1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] Blue Screen & Virus attacked

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by ramesh help, Jan 10, 2018.

  1. ramesh help

    ramesh help Established Techie7 Member

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018
    Ran by Home (15-01-2018 14:23:59)
    Running from C:\Users\Home\Downloads
    Windows 10 Home Version 1703 15063.850 (X64) (2017-03-18 12:08:04)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3128490503-3481064576-2182703944-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3128490503-3481064576-2182703944-503 - Limited - Disabled)
    Guest (S-1-5-21-3128490503-3481064576-2182703944-501 - Limited - Disabled)
    Home (S-1-5-21-3128490503-3481064576-2182703944-1001 - Administrator - Enabled) => C:\Users\Home

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
    µTorrent (HKU\S-1-5-21-3128490503-3481064576-2182703944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142018124749912\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
    Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
    Adobe Flash Plugins (HKLM\...\Adobe Flash Player) (Version: 26.0.0.131 - oszone.net)
    Adobe Photoshop CC 2015.5 (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF02}) (Version: 17.0 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CalMAN RGB (HKLM-x32\...\{a69b63b0-da55-4fc6-abb7-831e1e8686ad}) (Version: 5.8.1.31 - Portrait Displays, Inc) Hidden
    Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
    CR2 Converter (HKLM-x32\...\{775F32A5-7BA0-4717-89D0-32B3EC25B2C9}_is1) (Version: - cr2converter.com)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Imagenomic Portraiture 3 Plug-in (build 3027) (HKLM\...\Portraiture 3_is1) (Version: 3027 - Team V.R)
    inSSIDer 4 (HKLM-x32\...\{657B6478-2821-4A70-8FB7-996B5611964C}) (Version: 4.2.2.16 - MetaGeek, LLC)
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4877 - Intel Corporation)
    Intel® Integrated Sensor Solution (HKLM-x32\...\{b3782b53-1b6c-436a-b0f0-f65d83ae74d9}) (Version: 3.0.30.1119 - Intel Corporation)
    ISS_Drivers_x64 (HKLM\...\{6F91DCD1-30DB-449C-AE79-6948BEB15825}) (Version: 3.0.30.1119 - Intel Corporation) Hidden
    iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
    Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
    Logitech Options (HKLM\...\LogiOptions) (Version: 6.72.344 - Logitech)
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9179.0 - Waves Audio Ltd.) Hidden
    Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
    NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    NVIDIA Update 23.23.30.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 23.23.30.0 - NVIDIA Corporation)
    Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Plagiarism Checker X (HKLM-x32\...\{B23E0CBF-D5F6-4682-99A0-A32C6FD93B5B}) (Version: 5.1.4 - Plagiarism Checker X, LLC) Hidden
    Plagiarism Checker X (HKLM-x32\...\Plagiarism Checker X 5.1.4) (Version: 5.1.4 - Plagiarism Checker X, LLC)
    qBittorrent 4.0.3 (HKLM-x32\...\qBittorrent) (Version: 4.0.3 - The qBittorrent project)
    QuickGamma 4.0.0.2 (HKLM-x32\...\QuickGamma_is1) (Version: 4.0.0.2 - Eberhard Werle)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8323 - Realtek Semiconductor Corp.)
    Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.16299.11310 - Realtek Semiconductor Corp.)
    RogueKiller version 12.11.32.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.32.0 - Adlice Software)
    SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
    SpectraCal C3 Drivers (HKLM-x32\...\{7B906F27-3A5E-40FB-8784-A9D3EF2A3D7B}) (Version: 1.0.0.2 - Portrait Displays, Inc)
    Syncios Data Transfer 1.6.2 (HKLM-x32\...\{6C4BB520-3416-4D67-B7EA-A9FF6662345F}_is1) (Version: 1.6.2 - Anvsoft, Inc.)
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3128490503-3481064576-2182703944-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => -> No File
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
    ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-19] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-19] (Alexander Roshal)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxDTCM.dll [2017-11-07] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-19] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-19] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0EE83E87-D115-40C1-8BB2-79A3A2010273} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
    Task: {3FACB1A5-BF9C-46B0-9FAA-8BF50BFA2B07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
    Task: {4B819D3C-E8C8-46D5-A381-3AC0EF2B14D6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
    Task: {5CE6DA7E-9190-4E17-923C-E28B916732F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
    Task: {62153E1A-1E48-4FFD-89FF-FF18F3682009} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
    Task: {769BE428-79FD-436D-B513-9FA7ACFB24F9} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
    Task: {7D27993D-3B6C-45ED-AC42-B830EA8A74DE} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-12-14] (Realtek Semiconductor)
    Task: {947B5735-D72C-4505-A3C4-9E6F09744DC7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\BcyoMZkjXMgFaPP.job => C:\Program Files (x86)\umkISPBbU\pAicqM.dll
    Task: C:\Windows\Tasks\plaAVjRQXWCDePSecyr.job => C:\Program Files (x86)\aohGTEheqdnWC\fklFQTu.dll

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2018-01-10 12:31 - 2018-01-10 12:55 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
    2017-03-19 04:58 - 2017-03-19 04:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
    2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
    2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
    2017-12-18 05:54 - 2017-12-18 05:54 - 017831424 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
    2017-12-23 22:24 - 2017-12-06 12:24 - 002873688 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libglesv2.dll
    2017-12-23 22:24 - 2017-12-06 12:24 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libegl.dll
    2017-10-12 22:21 - 2017-10-12 22:21 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
    2017-10-12 22:21 - 2017-10-12 22:21 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\...\sharepoint.com -> hxxps://cnxmail-files.sharepoint.com
    IE trusted site: HKU\S-1-5-21-3128490503-3481064576-2182703944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142018124749912\...\sharepoint.com -> hxxps://cnxmail-files.sharepoint.com

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-03-19 05:03 - 2018-01-10 12:15 - 000001320 _____ C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 cpm.paneladmin.pro
    127.0.0.1 publisher.hmdiadmingate.xyz
    127.0.0.1 hmdicrewtracksystem.xyz
    127.0.0.1 mydownloaddomain.com
    127.0.0.1 linkmate.space
    127.0.0.1 space1.adminpressure.space
    127.0.0.1 trackpressure.website
    127.0.0.1 doctorlink.space
    127.0.0.1 plugpackdownload.net
    127.0.0.1 texttotalk.org
    127.0.0.1 gambling577.xyz
    127.0.0.1 htagdownload.space
    127.0.0.1 mybcnmonetize.com
    127.0.0.1 360devtraking.website
    127.0.0.1 dscdn.pw
    127.0.0.1 bcnmonetize.go2affise.com
    127.0.0.1 beautifllink.xyz

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142018124749834\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142018124749865\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\Control Panel\Desktop\\Wallpaper ->
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142018124749912\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 8.8.8.8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: !SASCORE => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AGSService => 2
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: gservice.exe => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: ibtsiva => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\Services: WsAppService => 2
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\...\StartupApproved\Run: => "11f86284"
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142018124749912\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142018124749912\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142018124749912\...\StartupApproved\Run: => "11f86284"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9542C8AF-A202-4090-B62E-85858490B6A7}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{A11F7D9F-62CD-4441-AC74-3A0FC3CFCC4D}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{15CD99D4-DF32-44CA-865C-D1B1D7DB5636}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{59A605D8-C085-4239-9DAE-08003EA512EC}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C7D0D5FD-B0F2-47D7-BB29-2133CD49D754}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{16D6C9C3-E743-4067-9365-59843C988E90}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{AA068812-7F31-4F85-A4C6-6BE780EBA4C3}] => (Allow) C:\Windows\explorer.exe
    FirewallRules: [{03CC437B-8AA9-434B-BFFE-C0D93E3C1770}] => (Allow) C:\Windows\system32\rundll32.exe
    FirewallRules: [{72531044-EFE8-47C5-961D-129A06EE4FB0}] => (Allow) C:\Windows\explorer.exe
    FirewallRules: [{FDF057F4-FD20-4537-9E75-AF1039E35983}] => (Allow) %APPDATA%\uTorrent\uTorrent.exe
    FirewallRules: [{E90BD0F5-7387-472D-BF31-8341DBB84F34}] => (Allow) %APPDATA%\uTorrent\uTorrent.exe
    FirewallRules: [{4051956F-062F-4857-998A-E6115E18FBF1}] => (Block) C:\Windows\systemapps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    FirewallRules: [{F519264F-4B8D-4DF9-948F-B3C2F129C7A6}] => (Block) C:\Windows\systemapps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe
    FirewallRules: [{73BEE30A-524B-4A1A-BC90-6D1D21A37AE3}] => (Allow) C:\Program Files (x86)\PlagiarismCheckerX\Plagiarism Checker X.exe
    FirewallRules: [{C2696103-3D7B-499F-A203-A2839ACDAD84}] => (Allow) C:\Program Files (x86)\PlagiarismCheckerX\Update.exe
    FirewallRules: [{8D5A9A95-C417-44A8-B694-9111DDB063C6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{48196FF5-E2D8-42D3-8DC1-0FEB6DF4ADC3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{B1636E57-E9E7-45C4-A198-5B1C1372304D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{E242D8CC-79F8-4BA6-8A32-C4A3FD0CD8A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{206A96BA-EA9B-4F5A-8901-E54738101CD9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{C6CADB54-17C3-4640-AAF9-0608262AA132}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
    FirewallRules: [UDP Query User{0FB761A2-635E-4DDC-934A-3913395DE3C6}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
    FirewallRules: [{5084B41C-12F5-4CC4-B23C-725C9D56AD28}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
    FirewallRules: [{D9D2A184-38A6-47A5-B5CF-1419DC40164A}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
    FirewallRules: [{934A5DD3-46C3-4810-BDE5-9FD3852DC9FA}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
    FirewallRules: [{13250E6E-E3B8-43FF-863C-F90EFDA10058}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{D2CC57E1-12AE-4BB4-AE9D-C776668A7976}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{26D0804E-049E-473B-A8B7-BDA1BB7633E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B3BEDF1F-35E5-4BDB-A8E3-2CEF53BA8DE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{48BD8C6D-676D-4A65-8B5E-3EE90107DB36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{33D47129-48AE-446E-B7FA-02919D9D24F1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{31AD12F9-FB16-471F-9882-887F28786D3E}] => (Allow) C:\Program Files (x86)\AnvSoft\Syncios Data Transfer\SynciosTransfer.exe
    FirewallRules: [{C5057683-4008-4977-AE80-ADDB014B9C81}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
    FirewallRules: [{8DF18EB0-103C-497F-8B9B-A3F893B8E6B7}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
    FirewallRules: [{52ED50F4-5E4D-488F-85A5-DEF2C7CCE28C}] => (Allow) C:\Windows\System32\rundll32.exe
    FirewallRules: [{CDDC7553-D55C-4530-813A-668FE2E20C44}] => (Allow) C:\Windows\System32\rundll32.exe
    FirewallRules: [{4B6B5652-1D62-4196-96F3-3BAFBFD1E135}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE

    ==================== Restore Points =========================

    10-01-2018 15:50:03 Windows Update
    10-01-2018 16:41:31 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    10-01-2018 16:42:03 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    10-01-2018 16:43:57 Installed OpenOffice 4.1.5
    10-01-2018 19:06:36 Removed OpenOffice 4.1.5
    14-01-2018 11:19:34 Windows Update
    15-01-2018 14:22:49 Removed Main Services

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/15/2018 02:22:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

    System Error:
    The system cannot find the file specified.
    .

    Error: (01/14/2018 09:35:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 620953

    Error: (01/14/2018 09:35:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 620953

    Error: (01/14/2018 09:35:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/14/2018 09:25:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1312

    Error: (01/14/2018 09:25:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1312

    Error: (01/14/2018 09:25:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/14/2018 07:27:50 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: svchost (3536) SRUJet: An attempt to open the file "C:\Windows\system32\SRU\SRUDB.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/14/2018 07:27:40 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: svchost (3536) SRUJet: An attempt to open the file "C:\Windows\system32\SRU\SRUDB.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (01/14/2018 07:27:30 PM) (Source: ESENT) (EventID: 490) (User: )
    Description: svchost (3536) SRUJet: An attempt to open the file "C:\Windows\system32\SRU\SRUDB.dat" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).


