Go Back   Web User Forums > Security > Malware Removal Help & Analysis

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 17-04-18, 09:00
MrTWithoutTheBling MrTWithoutTheBling is offline
Newbie
 
Join Date: Apr 2018
Posts: 5
Smile Malware check please(aswhooka.dll found after spydetect scan) Part 1

Good morning. Avast virus scan came back clean with no threats. Spydetect found aswhooka.dll (avast file though apparently??)
Could you please check my logs and see if anything is there lurking that shouldn't be. Would like to stop the HP BHO's as well, too many starting up.
Kind regards.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.04.2018
Ran by Evan (administrator) on DESKTOP-R26ABNV (17-04-2018 09:25:43)
Running from C:\Users\Evan\Downloads
Loaded Profiles: Evan (Available Profiles: Evan)
Platform: Windows 10 Home Version 1709 16299.125 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.100 1.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.245_non e_16ec1d963212a637\TiWorker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-03-25] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-15] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2017-04-23] (QFX Software Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2018-04-14] (Siber Systems)
HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-04-16]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{50869c8c-3940-44a5-baf9-a083d0d9938f}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{52df4868-dd7a-4702-a59b-df77906d9bba}: [DhcpNameServer] 198.18.0.1 198.18.0.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1869925373-3604889847-481428782-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-1869925373-3604889847-481428782-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {7D8D2687-F28A-44A7-B509-3E020855616D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {7D8D2687-F28A-44A7-B509-3E020855616D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1869925373-3604889847-481428782-1001 -> {7D8D2687-F28A-44A7-B509-3E020855616D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-04-15] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-04-14] (Siber Systems Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP luginx64.dll [2016-12-06] (HP Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-04-14] (Siber Systems Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll [2016-12-06] (HP Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-04-14] (Siber Systems Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-04-14] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-14] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-14] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: cfqjhot4.default
FF ProfilePath: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Prof iles\cfqjhot4.default [2018-04-17]
FF Homepage: Mozilla\Firefox\Profiles\cfqjhot4.default -> hxxps://www.startpage.com/uk/
FF NewTabOverride: Mozilla\Firefox\Profiles\cfqjhot4.default -> Enabled: {20fc2e06-e3e4-4b2b-812b-ab431220cada}
FF Extension: (Name) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Prof iles\cfqjhot4.default\Extensions\firefox@ghostery. com.xpi [2018-04-15]
FF Extension: (HTTPS Everywhere) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Prof iles\cfqjhot4.default\Extensions\https-everywhere@eff.org.xpi [2018-04-15]
FF Extension: (RoboForm Password Manager) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Prof iles\cfqjhot4.default\Extensions\rf-firefox@siber.com.xpi [2018-04-14]
FF Extension: (Avast SafePrice) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Prof iles\cfqjhot4.default\Extensions\sp@avast.com.xpi [2018-04-15]
FF Extension: (Avast Online Security) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Prof iles\cfqjhot4.default\Extensions\wrc@avast.com.xpi [2018-04-15]
FF Extension: (StartPage.com — Private Search Engine) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Prof iles\cfqjhot4.default\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2018-04-14]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Prof iles\cfqjhot4.default\features\{e147e027-4c80-4c51-8b59-bdf38f87cca9}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-14] [Legacy]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-14] (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-14] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7603408 2018-04-15] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-15] (AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8522416 2018-04-06] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-14] (Dropbox, Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc.)
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2017-01-06] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
S3 QFXUpdateService; C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-23] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-19] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-04-15] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-04-15] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-04-15] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-04-15] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-04-15] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [227784 2018-04-15] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-04-15] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [147224 2018-04-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111352 2018-04-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-04-15] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-04-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-04-15] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-04-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-04-15] (AVAST Software)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7400936 2017-01-06] (Intel Corporation)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [233248 2017-02-19] (QFX Software Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-11-21] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [723920 2017-07-20] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2017-01-06] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6895984 2017-08-17] (Realtek Semiconductor Corporation )
