this post


Link to post
Share on other sites

Thanks for the update, run the following command from elevated powershell prompt. Reboot when complete, see if start menu is repaired...

Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

Share this post


Link to post
Share on other sites

Hi Kevin,

I have executed the command. Few errors were observed. Please check for the screenshot. Start menu and other settings is still not working.

 

Regards,

ARV

 

Appxpackage.jpg

Share this post


Link to post
Share on other sites

Thanks for the log ARV, we do not make any headway with normal fixes, probably only way left is to run system refresh. That option will preserve personal data...

https://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html

Regarding D:\ drive run the following command from elevated prompt:

Quote

CHKDSK 😧 /R

Logs can be found via this link:

Edited by kevinf80

Share this post


Link to post
Share on other sites

Hi Kevin,

This is one of the first step I tried . Tried resetting PC with both Keep my files and remove all files option(Only c: drive).That also, didn't help. Only didn't try restore factory image .I fear to do it because thinking that d: drive will formatted during this process. If I am able recover data from d: drive I will try complete and fresh win 10 installation.

I tried chkdsk for drive attached the log which I observed.

Whether recovery software could help never tried one earlier? or Install Linux OS ?

Regards,

ARV

 

chkdsk_Eventlog.jpg

Share this post


Link to post
Share on other sites

Unfortunately that is indicating a failing Hard drive, can you use the same command on your C:\ drive.. Well worth making sure that drive is ok for a fresh install of windows...

To recover data you can use a linux based system as you mentioned, it is quite straightforward and can be done via a live CD as opposed to a complete install.

Go to this link http://www.howtogeek.com/howto/windows-vista/use-ubuntu-live-cd-to-backup-files-from-your-dead-windows-computer/ for the full instructions on how to use Ubuntu..

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.