    System errors:
    =============
    Error: (01/15/2018 02:23:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The GMain Services AMD service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (01/15/2018 11:27:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 09:58:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 09:58:20 AM) (Source: TPM) (EventID: 15) (User: )
    Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

    Error: (01/14/2018 09:35:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/14/2018 07:36:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/14/2018 06:20:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/14/2018 12:47:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/14/2018 12:47:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/14/2018 12:47:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The CldFlt service failed to start due to the following error:
    The request is not supported.


    CodeIntegrity:
    ===================================
    Date: 2018-01-10 12:55:27.119
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-01-10 12:50:17.489
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-01-10 12:32:16.369
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-01-10 12:11:49.497
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-01-10 12:11:49.493
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-01-09 18:29:26.217
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-01-04 11:42:25.183
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_4308e967c08942e3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-01-04 11:42:24.745
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-12-31 17:22:13.853
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_4308e967c08942e3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-12-31 17:22:13.539
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
    Percentage of memory in use: 29%
    Total physical RAM: 16179.27 MB
    Available physical RAM: 11407.1 MB
    Total Virtual: 19095.27 MB
    Available Virtual: 14887.25 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.02 GB) (Free:774.77 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DDABDAAF)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  3. ramesh help

    ramesh help Established Techie7 Member

    Fix result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018
    Ran by Home (16-01-2018 10:36:14) Run:5
    Running from C:\Users\Home\Downloads
    Loaded Profiles: Home (Available Profiles: Home)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM\...\Run: [SERVICE] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    GroupPolicy: Restriction <==== ATTENTION
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142018124749912\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
    2017-12-25 00:59 - 2017-12-25 00:59 - 000000043 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
    2017-07-14 19:46 - 2017-07-14 19:46 - 331479536 _____ () C:\Users\Home\AppData\Local\ACCCx4_1_1_202.zip.aamdownload
    2017-07-14 19:46 - 2017-07-14 19:46 - 000003693 _____ () C:\Users\Home\AppData\Local\ACCCx4_1_1_202.zip.aamdownload.aamd
    2018-01-10 12:16 - 2018-01-10 12:16 - 000140800 _____ () C:\Users\Home\AppData\Local\installer.dat
    2017-07-14 06:09 - 2018-01-03 15:50 - 000007582 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2017-07-25 12:45 - 2017-07-25 12:45 - 000000358 _____ () C:\Users\Home\AppData\Local\winconf.pxt
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Task: C:\Windows\Tasks\BcyoMZkjXMgFaPP.job => C:\Program Files (x86)\umkISPBbU\pAicqM.dll
    Task: C:\Windows\Tasks\plaAVjRQXWCDePSecyr.job => C:\Program Files (x86)\aohGTEheqdnWC\fklFQTu.dll
    C:\Program Files (x86)\umkISPBbU
    C:\Program Files (x86)\aohGTEheqdnWC

    *****************

    "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SERVICE" => not found
    "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => not found
    "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    "HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01142018124749912\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION => Error: No automatic fix found for this entry.
    ZAM => service not found.
    C:\Users\Home\AppData\Roaming\WB.CFG => moved successfully
    C:\Users\Home\AppData\Local\ACCCx4_1_1_202.zip.aamdownload => moved successfully
    C:\Users\Home\AppData\Local\ACCCx4_1_1_202.zip.aamdownload.aamd => moved successfully
    C:\Users\Home\AppData\Local\installer.dat => moved successfully
    C:\Users\Home\AppData\Local\Resmon.ResmonCfg => moved successfully
    C:\Users\Home\AppData\Local\winconf.pxt => moved successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key not found
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0TheftProtectionDll => key not found
    HKLM\Software\Classes\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found
    "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
    "C:\Windows\Tasks\BcyoMZkjXMgFaPP.job" => not found
    "C:\Windows\Tasks\plaAVjRQXWCDePSecyr.job" => not found
    "C:\Program Files (x86)\umkISPBbU" => not found
    "C:\Program Files (x86)\aohGTEheqdnWC" => not found


    The system needed a reboot.

    ==== End of Fixlog 10:36:20 ====
     
  4. ramesh help

    ramesh help Established Techie7 Member

    INCASE YOU NEEDED the new log


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018
    Ran by Home (16-01-2018 10:42:34)
    Running from C:\Users\Home\Downloads
    Windows 10 Home Version 1703 15063.850 (X64) (2017-03-18 12:08:04)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3128490503-3481064576-2182703944-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3128490503-3481064576-2182703944-503 - Limited - Disabled)
    Guest (S-1-5-21-3128490503-3481064576-2182703944-501 - Limited - Disabled)
    Home (S-1-5-21-3128490503-3481064576-2182703944-1001 - Administrator - Enabled) => C:\Users\Home

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
    Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
    Adobe Flash Plugins (HKLM\...\Adobe Flash Player) (Version: 26.0.0.131 - oszone.net)
    Adobe Photoshop CC 2015.5 (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF02}) (Version: 17.0 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CalMAN RGB (HKLM-x32\...\{a69b63b0-da55-4fc6-abb7-831e1e8686ad}) (Version: 5.8.1.31 - Portrait Displays, Inc) Hidden
    Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
    CR2 Converter (HKLM-x32\...\{775F32A5-7BA0-4717-89D0-32B3EC25B2C9}_is1) (Version: - cr2converter.com)
    DriverPack Notifier (HKLM-x32\...\DriverPack Notifier) (Version: 17.7.52+patch.11 - DriverPack Solution)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Imagenomic Portraiture 3 Plug-in (build 3027) (HKLM\...\Portraiture 3_is1) (Version: 3027 - Team V.R)
    inSSIDer 4 (HKLM-x32\...\{657B6478-2821-4A70-8FB7-996B5611964C}) (Version: 4.2.2.16 - MetaGeek, LLC)
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4877 - Intel Corporation)
    Intel® Integrated Sensor Solution (HKLM-x32\...\{b3782b53-1b6c-436a-b0f0-f65d83ae74d9}) (Version: 3.0.30.1119 - Intel Corporation)
    ISS_Drivers_x64 (HKLM\...\{6F91DCD1-30DB-449C-AE79-6948BEB15825}) (Version: 3.0.30.1119 - Intel Corporation) Hidden
    iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
    Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
    Logitech Options (HKLM\...\LogiOptions) (Version: 6.72.344 - Logitech)
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
    Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9179.0 - Waves Audio Ltd.) Hidden
    Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
    NVIDIA Graphics Driver 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    NVIDIA Update 23.23.30.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 23.23.30.0 - NVIDIA Corporation)
    Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Plagiarism Checker X (HKLM-x32\...\{B23E0CBF-D5F6-4682-99A0-A32C6FD93B5B}) (Version: 5.1.4 - Plagiarism Checker X, LLC) Hidden
    Plagiarism Checker X (HKLM-x32\...\Plagiarism Checker X 5.1.4) (Version: 5.1.4 - Plagiarism Checker X, LLC)
    qBittorrent 4.0.3 (HKLM-x32\...\qBittorrent) (Version: 4.0.3 - The qBittorrent project)
    QuickGamma 4.0.0.2 (HKLM-x32\...\QuickGamma_is1) (Version: 4.0.0.2 - Eberhard Werle)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8323 - Realtek Semiconductor Corp.)
    Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.16299.11312 - Realtek Semiconductor Corp.)
    RogueKiller version 12.11.32.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.32.0 - Adlice Software)
    SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
    SpectraCal C3 Drivers (HKLM-x32\...\{7B906F27-3A5E-40FB-8784-A9D3EF2A3D7B}) (Version: 1.0.0.2 - Portrait Displays, Inc)
    Syncios Data Transfer 1.6.2 (HKLM-x32\...\{6C4BB520-3416-4D67-B7EA-A9FF6662345F}_is1) (Version: 1.6.2 - Anvsoft, Inc.)
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1F3E59DD-7DCE-4103-9528-57DA43134312}) (Version: 2.9.0.0 - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3128490503-3481064576-2182703944-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
    ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-19] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-19] (Alexander Roshal)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7b7c820d186f8dec\igfxDTCM.dll [2017-12-11] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
    ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-19] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-19] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0EE83E87-D115-40C1-8BB2-79A3A2010273} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
    Task: {3FACB1A5-BF9C-46B0-9FAA-8BF50BFA2B07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
    Task: {4B819D3C-E8C8-46D5-A381-3AC0EF2B14D6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
    Task: {4DE7781C-030C-499C-A597-D11DCB7E45CC} - System32\Tasks\DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [2015-12-18] ()
    Task: {5CE6DA7E-9190-4E17-923C-E28B916732F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
    Task: {62153E1A-1E48-4FFD-89FF-FF18F3682009} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
    Task: {769BE428-79FD-436D-B513-9FA7ACFB24F9} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
    Task: {7D27993D-3B6C-45ED-AC42-B830EA8A74DE} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-12-14] (Realtek Semiconductor)
    Task: {947B5735-D72C-4505-A3C4-9E6F09744DC7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
    Task: {A3BFAC34-04D6-4A5A-AD2C-F6DF90EC84F2} - \Update for Yandex Browser -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
    Task: C:\Windows\Tasks\Update for Yandex Browser .job => C:\Users\Home\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-03-19 04:58 - 2017-03-19 04:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
    2017-12-23 22:24 - 2017-12-06 12:24 - 002873688 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libglesv2.dll
    2017-12-23 22:24 - 2017-12-06 12:24 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-03-19 05:03 - 2018-01-10 12:15 - 000001320 _____ C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 cpm.paneladmin.pro
    127.0.0.1 publisher.hmdiadmingate.xyz
    127.0.0.1 hmdicrewtracksystem.xyz
    127.0.0.1 mydownloaddomain.com
    127.0.0.1 linkmate.space
    127.0.0.1 space1.adminpressure.space
    127.0.0.1 trackpressure.website
    127.0.0.1 doctorlink.space
    127.0.0.1 plugpackdownload.net
    127.0.0.1 texttotalk.org
    127.0.0.1 gambling577.xyz
    127.0.0.1 htagdownload.space
    127.0.0.1 mybcnmonetize.com
    127.0.0.1 360devtraking.website
    127.0.0.1 dscdn.pw
    127.0.0.1 bcnmonetize.go2affise.com
    127.0.0.1 beautifllink.xyz