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-17 09:25 - 2018-04-17 09:26 - 000017792 _____ C:\Users\Evan\Downloads\FRST.txt
2018-04-17 09:25 - 2018-04-17 09:25 - 000000000 ____D C:\FRST
2018-04-17 09:24 - 2018-04-17 09:24 - 002403328 _____ (Farbar) C:\Users\Evan\Downloads\FRST64.exe
2018-04-17 09:00 - 2018-04-17 09:00 - 000000000 ____D C:\Users\Evan\Downloads\spydetectfree64
2018-04-17 08:59 - 2018-04-17 08:59 - 001248927 _____ C:\Users\Evan\Downloads\spydetectfree64.zip
2018-04-17 08:52 - 2018-04-17 08:52 - 000128152 _____ (Gibson Research Corp.) C:\Users\Evan\Downloads\InSpectre.exe
2018-04-16 23:31 - 2018-04-16 23:00 - 000000000 ____D C:\Windows.old
2018-04-16 23:23 - 2018-04-16 23:32 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-04-16 23:20 - 2018-04-16 23:23 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-04-16 23:20 - 2018-04-16 23:20 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-04-16 23:16 - 2018-04-16 23:16 - 025245696 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 023652864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 021352136 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 018916352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 013703168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 012829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 011923456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 008097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 006478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 006092664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 006037504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 004814848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 004740608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFl owUI.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 003903784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 003678208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 003484840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 003163648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.G att.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 003010720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 002510336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002339296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001585376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store .dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001413760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-16 23:16 - 2018-04-16 23:16 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001259344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001148216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utiliti es.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001090440 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-16 23:16 - 2018-04-16 23:16 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedConte nt.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000924136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000779440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedConte nt.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000661664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000654048 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockS creen.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dl l
2018-04-16 23:16 - 2018-04-16 23:16 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockS creen.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store .TestingFramework.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store .TestingFramework.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000198888 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDelive ryManager.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2018-04-16 23:16 - 2018-04-16 23:16 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-04-16 23:16 - 2018-04-16 23:16 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient. dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2018-04-16 23:16 - 2018-04-16 23:16 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 017159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 002783744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 002446744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utiliti es.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001200536 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 001170000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-04-16 23:15 - 2018-04-16 23:15 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-04-16 23:15 - 2018-04-16 23:15 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAcc ess.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient. dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2018-04-16 23:15 - 2018-04-16 23:15 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-04-16 23:15 - 2018-04-16 23:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-04-16 23:15 - 2018-04-16 23:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-04-16 23:09 - 2018-04-16 23:09 - 000000000 ____D C:\inetpub