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 8.8.8.8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\Services: !SASCORE => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AGSService => 2
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: gservice.exe => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\Services: WsAppService => 2
    MSCONFIG\startupreg: Acrotray.exe => :"C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
    MSCONFIG\startupreg: iTunesHelper.exe => :"C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: jusched.exe => :"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: jv16pt_PreWorker2.exe => "C:\Program Files (x86)\jv16 PowerTools 2017\jv16pt_PreWorker2.exe" /SysStartupCheck /PT:"C:\Program Files (x86)\jv16 PowerTools 2017\"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\...\StartupApproved\Run: => "11f86284"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9542C8AF-A202-4090-B62E-85858490B6A7}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{A11F7D9F-62CD-4441-AC74-3A0FC3CFCC4D}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{15CD99D4-DF32-44CA-865C-D1B1D7DB5636}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{59A605D8-C085-4239-9DAE-08003EA512EC}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C7D0D5FD-B0F2-47D7-BB29-2133CD49D754}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{16D6C9C3-E743-4067-9365-59843C988E90}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{AA068812-7F31-4F85-A4C6-6BE780EBA4C3}] => (Allow) C:\Windows\explorer.exe
    FirewallRules: [{03CC437B-8AA9-434B-BFFE-C0D93E3C1770}] => (Allow) C:\Windows\system32\rundll32.exe
    FirewallRules: [{72531044-EFE8-47C5-961D-129A06EE4FB0}] => (Allow) C:\Windows\explorer.exe
    FirewallRules: [{FDF057F4-FD20-4537-9E75-AF1039E35983}] => (Allow) %APPDATA%\uTorrent\uTorrent.exe
    FirewallRules: [{E90BD0F5-7387-472D-BF31-8341DBB84F34}] => (Allow) %APPDATA%\uTorrent\uTorrent.exe
    FirewallRules: [{4051956F-062F-4857-998A-E6115E18FBF1}] => (Block) C:\Windows\systemapps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    FirewallRules: [{F519264F-4B8D-4DF9-948F-B3C2F129C7A6}] => (Block) C:\Windows\systemapps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe
    FirewallRules: [{73BEE30A-524B-4A1A-BC90-6D1D21A37AE3}] => (Allow) C:\Program Files (x86)\PlagiarismCheckerX\Plagiarism Checker X.exe
    FirewallRules: [{C2696103-3D7B-499F-A203-A2839ACDAD84}] => (Allow) C:\Program Files (x86)\PlagiarismCheckerX\Update.exe
    FirewallRules: [{8D5A9A95-C417-44A8-B694-9111DDB063C6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{48196FF5-E2D8-42D3-8DC1-0FEB6DF4ADC3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{B1636E57-E9E7-45C4-A198-5B1C1372304D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{E242D8CC-79F8-4BA6-8A32-C4A3FD0CD8A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{206A96BA-EA9B-4F5A-8901-E54738101CD9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{C6CADB54-17C3-4640-AAF9-0608262AA132}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
    FirewallRules: [UDP Query User{0FB761A2-635E-4DDC-934A-3913395DE3C6}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
    FirewallRules: [{5084B41C-12F5-4CC4-B23C-725C9D56AD28}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
    FirewallRules: [{D9D2A184-38A6-47A5-B5CF-1419DC40164A}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
    FirewallRules: [{934A5DD3-46C3-4810-BDE5-9FD3852DC9FA}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
    FirewallRules: [{13250E6E-E3B8-43FF-863C-F90EFDA10058}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{D2CC57E1-12AE-4BB4-AE9D-C776668A7976}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{26D0804E-049E-473B-A8B7-BDA1BB7633E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B3BEDF1F-35E5-4BDB-A8E3-2CEF53BA8DE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{48BD8C6D-676D-4A65-8B5E-3EE90107DB36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{33D47129-48AE-446E-B7FA-02919D9D24F1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{31AD12F9-FB16-471F-9882-887F28786D3E}] => (Allow) C:\Program Files (x86)\AnvSoft\Syncios Data Transfer\SynciosTransfer.exe
    FirewallRules: [{C5057683-4008-4977-AE80-ADDB014B9C81}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
    FirewallRules: [{8DF18EB0-103C-497F-8B9B-A3F893B8E6B7}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
    FirewallRules: [{52ED50F4-5E4D-488F-85A5-DEF2C7CCE28C}] => (Allow) C:\Windows\System32\rundll32.exe
    FirewallRules: [{CDDC7553-D55C-4530-813A-668FE2E20C44}] => (Allow) C:\Windows\System32\rundll32.exe
    FirewallRules: [{4B6B5652-1D62-4196-96F3-3BAFBFD1E135}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE
    FirewallRules: [{6A6D1E41-97BE-4D12-A2AE-B7EA44B186E5}] => (Allow) C:\Users\Home\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

    ==================== Restore Points =========================

    10-01-2018 15:50:03 Windows Update
    10-01-2018 16:41:31 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    10-01-2018 16:42:03 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    10-01-2018 16:43:57 Installed OpenOffice 4.1.5
    10-01-2018 19:06:36 Removed OpenOffice 4.1.5
    14-01-2018 11:19:34 Windows Update
    15-01-2018 14:22:49 Removed Main Services

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/15/2018 04:21:42 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (01/15/2018 04:20:51 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (01/15/2018 04:16:09 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (01/15/2018 02:50:42 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (01/15/2018 02:47:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORKMACHINE)
    Description: Activation of application Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (01/15/2018 02:44:40 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (01/15/2018 02:43:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

    System Error:
    The system cannot find the file specified.
    .

    Error: (01/15/2018 02:22:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

    System Error:
    The system cannot find the file specified.
    .

    Error: (01/14/2018 09:35:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 620953

    Error: (01/14/2018 09:35:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 620953


    System errors:
    =============
    Error: (01/16/2018 10:37:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/16/2018 10:37:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/16/2018 10:37:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The CldFlt service failed to start due to the following error:
    The request is not supported.

    Error: (01/16/2018 10:37:22 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
    Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

    Error: (01/16/2018 10:36:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (01/16/2018 09:41:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/16/2018 09:41:12 AM) (Source: TPM) (EventID: 15) (User: )
    Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

    Error: (01/15/2018 11:50:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 04:51:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/15/2018 04:51:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    CodeIntegrity:
    ===================================
    Date: 2018-01-10 12:55:27.119
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-01-10 12:50:17.489
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-01-10 12:32:16.369
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-01-10 12:11:49.497
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-01-10 12:11:49.493
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-01-09 18:29:26.217
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-01-04 11:42:25.183
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_4308e967c08942e3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-01-04 11:42:24.745
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-12-31 17:22:13.853
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_4308e967c08942e3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-12-31 17:22:13.539
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
    Percentage of memory in use: 18%
    Total physical RAM: 16179.27 MB
    Available physical RAM: 13247.66 MB
    Total Virtual: 19095.27 MB
    Available Virtual: 16012.62 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.02 GB) (Free:754.24 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DDABDAAF)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  5. ramesh help

    ramesh help Established Techie7 Member

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2018
    Ran by Home (administrator) on WORKMACHINE (16-01-2018 10:40:37)
    Running from C:\Users\Home\Downloads
    Loaded Profiles: Home (Available Profiles: Home)
    Platform: Windows 10 Home Version 1703 15063.850 (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7b7c820d186f8dec\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7b7c820d186f8dec\IntelCpHDCPSvc.exe
    (Microsoft Corporation) C:\Windows\System32\Locator.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7b7c820d186f8dec\IntelCpHeciSvc.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7b7c820d186f8dec\igfxEM.exe
    (Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
    (Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
    (Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2142328 2017-12-19] (Logitech, Inc.)
    HKLM\...\Run: [jv16 PT 2017 (System Startup Check)] => "C:\Program Files (x86)\jv16 PowerTools 2017\jv16pt_PreWorker2.exe" /SysStartupCheck /PT:"C:\Program Files (x86)\jv16 PowerTools 2017\"
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [DriverPack Notifier] => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [258560 2015-12-18] ()
    HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKLM\...\Policies\Explorer: [NoResolveSearch] 1
    HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\logon.scr
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-01-15]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled [2018-01-15] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\Parameters: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{2932496d-0bdb-11e7-a8ba-806e6f6e6963}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{2eed2ca6-62ae-4832-a2bc-797af511b181}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{3e8cd711-8c03-4497-b0a3-96439e127060}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{3e8cd711-8c03-4497-b0a3-96439e127060}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{89c7d9d2-b82d-4b12-a174-010c1c2aee99}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{be34f7d1-1aa2-4b2b-ba63-83fc4ecd66c2}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{e5f548e5-804e-4ae0-843c-b0a104b797ae}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{ecc22f3c-39b8-4d25-8211-9310c4b0ac91}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{ecc22f3c-39b8-4d25-8211-9310c4b0ac91}: [DhcpNameServer] 8.8.8.8

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2018-01-10] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2018-01-10] (Oracle Corporation)
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
    FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-01-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-01-10] (Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-24] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-24] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-28] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)

    Chrome:
    =======
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2018-01-16]
    CHR Extension: (UROverview) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdamgkgchnbaopmphhjapmjcdghdphi [2018-01-09]
    CHR Extension: (Adblock Plus) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-14]
    CHR Extension: (Tampermonkey) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-10-08]
    CHR Extension: (WME JNF) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhnjmbmlldgfomcdmflifibpappdadcm [2017-11-24]
    CHR Extension: (Ads Blocker for Facebook ™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgjckeibmdfndlflobjhddhmemajjld [2017-12-24]
    CHR Extension: (WME Route Checker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjnhelaghhdbglpieidncdppchpnlfh [2017-09-14]
    CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-24]
    CHR Extension: (Lazada Price Tracker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbffioiakemflkglioiijpfddgahchaf [2018-01-10]
    CHR Extension: (Video Adblocker for Youtube™ Extension) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2017-11-24]
    CHR Extension: (Social Fixer for Facebook) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-12-25]
    CHR Extension: (WME Toolbox) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebciailciabdiknfomleeccodkdejn [2017-12-24]
    CHR Extension: (WME Color Highlights) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijnldkoicbhinlgnoigchihmegdjobjc [2017-07-28]
    CHR Extension: (Waze - Google Maps™ link) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblojdkgpamepmiammlgkkhknojnlmai [2017-08-20]
    CHR Extension: (Torrentz2 Magnet Links +) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldknhpjddofdohocbhakahagoepainmo [2017-12-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
    CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-24]
    CHR Extension: (RightToCopy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmcimdddlobkphnofejmeidjblideca [2018-01-04]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
    R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-09] (Intel Corporation)
    R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [542392 2017-11-06] (Intel Corporation)
    S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324544 2017-12-14] (Realtek Semiconductor)
    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-27] (TeamViewer GmbH)
    R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [592776 2017-05-08] (Waves Audio Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
    S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492256 2017-06-14] (Wondershare)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
    R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [74144 2017-11-09] (Intel Corporation)
    R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [69536 2017-11-09] (Intel Corporation)
    R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [382880 2017-11-09] (Intel Corporation)
    R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [54816 2016-10-28] (Intel Corporation)
    R3 HID_PCI; C:\Windows\System32\drivers\HID_PCI.sys [31328 2016-08-10] (Intel)
    R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [98976 2017-06-28] (Intel Corporation)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [132104 2017-11-06] (Intel Corporation)
    R3 ISH; C:\Windows\System32\drivers\ISH.sys [143984 2016-09-20] (Intel)
    R3 ISH_BusDriver; C:\Windows\System32\drivers\ISH_BusDriver.sys [80496 2016-08-18] (Intel)
    R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-10] (Malwarebytes)
    R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7638536 2017-10-30] (Intel Corporation)
    R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_4308e967c08942e3\nvlddmkm.sys [17028552 2017-12-19] (NVIDIA Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3237312 2017-12-20] (Realtek Semiconductor Corp.)
    S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
    S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
    R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [42000 2017-01-12] (Intel Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
    R2 WinDivert1.2; C:\Windows\system32\drivers\WinDivert64.sys [37552 2018-01-10] (Basil)
    U4 diagtrack; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    Error(1) reading file: "C:\Windows\System32\Tasks\Update for Yandex Browser "
    2018-01-15 16:44 - 2018-01-15 16:45 - 081633120 _____ (Logitech Inc.) C:\Users\Home\Downloads\SetPoint6.67.83_64.exe
    2018-01-15 16:28 - 2018-01-15 16:28 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
    2018-01-15 16:27 - 2018-01-15 16:27 - 000000000 ____D C:\Windows\pss
    2018-01-15 16:24 - 2018-01-15 16:24 - 000000005 _____ C:\Users\Home\.node_repl_history
    2018-01-15 16:20 - 2018-01-16 10:37 - 000000416 _____ C:\Windows\Tasks\Update for Yandex Browser .job
    2018-01-15 16:16 - 2018-01-15 16:51 - 000000000 ____D C:\Windows\LastGood
    2018-01-15 16:15 - 2018-01-15 16:16 - 000000000 ____D C:\Users\Home\AppData\Roaming\DriverPack Notifier
    2018-01-15 16:15 - 2018-01-15 16:15 - 000003546 _____ C:\Windows\System32\Tasks\DriverPack Notifier
    2018-01-15 16:15 - 2018-01-15 16:15 - 000000000 ____D C:\Users\Home\AppData\Roaming\Yandex
    2018-01-15 16:15 - 2018-01-15 16:15 - 000000000 ____D C:\Users\Home\AppData\Local\Yandex
    2018-01-15 16:15 - 2018-01-15 16:15 - 000000000 ____D C:\Program Files (x86)\DriverPack Notifier
    2018-01-15 16:11 - 2018-01-15 16:48 - 000000000 ____D C:\Users\Home\AppData\Roaming\DRPSu
    2018-01-15 16:08 - 2018-01-15 16:08 - 000000000 ____D C:\Users\Home\AppData\Roaming\Logitech
    2018-01-15 16:06 - 2018-01-15 16:06 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
    2018-01-15 15:58 - 2018-01-15 15:58 - 153191304 _____ (Logitech Inc.) C:\Users\Home\Downloads\Options_6.72.344 (1).exe
    2018-01-15 15:57 - 2018-01-15 15:57 - 004147600 _____ ($Co_Name Inc.) C:\Users\Home\Downloads\unifying250.exe
    2018-01-15 15:57 - 2018-01-15 15:57 - 001115912 _____ (Logitech Inc.) C:\Users\Home\Downloads\ConnectUtility_2.20.28_Logitech.exe
    2018-01-15 15:53 - 2018-01-15 15:53 - 000000000 ____D C:\Windows\LastGood.Tmp
    2018-01-15 14:43 - 2018-01-15 14:43 - 000000020 ___SH C:\Users\Home\AppData\Roaming\Programs8187ConfigDB.dat
    2018-01-15 14:43 - 2018-01-15 14:43 - 000000020 ___SH C:\Users\Home\AppData\Roaming\1816CA7466166.ind
    2018-01-15 14:42 - 2018-01-15 15:40 - 000000000 ____D C:\Program Files (x86)\jv16 PowerTools 2017
    2018-01-15 14:41 - 2018-01-16 10:36 - 000004102 _____ C:\Users\Home\Downloads\Fixlog.txt
    2018-01-15 14:37 - 2018-01-15 14:38 - 008728280 _____ C:\Users\Home\Downloads\jv16pt_setup.exe
    2018-01-15 14:34 - 2018-01-15 14:34 - 000074867 _____ C:\Users\Home\Downloads\whatinstartup-x64.zip
    2018-01-15 14:34 - 2018-01-15 14:34 - 000071487 _____ C:\Users\Home\Downloads\serviwin-x64.zip
    2018-01-15 14:19 - 2018-01-16 10:41 - 000019466 _____ C:\Users\Home\Downloads\FRST.txt
    2018-01-15 14:19 - 2018-01-15 14:24 - 000036771 _____ C:\Users\Home\Downloads\Addition.txt
    2018-01-15 12:17 - 2018-01-16 10:40 - 000000000 ____D C:\FRST
    2018-01-15 12:17 - 2018-01-15 12:17 - 002393088 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
    2018-01-14 19:41 - 2018-01-14 19:50 - 000000000 ____D C:\Users\Home\AppData\Roaming\FreeFixer
    2018-01-14 19:41 - 2018-01-14 19:50 - 000000000 ____D C:\Users\Home\AppData\Local\FreeFixer
    2018-01-14 19:41 - 2018-01-14 19:50 - 000000000 ____D C:\Program Files\FreeFixer
    2018-01-14 19:40 - 2018-01-14 19:40 - 002736190 _____ (Kephyr) C:\Users\Home\Downloads\freefixersetup.exe
    2018-01-14 19:34 - 2018-01-14 19:34 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2018-01-14 19:33 - 2018-01-14 19:34 - 031622688 _____ (SUPERAntiSpyware) C:\Users\Home\Downloads\SUPERAntiSpyware.exe
    2018-01-14 19:26 - 2018-01-14 19:26 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Home\Downloads\rkill.exe
    2018-01-14 19:20 - 2018-01-14 19:26 - 744487671 _____ C:\Users\Home\Desktop\www.TamilRockers.st - Annadurai (2017)[HDRip - x264 - 700MB - Tamil].mkv
    2018-01-14 19:01 - 2018-01-15 14:31 - 000234445 _____ C:\Windows\ZAM_Guard.krnl.trace
    2018-01-14 19:01 - 2018-01-14 19:36 - 000231206 _____ C:\Windows\ZAM.krnl.trace
    2018-01-14 19:00 - 2018-01-14 19:00 - 006625600 _____ (Zemana Ltd. ) C:\Users\Home\Downloads\Zemana.AntiMalware.Setup.exe
    2018-01-14 18:59 - 2018-01-14 18:59 - 008198432 _____ (Malwarebytes) C:\Users\Home\Downloads\adwcleaner_7.0.6.0 (1).exe
    2018-01-14 18:51 - 2018-01-14 18:57 - 742894207 _____ C:\Users\Home\Desktop\www.TamilRockers.st - Sakka Podu Podu Raja (2017)[HDRip - x264 - 700MB - ESubs - Tamil].mkv
    2018-01-14 18:51 - 2018-01-14 18:51 - 000014844 _____ C:\Users\Home\Downloads\www.TamilRockers.st - Sakka Podu Podu Raja (2017)HDRip - x264 - 700MB - ESubs - Tamil.mkv.torrent
    2018-01-14 18:50 - 2018-01-14 18:50 - 000014324 _____ C:\Users\Home\Downloads\www.TamilRockers.st - Spyder (2017) Tamil HDRip x264 700MB.mkv.torrent
    2018-01-14 16:34 - 2018-01-14 16:34 - 004288071 _____ C:\Users\Home\Downloads\MGT5000_S3_2017_Ramesh_Kasi.docx.pdf
    2018-01-14 14:38 - 2018-01-14 14:38 - 000000000 ____D C:\Users\Home\AppData\Local\SolidDocuments
    2018-01-14 14:09 - 2018-01-14 14:12 - 810299834 _____ C:\Users\Home\Downloads\IZOFILE.COM - Adobe Acrobat Pro DC 2018.009.20044.rar
    2018-01-14 14:08 - 2018-01-14 14:08 - 000586327 _____ ( ) C:\Users\Home\Downloads\Adobe_Acrobat_Pro_Dc_18.009.20050_Crack_2018.exe
    2018-01-14 14:08 - 2018-01-14 14:08 - 000045110 _____ C:\Users\Home\Downloads\Adobe_Acrobat_Pro_DC_2018_Crack.xht
    2018-01-14 14:05 - 2018-01-14 14:05 - 000045111 _____ C:\Users\Home\Downloads\Adobe_Acrobat_Pro_DC_Crack.xht
    2018-01-14 14:05 - 2018-01-14 14:05 - 000023867 _____ C:\Users\Home\Downloads\adobe-acrobat-pro-dc-crack.xht
    2018-01-14 12:53 - 2018-01-14 19:01 - 000000000 ____D C:\AdwCleaner
    2018-01-14 12:50 - 2018-01-14 12:51 - 008198432 _____ (Malwarebytes) C:\Users\Home\Downloads\adwcleaner_7.0.6.0.exe
    2018-01-14 12:49 - 2018-01-14 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2018-01-14 12:49 - 2018-01-14 12:49 - 000000000 ____D C:\Program Files\RogueKiller
    2018-01-14 12:42 - 2018-01-14 12:42 - 033463072 _____ (Adlice Software ) C:\Users\Home\Downloads\setup.exe
    2018-01-14 11:54 - 2018-01-15 16:08 - 000000000 ____D C:\Users\Home\AppData\Roaming\Logishrd
    2018-01-14 11:54 - 2018-01-15 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2018-01-14 11:53 - 2018-01-15 16:06 - 000000000 ____D C:\ProgramData\Logishrd
    2018-01-14 11:53 - 2018-01-14 11:53 - 000000000 ____D C:\Program Files\Logitech
    2018-01-14 11:20 - 2018-01-14 11:30 - 000000000 ____D C:\Program Files\rempl
    2018-01-14 11:17 - 2018-01-14 11:24 - 153191304 _____ (Logitech Inc.) C:\Users\Home\Downloads\Options_6.72.344.exe
    2018-01-10 18:58 - 2018-01-10 18:58 - 000037561 _____ C:\Users\Home\Downloads\1027637329.pdf
    2018-01-10 18:44 - 2018-01-10 18:44 - 000057410 _____ C:\Users\Home\Downloads\KASIK.L.PALANIAPPAN.pdf
    2018-01-10 16:47 - 2018-01-10 16:47 - 000000000 ____D C:\Users\Home\AppData\Roaming\OpenOffice
    2018-01-10 16:41 - 2018-01-10 16:41 - 000000000 ____D C:\Users\Home\Desktop\OpenOffice 4.1.5 (en-US) Installation Files
    2018-01-10 16:37 - 2018-01-10 16:38 - 140756235 _____ C:\Users\Home\Downloads\Apache_OpenOffice_4.1.5_Win_x86_install_en-US.exe
    2018-01-10 16:36 - 2018-01-10 16:36 - 000157455 _____ C:\Users\Home\Downloads\competition_rejection 2018-01-10.csv
    2018-01-10 16:03 - 2018-01-10 16:03 - 003022784 _____ C:\Users\Home\Downloads\finance.export.payout 2018-01-10.csv
    2018-01-10 15:23 - 2018-01-10 15:23 - 000003654 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
    2018-01-10 15:23 - 2018-01-10 15:23 - 000001358 _____ C:\DelFix.txt
    2018-01-10 15:23 - 2018-01-10 15:23 - 000000000 ____D C:\Windows\ERUNT
    2018-01-10 14:05 - 2018-01-10 14:05 - 001852992 _____ (Oracle Corporation) C:\Users\Home\Downloads\JavaSetup8u151.exe
    2018-01-10 12:49 - 2018-01-14 12:50 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2018-01-10 12:49 - 2018-01-10 15:22 - 000000000 ____D C:\ProgramData\RogueKiller
    2018-01-10 12:32 - 2018-01-10 13:49 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2018-01-10 12:32 - 2018-01-10 12:32 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-01-10 12:32 - 2018-01-10 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-01-10 12:31 - 2018-01-10 12:55 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
    2018-01-10 12:31 - 2018-01-10 12:31 - 083316440 _____ (Malwarebytes ) C:\Users\Home\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
    2018-01-10 12:31 - 2018-01-10 12:31 - 000000000 ____D C:\ProgramData\Malwarebytes
    2018-01-10 12:31 - 2018-01-10 12:31 - 000000000 ____D C:\Program Files\Malwarebytes
    2018-01-10 12:29 - 2018-01-10 12:43 - 000000000 ____D C:\Users\Home\AppData\Roaming\herfhhze0fk
    2018-01-10 12:28 - 2018-01-10 12:28 - 000000000 ____D C:\ProgramData\System Native
    2018-01-10 12:26 - 2018-01-10 12:26 - 000003621 _____ C:\Users\Public\Desktop\R@1n.txt
    2018-01-10 12:26 - 2018-01-10 12:26 - 000000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
    2018-01-10 12:26 - 2018-01-10 12:26 - 000000000 ____D C:\Users\Home\AppData\Local\mpress
    2018-01-10 12:25 - 2018-01-10 12:25 - 000004096 _____ C:\Windows\KMS-R@1nHook.dll
    2018-01-10 12:17 - 2018-01-10 12:17 - 000037552 _____ (Basil) C:\Windows\system32\Drivers\WinDivert64.sys
    2018-01-10 12:16 - 2018-01-10 13:45 - 000000000 ____D C:\Disk
    2018-01-10 12:16 - 2018-01-10 12:43 - 000000000 ____D C:\Users\Home\AppData\Roaming\ka10kqmgpts
    2018-01-10 12:16 - 2018-01-10 12:16 - 000000000 ____D C:\Windat
    2018-01-10 12:15 - 2018-01-10 12:43 - 000000000 ____D C:\Program Files (x86)\Multitimer
    2018-01-10 12:14 - 2018-01-16 10:37 - 000000008 __RSH C:\ProgramData\ntuser.pol
    2018-01-10 12:14 - 2018-01-10 12:38 - 000000000 ____D C:\WinSys
    2018-01-10 12:14 - 2018-01-10 12:38 - 000000000 ____D C:\Applications
    2018-01-10 12:14 - 2018-01-10 12:14 - 000000000 ____D C:\Users\Home\AppData\Roaming\System Native
    2018-01-10 12:14 - 2018-01-10 12:14 - 000000000 ____D C:\Program Files (x86)\System Native
    2018-01-10 12:12 - 2018-01-10 12:41 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.2 Final
    2018-01-09 11:17 - 2018-01-09 11:17 - 000000000 ____D C:\Users\Home\Downloads\temp
    2018-01-09 11:16 - 2018-01-14 19:26 - 000000000 ____D C:\Users\Home\Desktop\torrent incomplete
    2018-01-09 11:01 - 2018-01-09 11:05 - 000000000 ____D C:\Users\Home\Downloads\Ferdinand 2017
    2018-01-08 20:54 - 2018-01-08 20:54 - 000037171 _____ C:\Windows\uninstaller.dat
    2018-01-08 10:33 - 2018-01-15 14:44 - 000000000 ____D C:\Users\Home\AppData\Roaming\qBittorrent
    2018-01-08 10:33 - 2018-01-08 10:33 - 000000000 ____D C:\Users\Home\AppData\Local\qBittorrent
    2018-01-08 10:33 - 2018-01-08 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
    2018-01-08 10:33 - 2018-01-08 10:33 - 000000000 ____D C:\Program Files (x86)\qBittorrent
    2018-01-07 16:48 - 2018-01-07 17:08 - 000001855 _____ C:\Users\Home\Desktop\dsfsdfdsfd.txt
    2018-01-07 10:53 - 2018-01-01 14:03 - 000891904 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
    2018-01-07 10:53 - 2018-01-01 10:27 - 000074648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
    2018-01-07 10:53 - 2018-01-01 10:26 - 000107416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
    2018-01-07 10:53 - 2018-01-01 10:24 - 000135576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2018-01-07 10:53 - 2018-01-01 10:24 - 000102808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
    2018-01-07 10:53 - 2018-01-01 10:24 - 000052632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys
    2018-01-07 10:53 - 2018-01-01 10:22 - 001239448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2018-01-07 10:53 - 2018-01-01 10:22 - 001194784 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-01-07 10:53 - 2018-01-01 10:22 - 000181912 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2018-01-07 10:53 - 2018-01-01 10:22 - 000119704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2018-01-07 10:53 - 2018-01-01 10:21 - 000587160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
    2018-01-07 10:53 - 2018-01-01 10:20 - 000036760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys
    2018-01-07 10:53 - 2018-01-01 10:19 - 000730008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2018-01-07 10:53 - 2018-01-01 10:19 - 000164760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
    2018-01-07 10:53 - 2018-01-01 10:19 - 000047512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys
    2018-01-07 10:53 - 2018-01-01 10:19 - 000027456 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
    2018-01-07 10:53 - 2018-01-01 10:18 - 000110600 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
    2018-01-07 10:53 - 2018-01-01 10:18 - 000057752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
    2018-01-07 10:53 - 2018-01-01 10:16 - 002672024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2018-01-07 10:53 - 2018-01-01 10:16 - 000610712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2018-01-07 10:53 - 2018-01-01 10:15 - 000083352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
    2018-01-07 10:53 - 2018-01-01 10:09 - 000070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WindowsTrustedRT.sys
    2018-01-07 10:53 - 2018-01-01 10:07 - 000583688 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_win.dll
    2018-01-07 10:53 - 2018-01-01 10:03 - 000627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
    2018-01-07 10:53 - 2018-01-01 10:03 - 000311704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2018-01-07 10:53 - 2018-01-01 09:52 - 000195768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
    2018-01-07 10:53 - 2018-01-01 09:50 - 000787704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2018-01-07 10:53 - 2018-01-01 09:49 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
    2018-01-07 10:53 - 2018-01-01 09:48 - 005828768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
    2018-01-07 10:53 - 2018-01-01 09:48 - 002167320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2018-01-07 10:53 - 2018-01-01 09:48 - 000073896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wwapi.dll
    2018-01-07 10:53 - 2018-01-01 09:47 - 001998416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2018-01-07 10:53 - 2018-01-01 09:47 - 000433888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
    2018-01-07 10:53 - 2018-01-01 09:47 - 000186520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
    2018-01-07 10:53 - 2018-01-01 09:47 - 000016592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshhyperv.dll
    2018-01-07 10:53 - 2018-01-01 09:46 - 000702032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2018-01-07 10:53 - 2018-01-01 09:46 - 000087352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
    2018-01-07 10:53 - 2018-01-01 09:45 - 020374424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2018-01-07 10:53 - 2018-01-01 09:45 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2018-01-07 10:53 - 2018-01-01 09:43 - 000558080 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2018-01-07 10:53 - 2018-01-01 09:42 - 000480912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2018-01-07 10:53 - 2018-01-01 09:42 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
    2018-01-07 10:53 - 2018-01-01 09:41 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenanceClient.dll
    2018-01-07 10:53 - 2018-01-01 09:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmgid.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
    2018-01-07 10:53 - 2018-01-01 09:40 - 000130560 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
    2018-01-07 10:53 - 2018-01-01 09:40 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storqosflt.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Synth3dVsc.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
    2018-01-07 10:53 - 2018-01-01 09:40 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dmvsc.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RfxVmt.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerSvc.dll
    2018-01-07 10:53 - 2018-01-01 09:39 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
    2018-01-07 10:53 - 2018-01-01 09:39 - 000204800 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
    2018-01-07 10:53 - 2018-01-01 09:39 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
    2018-01-07 10:53 - 2018-01-01 09:38 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
    2018-01-07 10:53 - 2018-01-01 09:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2018-01-07 10:53 - 2018-01-01 09:38 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
    2018-01-07 10:53 - 2018-01-01 09:38 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
    2018-01-07 10:53 - 2018-01-01 09:37 - 002953216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
    2018-01-07 10:53 - 2018-01-01 09:37 - 000473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2018-01-07 10:53 - 2018-01-01 09:37 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2018-01-07 10:53 - 2018-01-01 09:37 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2018-01-07 10:53 - 2018-01-01 09:37 - 000038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2018-01-07 10:53 - 2018-01-01 09:36 - 000548864 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
    2018-01-07 10:53 - 2018-01-01 09:36 - 000328704 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
    2018-01-07 10:53 - 2018-01-01 09:36 - 000209920 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
    2018-01-07 10:53 - 2018-01-01 09:35 - 000421888 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
    2018-01-07 10:53 - 2018-01-01 09:35 - 000343040 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
    2018-01-07 10:53 - 2018-01-01 09:35 - 000060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
    2018-01-07 10:53 - 2018-01-01 09:35 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
    2018-01-07 10:53 - 2018-01-01 09:35 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\virtdisk.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000203264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tetheringclient.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2018-01-07 10:53 - 2018-01-01 09:33 - 001627648 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
    2018-01-07 10:53 - 2018-01-01 09:33 - 001177600 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
    2018-01-07 10:53 - 2018-01-01 09:33 - 000175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
    2018-01-07 10:53 - 2018-01-01 09:33 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2018-01-07 10:53 - 2018-01-01 09:33 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssdpapi.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 001094656 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2018-01-07 10:53 - 2018-01-01 09:32 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
    2018-01-07 10:53 - 2018-01-01 09:32 - 000099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\keyiso.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3dlg.dll
    2018-01-07 10:53 - 2018-01-01 09:31 - 000934912 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2018-01-07 10:53 - 2018-01-01 09:31 - 000757760 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
    2018-01-07 10:53 - 2018-01-01 09:31 - 000370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
    2018-01-07 10:53 - 2018-01-01 09:31 - 000242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2018-01-07 10:53 - 2018-01-01 09:31 - 000232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppLockerCSP.dll
    2018-01-07 10:53 - 2018-01-01 09:31 - 000173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
    2018-01-07 10:53 - 2018-01-01 09:30 - 020514304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
    2018-01-07 10:53 - 2018-01-01 09:30 - 019337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2018-01-07 10:53 - 2018-01-01 09:30 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2018-01-07 10:53 - 2018-01-01 09:30 - 000432640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
    2018-01-07 10:53 - 2018-01-01 09:30 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2018-01-07 10:53 - 2018-01-01 09:30 - 000304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 002516480 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 001628672 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 000969728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
    2018-01-07 10:53 - 2018-01-01 09:28 - 001452544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
    2018-01-07 10:53 - 2018-01-01 09:28 - 000754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2018-01-07 10:53 - 2018-01-01 09:28 - 000522752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
    2018-01-07 10:53 - 2018-01-01 09:28 - 000260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2018-01-07 10:53 - 2018-01-01 09:27 - 000946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
    2018-01-07 10:53 - 2018-01-01 09:27 - 000879104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2018-01-07 10:53 - 2018-01-01 09:27 - 000267264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptprov.dll
    2018-01-07 10:53 - 2018-01-01 09:26 - 005964288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2018-01-07 10:53 - 2018-01-01 09:26 - 000750592 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
    2018-01-07 10:53 - 2018-01-01 09:26 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2018-01-07 10:53 - 2018-01-01 09:26 - 000385536 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
    2018-01-07 10:53 - 2018-01-01 09:26 - 000183296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
    2018-01-07 10:53 - 2018-01-01 09:26 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\rdvvmtransport.dll
    2018-01-07 10:53 - 2018-01-01 09:26 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys
    2018-01-07 10:53 - 2018-01-01 09:24 - 003651072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2018-01-07 10:53 - 2018-01-01 09:24 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2018-01-07 10:53 - 2018-01-01 09:24 - 000658944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2018-01-07 10:53 - 2018-01-01 09:23 - 001627136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2018-01-07 10:53 - 2018-01-01 09:23 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
    2018-01-07 10:53 - 2018-01-01 09:22 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
    2018-01-07 10:53 - 2018-01-01 09:21 - 000337920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
    2018-01-07 10:53 - 2018-01-01 09:21 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvvmtransport.dll
    2018-01-07 10:53 - 2018-01-01 09:20 - 000708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
    2018-01-07 10:53 - 2018-01-01 09:20 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll
    2018-01-07 10:53 - 2018-01-01 09:19 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscproxystub.dll
    2018-01-07 10:53 - 2018-01-01 09:18 - 000057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
    2018-01-07 10:53 - 2018-01-01 09:18 - 000048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdPnp.dll
    2018-01-07 10:53 - 2018-01-01 09:18 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmiprop.dll
    2018-01-07 10:53 - 2018-01-01 09:18 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWNet.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 001021336 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
    2018-01-07 10:52 - 2018-01-01 10:27 - 000751576 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
    2018-01-07 10:52 - 2018-01-01 10:27 - 000544152 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
    2018-01-07 10:52 - 2018-01-01 10:27 - 000382864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 000264536 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
    2018-01-07 10:52 - 2018-01-01 10:27 - 000074648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
    2018-01-07 10:52 - 2018-01-01 10:27 - 000066712 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 000022800 _____ (Microsoft Corporation) C:\Windows\system32\iumbase.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 000022208 _____ (Microsoft Corporation) C:\Windows\system32\IumSdk.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 000020376 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 000015632 _____ (Microsoft Corporation) C:\Windows\system32\iumdll.dll
    2018-01-07 10:52 - 2018-01-01 10:25 - 001065608 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2018-01-07 10:52 - 2018-01-01 10:25 - 000900880 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2018-01-07 10:52 - 2018-01-01 10:24 - 008345496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-01-07 10:52 - 2018-01-01 10:24 - 002327448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2018-01-07 10:52 - 2018-01-01 10:24 - 001188544 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2018-01-07 10:52 - 2018-01-01 10:24 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
    2018-01-07 10:52 - 2018-01-01 10:24 - 000105880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2018-01-07 10:52 - 2018-01-01 10:24 - 000033688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
    2018-01-07 10:52 - 2018-01-01 10:23 - 000456088 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2018-01-07 10:52 - 2018-01-01 10:23 - 000386456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
     