2018-04-16 23:08 - 2018-04-16 23:08 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-04-16 23:08 - 2018-04-16 23:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-04-16 23:08 - 2018-04-16 23:08 - 000000000 ____D C:\Program Files\MSBuild
2018-04-16 23:08 - 2018-04-16 23:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-04-16 23:08 - 2018-04-16 23:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-04-16 23:07 - 2018-04-16 23:07 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-04-16 23:07 - 2018-04-16 23:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-04-16 23:07 - 2018-04-16 23:07 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNativ e_v0300.dll
2018-04-16 23:07 - 2018-04-16 23:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNativ e_v0300.dll
2018-04-16 23:07 - 2018-04-16 23:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-04-16 23:07 - 2018-04-16 23:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-04-16 23:06 - 2018-04-16 23:06 - 000000020 ___SH C:\Users\Evan\ntuser.ini
2018-04-16 23:06 - 2018-04-16 23:06 - 000000000 ___RD C:\Users\Evan\3D Objects
2018-04-16 23:04 - 2018-04-16 23:04 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-04-16 23:04 - 2018-04-16 23:04 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-04-16 23:04 - 2018-04-16 23:04 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-04-16 23:04 - 2018-04-16 23:04 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-04-16 23:04 - 2018-04-16 23:04 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-04-16 23:04 - 2018-04-16 23:04 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-04-16 23:04 - 2018-04-16 23:04 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-04-16 23:04 - 2018-04-16 23:04 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-04-16 23:04 - 2018-04-16 23:04 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-04-16 23:04 - 2018-04-16 23:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-04-16 23:04 - 2018-04-16 23:04 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-04-16 23:00 - 2018-04-16 23:00 - 000000000 ___HD C:\ProgramData\temp
2018-04-16 22:58 - 2018-04-16 23:14 - 000002278 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-04-16 22:58 - 2018-04-16 23:07 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-16 22:58 - 2018-04-16 23:01 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-04-16 22:58 - 2018-04-16 22:59 - 000003160 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2018-04-16 22:58 - 2018-04-16 22:59 - 000002916 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1869925373-3604889847-481428782-1001
2018-04-16 22:58 - 2018-04-16 22:58 - 000003522 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachine UA
2018-04-16 22:58 - 2018-04-16 22:58 - 000003298 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachine Core
2018-04-16 22:58 - 2018-04-16 22:58 - 000002916 _____ C:\WINDOWS\System32\Tasks\HPJumpStartLaunch
2018-04-16 22:58 - 2018-04-16 22:58 - 000002854 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForEvan
2018-04-16 22:58 - 2018-04-16 22:58 - 000002828 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-04-16 22:58 - 2018-04-16 22:58 - 000002560 _____ C:\WINDOWS\System32\Tasks\HPEA3JOBS
2018-04-16 22:58 - 2018-04-16 22:58 - 000002500 _____ C:\WINDOWS\System32\Tasks\HPAudioSwitch
2018-04-16 22:58 - 2018-04-16 22:58 - 000002378 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2018-04-16 22:58 - 2018-04-16 22:58 - 000002340 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-04-16 22:58 - 2018-04-16 22:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-16 22:58 - 2018-04-16 22:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-04-16 22:58 - 2018-04-16 22:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2018-04-16 22:58 - 2018-04-16 22:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-04-16 22:58 - 2018-04-16 22:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-04-16 22:57 - 2018-04-16 22:58 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-04-16 22:57 - 2018-04-16 22:58 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-04-16 22:56 - 2018-04-16 22:56 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-04-16 22:47 - 2018-04-16 22:47 - 000000000 ____D C:\ProgramData\USOShared
2018-04-16 22:43 - 2018-04-16 22:43 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-04-16 22:41 - 2018-04-16 23:23 - 000000000 ____D C:\Users\Evan\AppData\Local\Packages
2018-04-16 22:40 - 2018-04-16 23:06 - 000000000 ____D C:\Users\Evan
2018-04-16 22:39 - 2018-04-16 22:59 - 000978886 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-16 22:38 - 2018-04-16 22:38 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-04-16 22:38 - 2017-09-29 14:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-04-16 22:38 - 2017-01-06 10:54 - 000103960 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-04-16 22:38 - 2017-01-06 10:54 - 000099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-04-16 22:36 - 2018-04-16 23:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-16 22:36 - 2018-04-16 22:52 - 000465264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-16 20:01 - 2018-04-16 20:01 - 011237526 _____ C:\Users\Evan\Documents\KMSAuto-Net-Portable.zip
2018-04-16 14:44 - 2018-04-16 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-04-16 14:44 - 2018-04-16 14:44 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-16 14:44 - 2018-04-16 14:44 - 000000000 ____D C:\Program Files\CCleaner
2018-04-16 14:39 - 2018-04-16 14:39 - 015333512 _____ (Piriform Ltd) C:\Users\Evan\Downloads\ccsetup541.exe
2018-04-16 13:41 - 2018-04-16 13:41 - 000000000 _____ C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_ 11_00.Wdf
2018-04-15 23:17 - 2018-04-16 15:33 - 000000924 _____ C:\Users\Evan\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Start Tor Browser.lnk
2018-04-15 23:17 - 2018-04-15 23:19 - 000000894 _____ C:\Users\Evan\Desktop\Start Tor Browser.lnk
2018-04-15 23:17 - 2018-04-15 23:17 - 000000000 ____D C:\Users\Evan\Documents\Tor Browser
2018-04-15 23:08 - 2018-04-15 23:08 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-04-15 23:08 - 2018-04-15 23:08 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-04-15 23:08 - 2018-04-15 23:08 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-04-15 23:08 - 2018-04-15 23:08 - 000000000 ____D C:\Users\Evan\AppData\Roaming\AVAST Software
2018-04-15 23:07 - 2018-04-15 23:08 - 000147224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-04-15 23:07 - 2018-04-15 23:07 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-04-15 23:07 - 2018-04-15 23:07 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-04-15 23:07 - 2018-04-15 23:07 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-04-15 23:07 - 2018-04-15 23:07 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-04-15 23:07 - 2018-04-15 23:07 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-04-15 23:07 - 2018-04-15 23:07 - 000111352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-04-15 23:07 - 2018-04-15 23:07 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-04-15 23:07 - 2018-04-15 23:07 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-04-15 23:07 - 2018-04-15 23:07 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-04-15 23:07 - 2018-04-15 23:06 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-04-15 23:07 - 2018-04-15 23:06 - 000548000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-04-15 23:07 - 2018-04-15 23:06 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-04-15 23:07 - 2018-04-15 23:06 - 000227784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-04-15 23:07 - 2018-04-15 23:06 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-04-15 23:07 - 2018-04-15 23:06 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-04-15 23:07 - 2018-04-15 23:06 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-04-15 23:05 - 2018-04-15 23:05 - 000000000 ____D C:\Program Files\AVAST Software
2018-04-15 23:02 - 2018-04-15 23:07 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-15 22:39 - 2018-04-15 22:39 - 000000000 ____D C:\Users\Evan\AppData\Local\CEF
2018-04-15 21:51 - 2018-04-15 21:51 - 053707712 _____ C:\Users\Evan\Downloads\torbrowser-install-7.5.3_en-US.exe
2018-04-15 21:40 - 2018-04-15 21:41 - 007319960 _____ (AVAST Software) C:\Users\Evan\Downloads\avast_free_antivirus_setup _online.exe
2018-04-15 18:50 - 2018-04-16 14:56 - 000000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEvan.job
2018-04-15 18:50 - 2018-04-15 18:50 - 000000000 ____D C:\Users\Evan\AppData\Local\HP_Development_Company ,_L
2018-04-15 18:48 - 2018-04-15 18:48 - 000000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2018-04-15 18:48 - 2018-04-15 18:48 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2018-04-15 12:07 - 2018-04-16 13:49 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Apple Computer
2018-04-15 12:07 - 2018-04-15 12:07 - 000000000 ____D C:\Users\Evan\AppData\Local\Apple Computer
2018-04-15 12:06 - 2018-04-16 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-04-15 12:06 - 2018-04-15 12:06 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-04-15 12:06 - 2018-04-15 12:06 - 000000000 ____D C:\Program Files\iPod
2018-04-15 12:05 - 2018-04-15 12:06 - 000000000 ____D C:\Program Files\iTunes
2018-04-15 12:05 - 2018-04-15 12:05 - 000000000 ____D C:\ProgramData\Apple Computer
2018-04-15 12:04 - 2018-04-15 12:04 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-04-15 12:04 - 2018-04-15 12:04 - 000000000 ____D C:\Users\Evan\AppData\Local\Apple
2018-04-15 12:04 - 2018-04-15 12:04 - 000000000 ____D C:\Program Files\Bonjour
2018-04-15 12:04 - 2018-04-15 12:04 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-04-15 12:04 - 2018-04-15 12:04 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-04-15 12:02 - 2018-04-15 12:04 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-04-15 11:58 - 2018-04-15 12:00 - 272307016 _____ (Apple Inc.) C:\Users\Evan\Downloads\iTunes64Setup.exe
2018-04-15 11:40 - 2018-04-15 11:40 - 000000000 ____D C:\Users\Evan\Documents\Canon Printer
2018-04-15 11:37 - 2018-04-15 18:35 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Canon
2018-04-15 11:37 - 2018-04-15 11:37 - 000000000 ___HD C:\ProgramData\CanonIJQuickMenu
2018-04-15 11:36 - 2018-04-15 22:45 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-04-15 11:34 - 2013-03-24 05:00 - 000393728 _____ (CANON INC.) C:\WINDOWS\system32\CNMXLMBX.DLL
2018-04-15 11:34 - 2013-02-04 15:10 - 000321536 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_BXL.dll
2018-04-15 11:34 - 2012-11-09 10:43 - 000088064 _____ C:\WINDOWS\SysWOW64\CNC176DD.TBL
2018-04-15 11:34 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2018-04-15 11:33 - 2018-04-16 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series User Registration
2018-04-15 11:33 - 2018-04-15 11:33 - 000000000 ____D C:\Users\Evan\AppData\LocalLow\Canon Easy-WebPrint EX2
2018-04-15 11:33 - 2018-04-15 11:33 - 000000000 ____D C:\Users\Evan\AppData\LocalLow\Canon Easy-WebPrint EX
2018-04-15 11:32 - 2018-04-15 11:32 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2018-04-15 11:28 - 2018-04-16 23:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2018-04-15 11:28 - 2018-04-15 11:33 - 000000000 ____D C:\Program Files\Canon