  6. ramesh help

    ramesh help Established Techie7 Member

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.01.2018
    Ran by Home (administrator) on WORKMACHINE (16-01-2018 10:40:37)
    Running from C:\Users\Home\Downloads
    Loaded Profiles: Home (Available Profiles: Home)
    Platform: Windows 10 Home Version 1703 15063.850 (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7b7c820d186f8dec\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7b7c820d186f8dec\IntelCpHDCPSvc.exe
    (Microsoft Corporation) C:\Windows\System32\Locator.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7b7c820d186f8dec\IntelCpHeciSvc.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7b7c820d186f8dec\igfxEM.exe
    (Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
    (Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
    (Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2142328 2017-12-19] (Logitech, Inc.)
    HKLM\...\Run: [jv16 PT 2017 (System Startup Check)] => "C:\Program Files (x86)\jv16 PowerTools 2017\jv16pt_PreWorker2.exe" /SysStartupCheck /PT:"C:\Program Files (x86)\jv16 PowerTools 2017\"
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [DriverPack Notifier] => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [258560 2015-12-18] ()
    HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKLM\...\Policies\Explorer: [NoResolveSearch] 1
    HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-21-3128490503-3481064576-2182703944-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\logon.scr
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-01-15]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled [2018-01-15] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\Parameters: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{2932496d-0bdb-11e7-a8ba-806e6f6e6963}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{2eed2ca6-62ae-4832-a2bc-797af511b181}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{3e8cd711-8c03-4497-b0a3-96439e127060}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{3e8cd711-8c03-4497-b0a3-96439e127060}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{89c7d9d2-b82d-4b12-a174-010c1c2aee99}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{be34f7d1-1aa2-4b2b-ba63-83fc4ecd66c2}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{e5f548e5-804e-4ae0-843c-b0a104b797ae}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{ecc22f3c-39b8-4d25-8211-9310c4b0ac91}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{ecc22f3c-39b8-4d25-8211-9310c4b0ac91}: [DhcpNameServer] 8.8.8.8