2018-04-15 11:28 - 2018-04-15 11:28 - 000000000 ___HD C:\ProgramData\CanonBJ
2018-04-15 11:26 - 2018-04-15 11:27 - 000000000 ___HD C:\Program Files\CanonBJ
2018-04-15 11:25 - 2018-04-15 11:34 - 000000000 ____D C:\Program Files (x86)\Canon
2018-04-15 11:21 - 2018-04-16 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2018-04-15 11:21 - 2018-04-16 20:04 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2018-04-15 11:21 - 2018-04-15 11:21 - 000001115 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2018-04-15 11:21 - 2012-05-02 12:17 - 001070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2018-04-15 11:21 - 2009-03-24 13:52 - 000129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2018-04-15 11:20 - 2018-04-15 11:20 - 004291320 _____ (BrightFort LLC ) C:\Users\Evan\Downloads\spywareblastersetup55.exe
2018-04-15 09:12 - 2018-04-15 09:12 - 000000000 ____D C:\Program Files\TAP-Windows
2018-04-15 09:11 - 2018-04-15 09:11 - 000256240 _____ C:\Users\Evan\Downloads\tap-windows-9.21.2.exe
2018-04-15 09:00 - 2018-04-15 09:00 - 000001095 _____ C:\Users\Public\Desktop\IPVanish.lnk
2018-04-15 08:59 - 2018-04-16 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPVanish
2018-04-15 08:53 - 2018-04-15 08:53 - 000000000 ____D C:\Users\Evan\AppData\Roaming\QFX Software
2018-04-15 08:53 - 2018-04-15 08:53 - 000000000 ____D C:\ProgramData\QFX Software
2018-04-15 02:19 - 2018-04-17 08:48 - 000000000 ___DC C:\WINDOWS\Panther
2018-04-15 01:51 - 2018-04-15 01:51 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-04-15 01:06 - 2018-04-15 01:06 - 000000000 ____D C:\Program Files\rempl
2018-04-15 01:03 - 2018-04-15 01:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-15 01:03 - 2018-04-15 01:03 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-15 01:03 - 2018-04-15 01:03 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-15 00:54 - 2018-04-15 00:54 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2018-04-14 22:11 - 2018-04-14 22:13 - 000000000 ____D C:\Users\Evan\Desktop\Photos
2018-04-14 21:40 - 2018-01-18 01:05 - 000108584 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-04-14 20:54 - 2018-04-14 20:54 - 000000000 ____D C:\Users\Evan\Desktop\CV
2018-04-14 20:53 - 2018-04-16 20:19 - 000000000 ____D C:\Users\Evan\Desktop\External Transport Manager
2018-04-14 20:53 - 2018-04-14 20:54 - 000000000 ____D C:\Users\Evan\Desktop\63 Oak Wynd tenancy
2018-04-14 20:30 - 2018-04-14 20:30 - 000000000 ____D C:\Users\Evan\AppData\Roaming\WildTangent
2018-04-14 19:14 - 2018-04-14 19:16 - 000002367 _____ C:\Users\Evan\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\OneDrive.lnk
2018-04-14 19:01 - 2018-04-14 19:01 - 000000000 ____D C:\Users\Evan\AppData\Local\IsolatedStorage
2018-04-14 18:59 - 2018-04-15 09:00 - 000000000 ____D C:\Program Files\IPVanish VPN
2018-04-14 18:59 - 2018-04-14 18:59 - 000000000 ____D C:\ProgramData\Caphyon
2018-04-14 18:55 - 2018-04-16 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2018-04-14 18:55 - 2018-04-14 18:55 - 000000000 ____D C:\ProgramData\RoboForm
2018-04-14 18:54 - 2018-04-14 18:54 - 000000000 ____D C:\Users\Evan\AppData\Local\RoboForm
2018-04-14 18:54 - 2018-04-14 18:54 - 000000000 ____D C:\Program Files (x86)\Siber Systems
2018-04-14 18:53 - 2018-04-14 18:53 - 023445608 _____ (Siber Systems) C:\Users\Evan\Downloads\RoboForm-v8-Setup.exe
2018-04-14 18:48 - 2018-04-15 08:59 - 000000000 ____D C:\Users\Evan\AppData\Roaming\IPVanish
2018-04-14 18:45 - 2018-04-14 18:45 - 012373264 _____ (IPVanish) C:\Users\Evan\Downloads\ipvanish-setup.exe
2018-04-14 18:40 - 2018-04-16 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2018-04-14 18:40 - 2018-04-14 18:41 - 000000000 ____D C:\Program Files (x86)\KeyScrambler
2018-04-14 18:40 - 2017-02-19 20:15 - 000233248 _____ (QFX Software Corporation) C:\WINDOWS\system32\Drivers\keyscrambler.sys
2018-04-14 18:39 - 2018-04-14 18:39 - 001607568 _____ C:\Users\Evan\Downloads\KeyScrambler_Setup.exe
2018-04-14 18:34 - 2018-04-14 18:34 - 013552432 _____ C:\Users\Evan\Downloads\saSetup.exe
2018-04-14 18:32 - 2018-04-17 08:57 - 000000000 ____D C:\Users\Evan\AppData\LocalLow\Mozilla
2018-04-14 18:32 - 2018-04-14 18:36 - 000000000 ____D C:\Users\Evan\AppData\Local\Mozilla
2018-04-14 18:32 - 2018-04-14 18:32 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Mozilla
2018-04-14 18:31 - 2018-04-14 18:32 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-14 18:31 - 2018-04-14 18:31 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-04-14 18:31 - 2018-04-14 18:31 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-04-14 18:31 - 2018-04-14 18:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-14 18:19 - 2018-04-14 18:19 - 000000000 ____D C:\Users\Evan\AppData\Local\Comms
2018-04-14 18:14 - 2018-04-14 19:15 - 000000000 ___RD C:\Users\Evan\OneDrive
2018-04-14 18:14 - 2018-04-14 18:14 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Macromedia
2018-04-14 18:11 - 2018-04-14 18:11 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Hewlett-Packard
2018-04-14 18:11 - 2018-04-14 18:11 - 000000000 ____D C:\Users\Evan\AppData\Local\MicrosoftEdge
2018-04-14 18:11 - 2018-04-14 18:11 - 000000000 ____D C:\Users\Evan\AppData\Local\DBG
2018-04-14 18:08 - 2018-04-14 18:08 - 000000000 ____D C:\Users\Evan\AppData\Roaming\hpqLog
2018-04-14 18:07 - 2018-04-15 18:47 - 000000000 ____D C:\Users\Evan\AppData\Local\HP JumpStart Apps
2018-04-14 18:07 - 2018-04-15 09:36 - 000000000 ____D C:\Users\Evan\AppData\Local\Publishers
2018-04-14 18:07 - 2018-04-14 18:09 - 000000000 ____D C:\Users\Evan\AppData\Roaming\HP
2018-04-14 18:07 - 2018-04-14 18:07 - 000000000 ____D C:\Users\Evan\Documents\My Bluetooth
2018-04-14 18:07 - 2018-04-14 18:07 - 000000000 ____D C:\Users\Evan\AppData\Roaming\DropboxOEM
2018-04-14 18:07 - 2018-04-14 18:07 - 000000000 ____D C:\Users\Evan\AppData\Local\Hewlett-Packard
2018-04-14 18:07 - 2018-04-14 18:07 - 000000000 ____D C:\Users\Evan\AppData\Local\DropboxOEM
2018-04-14 18:07 - 2018-04-14 18:07 - 000000000 ____D C:\Users\Evan\AppData\Local\Crashpad
2018-04-14 18:06 - 2018-04-17 08:48 - 000000000 __SHD C:\Users\Evan\IntelGraphicsProfiles
2018-04-14 18:06 - 2018-04-14 18:06 - 000000000 ____D C:\Users\Evan\AppData\Roaming\Adobe
2018-04-14 18:06 - 2018-04-14 18:06 - 000000000 ____D C:\Users\Evan\AppData\Local\VirtualStore
2018-04-14 18:06 - 2018-04-14 18:06 - 000000000 ____D C:\Users\Evan\AppData\Local\ConnectedDevicesPlatfo rm
2018-04-14 18:05 - 2018-04-16 23:06 - 000000000 ____D C:\Users\Evan\AppData\Local\TileDataLayer
2018-04-14 18:05 - 2017-10-31 10:57 - 000000000 ___HD C:\Users\Evan\Documents\hp.system.package.metadata
2018-04-14 18:05 - 2017-10-31 10:57 - 000000000 ___HD C:\Users\Evan\Documents\hp.applications.package.ap pdata
2018-04-14 17:51 - 2018-04-17 08:47 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-17 09:25 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-17 09:23 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-17 08:50 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-04-17 08:49 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-17 08:47 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-16 23:35 - 2017-09-29 14:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-04-16 23:32 - 2017-10-31 14:08 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-04-16 23:32 - 2017-10-31 13:55 - 000000000 ____D C:\Program Files\Intel
2018-04-16 23:32 - 2017-10-31 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-04-16 23:32 - 2017-10-31 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Orbit
2018-04-16 23:32 - 2017-10-31 10:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2018-04-16 23:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-04-16 23:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-04-16 23:32 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-16 23:32 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-16 23:32 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-16 23:32 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-04-16 23:31 - 2017-09-29 14:49 - 000000000 ____D C:\WINDOWS\Setup
2018-04-16 23:24 - 2017-10-31 13:54 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-04-16 23:24 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-04-16 23:23 - 2017-10-31 13:54 - 000000000 ____D C:\Program Files\Realtek
2018-04-16 23:23 - 2017-09-29 14:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-04-16 23:23 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-04-16 23:18 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Windows Defender
2018-04-16 23:18 - 2017-09-29 14:46 - 000000000 ____D C:\PerfLogs
2018-04-16 23:18 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-04-16 23:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-04-16 23:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-04-16 23:08 - 2017-09-30 15:36 - 000000000 ____D C:\WINDOWS\OCR
2018-04-16 23:06 - 2017-03-18 04:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-16 22:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Registration
2018-04-16 22:59 - 2017-09-29 09:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-04-16 22:56 - 2017-09-29 14:46 - 000000000 __RSD C:\WINDOWS\media
2018-04-16 22:56 - 2017-09-29 14:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-04-16 22:51 - 2017-09-29 09:45 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-04-16 22:47 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-04-16 22:44 - 2017-09-29 14:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-04-16 22:39 - 2017-10-31 13:59 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-04-16 22:39 - 2017-10-31 13:55 - 000001851 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2018-04-16 22:39 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-04-16 22:39 - 2017-04-01 06:38 - 000936124 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-04-16 22:38 - 2017-10-31 13:55 - 000017005 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-04-16 22:38 - 2017-10-31 13:54 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-04-16 21:24 - 2017-10-31 14:09 - 000000000 ____D C:\ProgramData\McAfee
2018-04-16 14:56 - 2017-10-31 11:04 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-04-16 14:56 - 2017-10-31 11:04 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-04-15 22:46 - 2017-10-31 14:09 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-04-15 18:54 - 2017-10-31 11:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-04-15 18:48 - 2017-10-31 10:57 - 000000000 ____D C:\Program Files\HP
2018-04-15 18:48 - 2017-10-31 10:55 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-15 18:47 - 2010-02-07 18:19 - 000000000 ____D C:\swsetup
2018-04-15 18:43 - 2017-10-31 10:57 - 000000000 ____D C:\Program Files (x86)\HP
2018-04-15 18:42 - 2017-10-31 17:49 - 000014848 _____ (Hewlett-Packard) C:\WINDOWS\HPCUST2.exe
2018-04-15 12:04 - 2017-10-31 11:00 - 000000000 ____D C:\ProgramData\Apple
2018-04-14 20:31 - 2017-10-31 14:08 - 000000000 ____D C:\ProgramData\WildTangent
2018-04-14 20:31 - 2017-10-31 14:08 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2018-04-14 18:07 - 2017-02-21 22:36 - 000000000 ___HD C:\SYSTEM.SAV
2018-04-14 17:59 - 2017-10-31 10:58 - 000000000 ____D C:\ProgramData\Hewlett-Packard
Reply With Quote
  #2  
Old 17-04-18, 09:01
MrTWithoutTheBling MrTWithoutTheBling is offline
Newbie
 