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2018-01-10] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2018-01-10] (Oracle Corporation)
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-18] (Adobe Systems Incorporated)
    Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
    FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-01-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-01-10] (Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-24] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-24] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-11-28] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)

    Chrome:
    =======
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default [2018-01-16]
    CHR Extension: (UROverview) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdamgkgchnbaopmphhjapmjcdghdphi [2018-01-09]
    CHR Extension: (Adblock Plus) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-14]
    CHR Extension: (Tampermonkey) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-10-08]
    CHR Extension: (WME JNF) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhnjmbmlldgfomcdmflifibpappdadcm [2017-11-24]
    CHR Extension: (Ads Blocker for Facebook ™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgjckeibmdfndlflobjhddhmemajjld [2017-12-24]
    CHR Extension: (WME Route Checker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjnhelaghhdbglpieidncdppchpnlfh [2017-09-14]
    CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-24]
    CHR Extension: (Lazada Price Tracker) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbffioiakemflkglioiijpfddgahchaf [2018-01-10]
    CHR Extension: (Video Adblocker for Youtube™ Extension) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2017-11-24]
    CHR Extension: (Social Fixer for Facebook) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-12-25]
    CHR Extension: (WME Toolbox) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihebciailciabdiknfomleeccodkdejn [2017-12-24]
    CHR Extension: (WME Color Highlights) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijnldkoicbhinlgnoigchihmegdjobjc [2017-07-28]
    CHR Extension: (Waze - Google Maps™ link) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jblojdkgpamepmiammlgkkhknojnlmai [2017-08-20]
    CHR Extension: (Torrentz2 Magnet Links +) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldknhpjddofdohocbhakahagoepainmo [2017-12-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
    CHR Extension: (Chrome Media Router) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-24]
    CHR Extension: (RightToCopy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmcimdddlobkphnofejmeidjblideca [2018-01-04]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
    R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-09] (Intel Corporation)
    R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [542392 2017-11-06] (Intel Corporation)
    S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324544 2017-12-14] (Realtek Semiconductor)
    S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-27] (TeamViewer GmbH)
    R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [592776 2017-05-08] (Waves Audio Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
    S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492256 2017-06-14] (Wondershare)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
    R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [74144 2017-11-09] (Intel Corporation)
    R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [69536 2017-11-09] (Intel Corporation)
    R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [382880 2017-11-09] (Intel Corporation)
    R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [54816 2016-10-28] (Intel Corporation)
    R3 HID_PCI; C:\Windows\System32\drivers\HID_PCI.sys [31328 2016-08-10] (Intel)
    R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [98976 2017-06-28] (Intel Corporation)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [132104 2017-11-06] (Intel Corporation)
    R3 ISH; C:\Windows\System32\drivers\ISH.sys [143984 2016-09-20] (Intel)
    R3 ISH_BusDriver; C:\Windows\System32\drivers\ISH_BusDriver.sys [80496 2016-08-18] (Intel)
    R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-10] (Malwarebytes)
    R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7638536 2017-10-30] (Intel Corporation)
    R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_4308e967c08942e3\nvlddmkm.sys [17028552 2017-12-19] (NVIDIA Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3237312 2017-12-20] (Realtek Semiconductor Corp.)
    S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
    S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
    R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [42000 2017-01-12] (Intel Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
    R2 WinDivert1.2; C:\Windows\system32\drivers\WinDivert64.sys [37552 2018-01-10] (Basil)
    U4 diagtrack; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    Error(1) reading file: "C:\Windows\System32\Tasks\Update for Yandex Browser "
    2018-01-15 16:44 - 2018-01-15 16:45 - 081633120 _____ (Logitech Inc.) C:\Users\Home\Downloads\SetPoint6.67.83_64.exe
    2018-01-15 16:28 - 2018-01-15 16:28 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
    2018-01-15 16:27 - 2018-01-15 16:27 - 000000000 ____D C:\Windows\pss
    2018-01-15 16:24 - 2018-01-15 16:24 - 000000005 _____ C:\Users\Home\.node_repl_history
    2018-01-15 16:20 - 2018-01-16 10:37 - 000000416 _____ C:\Windows\Tasks\Update for Yandex Browser .job
    2018-01-15 16:16 - 2018-01-15 16:51 - 000000000 ____D C:\Windows\LastGood
    2018-01-15 16:15 - 2018-01-15 16:16 - 000000000 ____D C:\Users\Home\AppData\Roaming\DriverPack Notifier
    2018-01-15 16:15 - 2018-01-15 16:15 - 000003546 _____ C:\Windows\System32\Tasks\DriverPack Notifier
    2018-01-15 16:15 - 2018-01-15 16:15 - 000000000 ____D C:\Users\Home\AppData\Roaming\Yandex
    2018-01-15 16:15 - 2018-01-15 16:15 - 000000000 ____D C:\Users\Home\AppData\Local\Yandex
    2018-01-15 16:15 - 2018-01-15 16:15 - 000000000 ____D C:\Program Files (x86)\DriverPack Notifier
    2018-01-15 16:11 - 2018-01-15 16:48 - 000000000 ____D C:\Users\Home\AppData\Roaming\DRPSu
    2018-01-15 16:08 - 2018-01-15 16:08 - 000000000 ____D C:\Users\Home\AppData\Roaming\Logitech
    2018-01-15 16:06 - 2018-01-15 16:06 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
    2018-01-15 15:58 - 2018-01-15 15:58 - 153191304 _____ (Logitech Inc.) C:\Users\Home\Downloads\Options_6.72.344 (1).exe
    2018-01-15 15:57 - 2018-01-15 15:57 - 004147600 _____ ($Co_Name Inc.) C:\Users\Home\Downloads\unifying250.exe
    2018-01-15 15:57 - 2018-01-15 15:57 - 001115912 _____ (Logitech Inc.) C:\Users\Home\Downloads\ConnectUtility_2.20.28_Logitech.exe
    2018-01-15 15:53 - 2018-01-15 15:53 - 000000000 ____D C:\Windows\LastGood.Tmp
    2018-01-15 14:43 - 2018-01-15 14:43 - 000000020 ___SH C:\Users\Home\AppData\Roaming\Programs8187ConfigDB.dat
    2018-01-15 14:43 - 2018-01-15 14:43 - 000000020 ___SH C:\Users\Home\AppData\Roaming\1816CA7466166.ind
    2018-01-15 14:42 - 2018-01-15 15:40 - 000000000 ____D C:\Program Files (x86)\jv16 PowerTools 2017
    2018-01-15 14:41 - 2018-01-16 10:36 - 000004102 _____ C:\Users\Home\Downloads\Fixlog.txt
    2018-01-15 14:37 - 2018-01-15 14:38 - 008728280 _____ C:\Users\Home\Downloads\jv16pt_setup.exe
    2018-01-15 14:34 - 2018-01-15 14:34 - 000074867 _____ C:\Users\Home\Downloads\whatinstartup-x64.zip
    2018-01-15 14:34 - 2018-01-15 14:34 - 000071487 _____ C:\Users\Home\Downloads\serviwin-x64.zip
    2018-01-15 14:19 - 2018-01-16 10:41 - 000019466 _____ C:\Users\Home\Downloads\FRST.txt
    2018-01-15 14:19 - 2018-01-15 14:24 - 000036771 _____ C:\Users\Home\Downloads\Addition.txt
    2018-01-15 12:17 - 2018-01-16 10:40 - 000000000 ____D C:\FRST
    2018-01-15 12:17 - 2018-01-15 12:17 - 002393088 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
    2018-01-14 19:41 - 2018-01-14 19:50 - 000000000 ____D C:\Users\Home\AppData\Roaming\FreeFixer
    2018-01-14 19:41 - 2018-01-14 19:50 - 000000000 ____D C:\Users\Home\AppData\Local\FreeFixer
    2018-01-14 19:41 - 2018-01-14 19:50 - 000000000 ____D C:\Program Files\FreeFixer
    2018-01-14 19:40 - 2018-01-14 19:40 - 002736190 _____ (Kephyr) C:\Users\Home\Downloads\freefixersetup.exe
    2018-01-14 19:34 - 2018-01-14 19:34 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2018-01-14 19:33 - 2018-01-14 19:34 - 031622688 _____ (SUPERAntiSpyware) C:\Users\Home\Downloads\SUPERAntiSpyware.exe
    2018-01-14 19:26 - 2018-01-14 19:26 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Home\Downloads\rkill.exe
    2018-01-14 19:20 - 2018-01-14 19:26 - 744487671 _____ C:\Users\Home\Desktop\www.TamilRockers.st - Annadurai (2017)[HDRip - x264 - 700MB - Tamil].mkv
    2018-01-14 19:01 - 2018-01-15 14:31 - 000234445 _____ C:\Windows\ZAM_Guard.krnl.trace
    2018-01-14 19:01 - 2018-01-14 19:36 - 000231206 _____ C:\Windows\ZAM.krnl.trace
    2018-01-14 19:00 - 2018-01-14 19:00 - 006625600 _____ (Zemana Ltd. ) C:\Users\Home\Downloads\Zemana.AntiMalware.Setup.exe
    2018-01-14 18:59 - 2018-01-14 18:59 - 008198432 _____ (Malwarebytes) C:\Users\Home\Downloads\adwcleaner_7.0.6.0 (1).exe
    2018-01-14 18:51 - 2018-01-14 18:57 - 742894207 _____ C:\Users\Home\Desktop\www.TamilRockers.st - Sakka Podu Podu Raja (2017)[HDRip - x264 - 700MB - ESubs - Tamil].mkv
    2018-01-14 18:51 - 2018-01-14 18:51 - 000014844 _____ C:\Users\Home\Downloads\www.TamilRockers.st - Sakka Podu Podu Raja (2017)HDRip - x264 - 700MB - ESubs - Tamil.mkv.torrent
    2018-01-14 18:50 - 2018-01-14 18:50 - 000014324 _____ C:\Users\Home\Downloads\www.TamilRockers.st - Spyder (2017) Tamil HDRip x264 700MB.mkv.torrent
    2018-01-14 16:34 - 2018-01-14 16:34 - 004288071 _____ C:\Users\Home\Downloads\MGT5000_S3_2017_Ramesh_Kasi.docx.pdf
    2018-01-14 14:38 - 2018-01-14 14:38 - 000000000 ____D C:\Users\Home\AppData\Local\SolidDocuments
    2018-01-14 14:09 - 2018-01-14 14:12 - 810299834 _____ C:\Users\Home\Downloads\IZOFILE.COM - Adobe Acrobat Pro DC 2018.009.20044.rar
    2018-01-14 14:08 - 2018-01-14 14:08 - 000586327 _____ ( ) C:\Users\Home\Downloads\Adobe_Acrobat_Pro_Dc_18.009.20050_Crack_2018.exe
    2018-01-14 14:08 - 2018-01-14 14:08 - 000045110 _____ C:\Users\Home\Downloads\Adobe_Acrobat_Pro_DC_2018_Crack.xht
    2018-01-14 14:05 - 2018-01-14 14:05 - 000045111 _____ C:\Users\Home\Downloads\Adobe_Acrobat_Pro_DC_Crack.xht
    2018-01-14 14:05 - 2018-01-14 14:05 - 000023867 _____ C:\Users\Home\Downloads\adobe-acrobat-pro-dc-crack.xht
    2018-01-14 12:53 - 2018-01-14 19:01 - 000000000 ____D C:\AdwCleaner
    2018-01-14 12:50 - 2018-01-14 12:51 - 008198432 _____ (Malwarebytes) C:\Users\Home\Downloads\adwcleaner_7.0.6.0.exe
    2018-01-14 12:49 - 2018-01-14 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2018-01-14 12:49 - 2018-01-14 12:49 - 000000000 ____D C:\Program Files\RogueKiller
    2018-01-14 12:42 - 2018-01-14 12:42 - 033463072 _____ (Adlice Software ) C:\Users\Home\Downloads\setup.exe
    2018-01-14 11:54 - 2018-01-15 16:08 - 000000000 ____D C:\Users\Home\AppData\Roaming\Logishrd
    2018-01-14 11:54 - 2018-01-15 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2018-01-14 11:53 - 2018-01-15 16:06 - 000000000 ____D C:\ProgramData\Logishrd
    2018-01-14 11:53 - 2018-01-14 11:53 - 000000000 ____D C:\Program Files\Logitech
    2018-01-14 11:20 - 2018-01-14 11:30 - 000000000 ____D C:\Program Files\rempl
    2018-01-14 11:17 - 2018-01-14 11:24 - 153191304 _____ (Logitech Inc.) C:\Users\Home\Downloads\Options_6.72.344.exe
    2018-01-10 18:58 - 2018-01-10 18:58 - 000037561 _____ C:\Users\Home\Downloads\1027637329.pdf
    2018-01-10 18:44 - 2018-01-10 18:44 - 000057410 _____ C:\Users\Home\Downloads\KASIK.L.PALANIAPPAN.pdf
    2018-01-10 16:47 - 2018-01-10 16:47 - 000000000 ____D C:\Users\Home\AppData\Roaming\OpenOffice
    2018-01-10 16:41 - 2018-01-10 16:41 - 000000000 ____D C:\Users\Home\Desktop\OpenOffice 4.1.5 (en-US) Installation Files
    2018-01-10 16:37 - 2018-01-10 16:38 - 140756235 _____ C:\Users\Home\Downloads\Apache_OpenOffice_4.1.5_Win_x86_install_en-US.exe
    2018-01-10 16:36 - 2018-01-10 16:36 - 000157455 _____ C:\Users\Home\Downloads\competition_rejection 2018-01-10.csv
    2018-01-10 16:03 - 2018-01-10 16:03 - 003022784 _____ C:\Users\Home\Downloads\finance.export.payout 2018-01-10.csv
    2018-01-10 15:23 - 2018-01-10 15:23 - 000003654 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
    2018-01-10 15:23 - 2018-01-10 15:23 - 000001358 _____ C:\DelFix.txt
    2018-01-10 15:23 - 2018-01-10 15:23 - 000000000 ____D C:\Windows\ERUNT
    2018-01-10 14:05 - 2018-01-10 14:05 - 001852992 _____ (Oracle Corporation) C:\Users\Home\Downloads\JavaSetup8u151.exe
    2018-01-10 12:49 - 2018-01-14 12:50 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2018-01-10 12:49 - 2018-01-10 15:22 - 000000000 ____D C:\ProgramData\RogueKiller
    2018-01-10 12:32 - 2018-01-10 13:49 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2018-01-10 12:32 - 2018-01-10 12:32 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-01-10 12:32 - 2018-01-10 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-01-10 12:31 - 2018-01-10 12:55 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
    2018-01-10 12:31 - 2018-01-10 12:31 - 083316440 _____ (Malwarebytes ) C:\Users\Home\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
    2018-01-10 12:31 - 2018-01-10 12:31 - 000000000 ____D C:\ProgramData\Malwarebytes
    2018-01-10 12:31 - 2018-01-10 12:31 - 000000000 ____D C:\Program Files\Malwarebytes
    2018-01-10 12:29 - 2018-01-10 12:43 - 000000000 ____D C:\Users\Home\AppData\Roaming\herfhhze0fk
    2018-01-10 12:28 - 2018-01-10 12:28 - 000000000 ____D C:\ProgramData\System Native
    2018-01-10 12:26 - 2018-01-10 12:26 - 000003621 _____ C:\Users\Public\Desktop\R@1n.txt
    2018-01-10 12:26 - 2018-01-10 12:26 - 000000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
    2018-01-10 12:26 - 2018-01-10 12:26 - 000000000 ____D C:\Users\Home\AppData\Local\mpress
    2018-01-10 12:25 - 2018-01-10 12:25 - 000004096 _____ C:\Windows\KMS-R@1nHook.dll
    2018-01-10 12:17 - 2018-01-10 12:17 - 000037552 _____ (Basil) C:\Windows\system32\Drivers\WinDivert64.sys
    2018-01-10 12:16 - 2018-01-10 13:45 - 000000000 ____D C:\Disk
    2018-01-10 12:16 - 2018-01-10 12:43 - 000000000 ____D C:\Users\Home\AppData\Roaming\ka10kqmgpts
    2018-01-10 12:16 - 2018-01-10 12:16 - 000000000 ____D C:\Windat
    2018-01-10 12:15 - 2018-01-10 12:43 - 000000000 ____D C:\Program Files (x86)\Multitimer
    2018-01-10 12:14 - 2018-01-16 10:37 - 000000008 __RSH C:\ProgramData\ntuser.pol
    2018-01-10 12:14 - 2018-01-10 12:38 - 000000000 ____D C:\WinSys
    2018-01-10 12:14 - 2018-01-10 12:38 - 000000000 ____D C:\Applications
    2018-01-10 12:14 - 2018-01-10 12:14 - 000000000 ____D C:\Users\Home\AppData\Roaming\System Native
    2018-01-10 12:14 - 2018-01-10 12:14 - 000000000 ____D C:\Program Files (x86)\System Native
    2018-01-10 12:12 - 2018-01-10 12:41 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.2 Final
    2018-01-09 11:17 - 2018-01-09 11:17 - 000000000 ____D C:\Users\Home\Downloads\temp
    2018-01-09 11:16 - 2018-01-14 19:26 - 000000000 ____D C:\Users\Home\Desktop\torrent incomplete
    2018-01-09 11:01 - 2018-01-09 11:05 - 000000000 ____D C:\Users\Home\Downloads\Ferdinand 2017
    2018-01-08 20:54 - 2018-01-08 20:54 - 000037171 _____ C:\Windows\uninstaller.dat
    2018-01-08 10:33 - 2018-01-15 14:44 - 000000000 ____D C:\Users\Home\AppData\Roaming\qBittorrent
    2018-01-08 10:33 - 2018-01-08 10:33 - 000000000 ____D C:\Users\Home\AppData\Local\qBittorrent
    2018-01-08 10:33 - 2018-01-08 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
    2018-01-08 10:33 - 2018-01-08 10:33 - 000000000 ____D C:\Program Files (x86)\qBittorrent
    2018-01-07 16:48 - 2018-01-07 17:08 - 000001855 _____ C:\Users\Home\Desktop\dsfsdfdsfd.txt
    2018-01-07 10:53 - 2018-01-01 14:03 - 000891904 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
    2018-01-07 10:53 - 2018-01-01 10:27 - 000074648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
    2018-01-07 10:53 - 2018-01-01 10:26 - 000107416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
    2018-01-07 10:53 - 2018-01-01 10:24 - 000135576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2018-01-07 10:53 - 2018-01-01 10:24 - 000102808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
    2018-01-07 10:53 - 2018-01-01 10:24 - 000052632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys
    2018-01-07 10:53 - 2018-01-01 10:22 - 001239448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2018-01-07 10:53 - 2018-01-01 10:22 - 001194784 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2018-01-07 10:53 - 2018-01-01 10:22 - 000181912 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2018-01-07 10:53 - 2018-01-01 10:22 - 000119704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2018-01-07 10:53 - 2018-01-01 10:21 - 000587160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
    2018-01-07 10:53 - 2018-01-01 10:20 - 000036760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys
    2018-01-07 10:53 - 2018-01-01 10:19 - 000730008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2018-01-07 10:53 - 2018-01-01 10:19 - 000164760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
    2018-01-07 10:53 - 2018-01-01 10:19 - 000047512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys
    2018-01-07 10:53 - 2018-01-01 10:19 - 000027456 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
    2018-01-07 10:53 - 2018-01-01 10:18 - 000110600 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
    2018-01-07 10:53 - 2018-01-01 10:18 - 000057752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
    2018-01-07 10:53 - 2018-01-01 10:16 - 002672024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2018-01-07 10:53 - 2018-01-01 10:16 - 000610712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2018-01-07 10:53 - 2018-01-01 10:15 - 000083352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
    2018-01-07 10:53 - 2018-01-01 10:09 - 000070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WindowsTrustedRT.sys
    2018-01-07 10:53 - 2018-01-01 10:07 - 000583688 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_win.dll
    2018-01-07 10:53 - 2018-01-01 10:03 - 000627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
    2018-01-07 10:53 - 2018-01-01 10:03 - 000311704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2018-01-07 10:53 - 2018-01-01 09:52 - 000195768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
    2018-01-07 10:53 - 2018-01-01 09:50 - 000787704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2018-01-07 10:53 - 2018-01-01 09:49 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
    2018-01-07 10:53 - 2018-01-01 09:48 - 005828768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
    2018-01-07 10:53 - 2018-01-01 09:48 - 002167320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2018-01-07 10:53 - 2018-01-01 09:48 - 000073896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wwapi.dll
    2018-01-07 10:53 - 2018-01-01 09:47 - 001998416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2018-01-07 10:53 - 2018-01-01 09:47 - 000433888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
    2018-01-07 10:53 - 2018-01-01 09:47 - 000186520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
    2018-01-07 10:53 - 2018-01-01 09:47 - 000016592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshhyperv.dll
    2018-01-07 10:53 - 2018-01-01 09:46 - 000702032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2018-01-07 10:53 - 2018-01-01 09:46 - 000087352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
    2018-01-07 10:53 - 2018-01-01 09:45 - 020374424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2018-01-07 10:53 - 2018-01-01 09:45 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2018-01-07 10:53 - 2018-01-01 09:43 - 000558080 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2018-01-07 10:53 - 2018-01-01 09:42 - 000480912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2018-01-07 10:53 - 2018-01-01 09:42 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
    2018-01-07 10:53 - 2018-01-01 09:41 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenanceClient.dll
    2018-01-07 10:53 - 2018-01-01 09:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmgid.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
    2018-01-07 10:53 - 2018-01-01 09:40 - 000130560 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
    2018-01-07 10:53 - 2018-01-01 09:40 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storqosflt.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Synth3dVsc.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
    2018-01-07 10:53 - 2018-01-01 09:40 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dmvsc.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RfxVmt.sys
    2018-01-07 10:53 - 2018-01-01 09:40 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerSvc.dll
    2018-01-07 10:53 - 2018-01-01 09:39 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
    2018-01-07 10:53 - 2018-01-01 09:39 - 000204800 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
    2018-01-07 10:53 - 2018-01-01 09:39 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
    2018-01-07 10:53 - 2018-01-01 09:38 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
    2018-01-07 10:53 - 2018-01-01 09:38 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2018-01-07 10:53 - 2018-01-01 09:38 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
    2018-01-07 10:53 - 2018-01-01 09:38 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
    2018-01-07 10:53 - 2018-01-01 09:37 - 002953216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
    2018-01-07 10:53 - 2018-01-01 09:37 - 000473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2018-01-07 10:53 - 2018-01-01 09:37 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2018-01-07 10:53 - 2018-01-01 09:37 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2018-01-07 10:53 - 2018-01-01 09:37 - 000038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2018-01-07 10:53 - 2018-01-01 09:36 - 000548864 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
    2018-01-07 10:53 - 2018-01-01 09:36 - 000328704 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
    2018-01-07 10:53 - 2018-01-01 09:36 - 000209920 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
    2018-01-07 10:53 - 2018-01-01 09:35 - 000421888 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
    2018-01-07 10:53 - 2018-01-01 09:35 - 000343040 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
    2018-01-07 10:53 - 2018-01-01 09:35 - 000060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
    2018-01-07 10:53 - 2018-01-01 09:35 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
    2018-01-07 10:53 - 2018-01-01 09:35 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\virtdisk.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000203264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tetheringclient.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2018-01-07 10:53 - 2018-01-01 09:34 - 000010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2018-01-07 10:53 - 2018-01-01 09:33 - 001627648 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
    2018-01-07 10:53 - 2018-01-01 09:33 - 001177600 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
    2018-01-07 10:53 - 2018-01-01 09:33 - 000175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
    2018-01-07 10:53 - 2018-01-01 09:33 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2018-01-07 10:53 - 2018-01-01 09:33 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ssdpapi.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 001094656 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2018-01-07 10:53 - 2018-01-01 09:32 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
    2018-01-07 10:53 - 2018-01-01 09:32 - 000099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\keyiso.dll
    2018-01-07 10:53 - 2018-01-01 09:32 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3dlg.dll
    2018-01-07 10:53 - 2018-01-01 09:31 - 000934912 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2018-01-07 10:53 - 2018-01-01 09:31 - 000757760 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
    2018-01-07 10:53 - 2018-01-01 09:31 - 000370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
    2018-01-07 10:53 - 2018-01-01 09:31 - 000242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2018-01-07 10:53 - 2018-01-01 09:31 - 000232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppLockerCSP.dll
    2018-01-07 10:53 - 2018-01-01 09:31 - 000173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
    2018-01-07 10:53 - 2018-01-01 09:30 - 020514304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
    2018-01-07 10:53 - 2018-01-01 09:30 - 019337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2018-01-07 10:53 - 2018-01-01 09:30 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2018-01-07 10:53 - 2018-01-01 09:30 - 000432640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
    2018-01-07 10:53 - 2018-01-01 09:30 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2018-01-07 10:53 - 2018-01-01 09:30 - 000304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 002516480 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 001628672 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 000969728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2018-01-07 10:53 - 2018-01-01 09:29 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
    2018-01-07 10:53 - 2018-01-01 09:28 - 001452544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
    2018-01-07 10:53 - 2018-01-01 09:28 - 000754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2018-01-07 10:53 - 2018-01-01 09:28 - 000522752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
    2018-01-07 10:53 - 2018-01-01 09:28 - 000260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2018-01-07 10:53 - 2018-01-01 09:27 - 000946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
    2018-01-07 10:53 - 2018-01-01 09:27 - 000879104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2018-01-07 10:53 - 2018-01-01 09:27 - 000267264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptprov.dll
    2018-01-07 10:53 - 2018-01-01 09:26 - 005964288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2018-01-07 10:53 - 2018-01-01 09:26 - 000750592 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
    2018-01-07 10:53 - 2018-01-01 09:26 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2018-01-07 10:53 - 2018-01-01 09:26 - 000385536 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
    2018-01-07 10:53 - 2018-01-01 09:26 - 000183296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
    2018-01-07 10:53 - 2018-01-01 09:26 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\rdvvmtransport.dll
    2018-01-07 10:53 - 2018-01-01 09:26 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys
    2018-01-07 10:53 - 2018-01-01 09:24 - 003651072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2018-01-07 10:53 - 2018-01-01 09:24 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2018-01-07 10:53 - 2018-01-01 09:24 - 000658944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2018-01-07 10:53 - 2018-01-01 09:23 - 001627136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2018-01-07 10:53 - 2018-01-01 09:23 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
    2018-01-07 10:53 - 2018-01-01 09:22 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
    2018-01-07 10:53 - 2018-01-01 09:21 - 000337920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
    2018-01-07 10:53 - 2018-01-01 09:21 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvvmtransport.dll
    2018-01-07 10:53 - 2018-01-01 09:20 - 000708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
    2018-01-07 10:53 - 2018-01-01 09:20 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll
    2018-01-07 10:53 - 2018-01-01 09:19 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscproxystub.dll
    2018-01-07 10:53 - 2018-01-01 09:18 - 000057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
    2018-01-07 10:53 - 2018-01-01 09:18 - 000048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdPnp.dll
    2018-01-07 10:53 - 2018-01-01 09:18 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmiprop.dll
    2018-01-07 10:53 - 2018-01-01 09:18 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWNet.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 001021336 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
    2018-01-07 10:52 - 2018-01-01 10:27 - 000751576 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
    2018-01-07 10:52 - 2018-01-01 10:27 - 000544152 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
    2018-01-07 10:52 - 2018-01-01 10:27 - 000382864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 000264536 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
    2018-01-07 10:52 - 2018-01-01 10:27 - 000074648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
    2018-01-07 10:52 - 2018-01-01 10:27 - 000066712 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 000022800 _____ (Microsoft Corporation) C:\Windows\system32\iumbase.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 000022208 _____ (Microsoft Corporation) C:\Windows\system32\IumSdk.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 000020376 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
    2018-01-07 10:52 - 2018-01-01 10:27 - 000015632 _____ (Microsoft Corporation) C:\Windows\system32\iumdll.dll
    2018-01-07 10:52 - 2018-01-01 10:25 - 001065608 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2018-01-07 10:52 - 2018-01-01 10:25 - 000900880 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2018-01-07 10:52 - 2018-01-01 10:24 - 008345496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2018-01-07 10:52 - 2018-01-01 10:24 - 002327448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2018-01-07 10:52 - 2018-01-01 10:24 - 001188544 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2018-01-07 10:52 - 2018-01-01 10:24 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
    2018-01-07 10:52 - 2018-01-01 10:24 - 000105880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2018-01-07 10:52 - 2018-01-01 10:24 - 000033688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
    2018-01-07 10:52 - 2018-01-01 10:23 - 000456088 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
    2018-01-07 10:52 - 2018-01-01 10:23 - 000386456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
    2018-01-07 10:52 - 2018-01-01 10:22 - 000503704 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2018-01-07 10:52 - 2018-01-01 10:21 - 000328616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
    2018-01-07 10:52 - 2018-01-01 10:21 - 000063896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys
    2018-01-07 10:52 - 2018-01-01 10:20 - 007319912 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
    2018-01-07 10:52 - 2018-01-01 10:20 - 002647216 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2018-01-07 10:52 - 2018-01-01 10:20 - 000524760 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
    2018-01-07 10:52 - 2018-01-01 10:20 - 000459160 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
    2018-01-07 10:52 - 2018-01-01 10:19 - 002466392 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2018-01-07 10:52 - 2018-01-01 10:19 - 000870896 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2018-01-07 10:52 - 2018-01-01 10:19 - 000714648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
    2018-01-07 10:52 - 2018-01-01 10:19 - 000643704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2018-01-07 10:52 - 2018-01-01 10:19 - 000546712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2018-01-07 10:52 - 2018-01-01 10:19 - 000282520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
    2018-01-07 10:52 - 2018-01-01 10:19 - 000247472 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
    2018-01-07 10:52 - 2018-01-01 10:19 - 000184728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2018-01-07 10:52 - 2018-01-01 10:19 - 000123800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
    2018-01-07 10:52 - 2018-01-01 10:19 - 000118680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
    2018-01-07 10:52 - 2018-01-01 10:19 - 000082328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmcl.sys
    2018-01-07 10:52 - 2018-01-01 10:19 - 000054168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
    2018-01-07 10:52 - 2018-01-01 10:19 - 000031640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys
    2018-01-07 10:52 - 2018-01-01 10:19 - 000018672 _____ (Microsoft Corporation) C:\Windows\system32\wshhyperv.dll
    2018-01-07 10:52 - 2018-01-01 10:18 - 021354736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2018-01-07 10:52 - 2018-01-01 10:18 - 001146776 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
    2018-01-07 10:52 - 2018-01-01 10:18 - 000966040 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
    2018-01-07 10:52 - 2018-01-01 10:18 - 000822680 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
    2018-01-07 10:52 - 2018-01-01 10:18 - 000316240 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2018-01-07 10:52 - 2018-01-01 10:18 - 000175800 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
    2018-01-07 10:52 - 2018-01-01 10:18 - 000059800 _____ (Microsoft Corporation) C:\Windows\system32\hvhostsvc.dll
    2018-01-07 10:52 - 2018-01-01 10:17 - 000154520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2018-01-07 10:52 - 2018-01-01 10:16 - 001107352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2018-01-07 10:52 - 2018-01-01 10:15 - 001396680 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2018-01-07 10:52 - 2018-01-01 10:15 - 000644696 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2018-01-07 10:52 - 2018-01-01 10:14 - 000159640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
    2018-01-07 10:52 - 2018-01-01 10:10 - 000100800 _____ (Microsoft Corporation) C:\Windows\system32\wwapi.dll
    2018-01-07 10:52 - 2018-01-01 10:09 - 000434072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
    2018-01-07 10:52 - 2018-01-01 10:09 - 000142744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
    2018-01-07 10:52 - 2018-01-01 10:09 - 000114584 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
    2018-01-07 10:52 - 2018-01-01 10:08 - 001325960 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2018-01-07 10:52 - 2018-01-01 09:52 - 023680512 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
    2018-01-07 10:52 - 2018-01-01 09:44 - 000411184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_win.dll
    2018-01-07 10:52 - 2018-01-01 09:43 - 003670016 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
    2018-01-07 10:52 - 2018-01-01 09:42 - 000122880 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2018-01-07 10:52 - 2018-01-01 09:42 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
    2018-01-07 10:52 - 2018-01-01 09:42 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhvr.sys
    2018-01-07 10:52 - 2018-01-01 09:42 - 000047104 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2018-01-07 10:52 - 2018-01-01 09:41 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys
    2018-01-07 10:52 - 2018-01-01 09:41 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
    2018-01-07 10:52 - 2018-01-01 09:41 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
    2018-01-07 10:52 - 2018-01-01 09:41 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
    2018-01-07 10:52 - 2018-01-01 09:41 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\sysntfy.dll
    2018-01-07 10:52 - 2018-01-01 09:41 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys
    2018-01-07 10:52 - 2018-01-01 09:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\nrpsrv.dll
    2018-01-07 10:52 - 2018-01-01 09:41 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys
    2018-01-07 10:52 - 2018-01-01 09:41 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\VmApplicationHealthMonitorProxy.dll
    2018-01-07 10:52 - 2018-01-01 09:41 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hyperkbd.sys
    2018-01-07 10:52 - 2018-01-01 09:41 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmgencounter.sys
    2018-01-07 10:52 - 2018-01-01 09:41 - 000009216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys
    2018-01-07 10:52 - 2018-01-01 09:40 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\container.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000216064 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000133632 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000096256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000096256 _____ (Microsoft Corporation) C:\Windows\system32\container_xml.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2018-01-07 10:52 - 2018-01-01 09:40 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\efslsaext.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcnfs.sys
    2018-01-07 10:52 - 2018-01-01 09:40 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys
    2018-01-07 10:52 - 2018-01-01 09:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\tetheringclient.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\efssvc.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\virtdisk.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2018-01-07 10:52 - 2018-01-01 09:40 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2018-01-07 10:52 - 2018-01-01 09:40 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\gpuenergydrv.sys
    2018-01-07 10:52 - 2018-01-01 09:39 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
     