Join Date: Apr 2018
Posts: 5
Default Re: Malware check please(aswhooka.dll found after spydetect scan) Part 1

Continued

==================== Files in the root of some directories =======

2018-04-14 18:07 - 2018-04-17 08:50 - 000017255 _____ () C:\Users\Evan\AppData\Local\BTServer.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-16 22:36

==================== End of FRST.txt ============================
Reply With Quote
  #3  
Old 17-04-18, 09:02
MrTWithoutTheBling MrTWithoutTheBling is offline
Newbie
 
Join Date: Apr 2018
Posts: 5
Default Re: Malware check please(aswhooka.dll found after spydetect scan) Part 1

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018
Ran by Evan (17-04-2018 09:28:30)
Running from C:\Users\Evan\Downloads
Windows 10 Home Version 1709 16299.125 (X64) (2018-04-16 22:00:19)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-1869925373-3604889847-481428782-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1869925373-3604889847-481428782-503 - Limited - Disabled)
Evan (S-1-5-21-1869925373-3604889847-481428782-1001 - Administrator - Enabled) => C:\Users\Evan
Guest (S-1-5-21-1869925373-3604889847-481428782-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1869925373-3604889847-481428782-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-bit) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7503 - CyberLink Corp.)
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{82b971c1-85fa-4c53-ada1-4ec6be0c0c8a}) (Version: 3.5.171.271 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.3.50.9 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.5.32.203 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4509 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1094 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IPVanish (HKLM\...\{8E090593-23D4-4736-86FD-A2A3A356825C}) (Version: 3.1.2.0 - IPVanish) Hidden
IPVanish (HKLM-x32\...\IPVanish 3.1.2.0) (Version: 3.1.2.0 - IPVanish)
iTunes (HKLM\...\{D6ADE00D-544C-4BB8-B099-DE93C2087203}) (Version: 12.7.4.76 - Apple Inc.)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.11.0.3 - QFX Software Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9126.2152 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 59.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-GB)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.60 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8124 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.76 - REALTEK Semiconductor Corp.)
RoboForm 8-4-8-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-4-8-8 - Siber Systems)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{54228DC1-0B27-4215-B2BE-4D07C521F242}) (Version: 2.33.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{B8B01E04-5393-4902-98E6-0E2787F03C80}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-15] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-15] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-15] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-06] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-04-15] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B7EBEF-1374-452F-B226-7D7E9FA70DC1} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-28] (DropboxOEM)
Task: {15DA856E-8A3A-44CD-B9A5-DA30BDC9DF4E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-06] (Microsoft Corporation)
Task: {1E00E942-B7EC-480D-9823-F88895D72753} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {22CBEE19-7896-4489-8319-73A1BF469921} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2017-04-19] (Realtek Semiconductor)
Task: {2F743704-748A-40FD-B11F-80BB390F65E9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-06] (Microsoft Corporation)
Task: {338C11AB-14B3-4046-8642-317A44B2B19C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [2018-02-07] (HP Inc.)
Task: {3E805E42-EE18-43A8-A3BE-442A135905FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-07] (HP Inc.)
Task: {40471E2A-EE87-4594-8D4B-3CE3CB7B529B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe [2018-04-16] (AVAST Software)
Task: {6089CAEE-FA5B-464D-9ACC-A978BD7AF343} - System32\Tasks\HPCeeScheduleForEvan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {703FE586-64CA-47A1-B410-0C2308C8A9E9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-04-14] (Dropbox, Inc.)
Task: {7A71A776-E23F-44CC-9E1A-A621D924E59C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {86C70E80-0A3F-4944-983B-3C5B5D03D8E2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-15] (AVAST Software)
Task: {892E0F3D-B1B7-45BF-A393-E0DB5C92EC4D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-04-14] (Dropbox, Inc.)
Task: {8B278DBC-E6A8-4B83-9098-965A1873BF30} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2017-02-02] (HP Inc.)
Task: {8DA1B67A-51B3-48A7-BABA-157890DD11FB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [2018-04-15] (Microsoft Corporation)
Task: {8DC09441-2A66-46A5-8022-925AAE13CE23} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {94B02373-EFD2-4F06-B1AF-F5EF349D031A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [2018-04-15] (Microsoft Corporation)
Task: {965F09A0-BD22-4812-BC7D-9B43B9B03898} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {A2361D8F-201B-4FC2-9532-CD8A7FDE1F43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {A56D4640-5FA7-4A14-A91B-5906F86626A3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2018-04-14] (Siber Systems)
Task: {B0D01F98-EAE9-4E04-918E-ABAD66E6DE3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [2018-02-07] (HP Inc.)
Task: {DC9356DC-D6E0-4652-B240-915536A74885} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {DDA8FEF6-BC86-43AB-B869-20BCE5E56380} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.ex e [2016-12-06] (HP Inc.)
Task: {F2067308-E9E7-4DC8-B5AB-2C12BADF4117} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {F814C9AF-899C-4576-889F-A6A195362AD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {F87FB92A-9B57-4E5A-8652-9E92E3AEDE1D} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-07-28] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForEvan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=booking&refclickid= square

==================== Loaded Modules (Whitelisted) ==============

2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-15 11:36 - 2013-05-14 20:50 - 000140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CortanaApi.dll
2018-04-16 23:16 - 2018-04-16 23:16 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2018-04-14 21:03 - 2018-04-14 21:04 - 000178688 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.100 1.6.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-04-14 21:03 - 2018-04-14 21:04 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11803.100 1.6.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-15 23:06 - 2018-04-15 23:06 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-15 23:07 - 2018-04-15 23:07 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-15 23:06 - 2018-04-15 23:06 - 000349912 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-15 23:06 - 2018-04-15 23:06 - 000295640 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-15 23:06 - 2018-04-15 23:06 - 000281816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2017-03-18 22:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1869925373-3604889847-481428782-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "$McRebootA5E6DEAA56$.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1869925373-3604889847-481428782-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F4F82B6D-628A-4E51-AA80-852FB3A96F6C}] => (Allow) LPort=13148
FirewallRules: [{FF4B439B-477D-4BF5-BB08-5395F9911FFE}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{313E2288-2614-4F65-8586-F53FC55BAFEB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8DB91674-5143-4BE3-900F-80483E295B6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0DA71258-2A99-41A7-ACB2-229EA1EF1F66}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F7662171-7FB8-440F-A5EB-6DC58929AF66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BA958844-3D43-4A87-8BB4-08338F5ED01B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5207CF67-0553-41AB-BB1E-6446F7822E5B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{86C6A577-CED2-4914-9847-5875F8F8EB25}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{7875A2BF-02E1-4E8C-8188-429D6699723A}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{F1613D19-C8B0-4BAA-8377-2CD5705D18E3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{060D8BB3-1475-4DCF-95D4-7ACBAC199514}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5B02C0C3-ADD5-4187-9169-7BF03A660D08}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{AA54DE07-8223-46D2-9A9A-041D5BF9C07C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{01C5EA15-6C0B-4C01-BBE4-0703BB28A4BF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{86C96628-704F-44B1-AC26-DF8D7F33B2E0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPD VD14.exe
FirewallRules: [{2D30D79C-E76D-4B33-9399-E17ACD4FDDD9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe

==================== Restore Points =========================

16-04-2018 23:24:50 16.04.18 clean after updates and scans

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2018 08:47:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-R26ABNV.local already in use; will try DESKTOP-R26ABNV-2.local instead

Error: (04/17/2018 08:47:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-R26ABNV.local. Addr 192.168.1.7

Error: (04/17/2018 08:47:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.7:5353 16 DESKTOP-R26ABNV.local. AAAA FDB0:8900:7A52:0A00:0127:763F:B9F7:CA78

Error: (04/16/2018 11:10:54 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (04/16/2018 11:10:54 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_2.0.50727 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.

Error: (04/16/2018 10:56:44 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (04/16/2018 10:54:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (4884,R,0) TILEREPOSITORYS-1-0-0: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Default\AppData\Local\TileDataLayer\Datab ase\EDB.log.

Error: (04/16/2018 10:53:58 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A


System errors:
=============
Error: (04/17/2018 09:02:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/17/2018 08:50:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/16/2018 10:58:54 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (04/16/2018 10:56:51 PM) (Source: WinRM) (EventID: 10142) (User: )
Description: The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists.

Error: (04/16/2018 10:51:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The HPWMISVC service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/16/2018 10:49:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (04/16/2018 10:42:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (04/16/2018 10:40:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error:
Server execution failed


CodeIntegrity:
===================================

Date: 2018-04-17 09:21:51.360
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-17 09:21:51.356
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-17 09:21:50.316
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-17 09:21:50.311
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-17 09:21:42.061
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-17 09:21:42.057
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-17 09:21:34.209
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-17 09:21:34.164
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost. exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU J3060 @ 1.60GHz
Percentage of memory in use: 79%
Total physical RAM: 4002.61 MB
Available physical RAM: 802.48 MB
Total Virtual: 5410.61 MB
Available Virtual: 2343.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:918.37 GB) (Free:853.64 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:1.43 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b3c8cda3-b169-4dff-903e-9bfa8eb899af}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
\\?\Volume{180ed13a-8451-4fbf-baef-a29412b96805}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.54 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: C1F1399F)

Partition: GPT.

==================== End of Addition.txt ============================
Reply With Quote
  #4  
Old 17-04-18, 21:53
kevinf80's Avatar
kevinf80 kevinf80 is offline
Global Moderator
 
Join Date: Feb 2008
Location: Sunderland.UK.
Posts: 2,951
Default Re: Malware check please(aswhooka.dll found after spydetect scan) Part 1

Hello MrTWithoutTheBling and welcome to Webuser,

Your logs are clean, no malware or infection present...

aswhooka.dll - http://www.freefixer.com/library/fil...ka.dll-260672/

Thank you,

Kevin...
Reply With Quote
  #5  
Old 18-04-18, 07:41
Cantrel Cantrel is online now
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 11,041
Default Re: Malware check please(aswhooka.dll found after spydetect scan) Part 1

Hi Kevin - I noticed an entry for McAfee in the logs - while it's probably benign, would it be worth running the MCPR.exe to get rid of all vestiges of it ?

https://service.mcafee.com/webcenter...%3D8h5v86x51_4
Reply With Quote
  #6  
Old 18-04-18, 08:27
kevinf80's Avatar
kevinf80 kevinf80 is offline
Global Moderator
 
Join Date: Feb 2008
Location: Sunderland.UK.
Posts: 2,951
Default Re: Malware check please(aswhooka.dll found after spydetect scan) Part 1

Yes I saw the McAfee remnant in the logs,

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-04-16]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)

What is highlited red can be manually deleted if the OP wants to, personally I see no harm just leaving it alone. There is no target so it is inert..
Reply With Quote
  #7  
Old 18-04-18, 08:40
MrTWithoutTheBling MrTWithoutTheBling is offline
Newbie
 
Join Date: Apr 2018
Posts: 5
Default Re: Malware check please(aswhooka.dll found after spydetect scan) Part 1

Thank you very much for your replies and help.
Very much appreciated.
Amazing magazine and forums.
Reply With Quote
  #8  
Old 18-04-18, 12:57
Cantrel Cantrel is online now
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 11,041
Default Re: Malware check please(aswhooka.dll found after spydetect scan) Part 1

Quote:
Originally Posted by kevinf80 View Post
Yes I saw the McAfee remnant in the logs,

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-04-16]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)

What is highlited red can be manually deleted if the OP wants to, personally I see no harm just leaving it alone. There is no target so it is inert..
Thanks for the clarification, Kevin.
Reply With Quote
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Search the forum

Search

© Dennis Publishing Limited Licensed by Felden





All times are GMT. The time now is 08:02.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright Dennis Publishing 2010, All rights reserved