  7. ramesh help

    ramesh help Established Techie7 Member

    2018-01-07 10:52 - 2018-01-01 09:39 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2018-01-07 10:52 - 2018-01-01 09:39 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
    2018-01-07 10:52 - 2018-01-01 09:39 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2018-01-07 10:52 - 2018-01-01 09:39 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\rasauto.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\SCardDlg.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\ssdpapi.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2018-01-07 10:52 - 2018-01-01 09:39 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2018-01-07 10:52 - 2018-01-01 09:38 - 000457728 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
    2018-01-07 10:52 - 2018-01-01 09:38 - 000334336 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
    2018-01-07 10:52 - 2018-01-01 09:38 - 000304640 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
    2018-01-07 10:52 - 2018-01-01 09:38 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
    2018-01-07 10:52 - 2018-01-01 09:38 - 000283648 _____ (Microsoft Corporation) C:\Windows\system32\icsvc.dll
    2018-01-07 10:52 - 2018-01-01 09:38 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\WPTaskScheduler.dll
    2018-01-07 10:52 - 2018-01-01 09:38 - 000165888 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
    2018-01-07 10:52 - 2018-01-01 09:38 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2018-01-07 10:52 - 2018-01-01 09:38 - 000150528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2018-01-07 10:52 - 2018-01-01 09:38 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
    2018-01-07 10:52 - 2018-01-01 09:38 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2018-01-07 10:52 - 2018-01-01 09:38 - 000096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2018-01-07 10:52 - 2018-01-01 09:38 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\keyiso.dll
    2018-01-07 10:52 - 2018-01-01 09:38 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\dot3dlg.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 023683072 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000723968 _____ (Microsoft Corporation) C:\Windows\system32\NaturalAuth.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000582656 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000434176 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\APHostService.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000336384 _____ (Microsoft Corporation) C:\Windows\system32\AppLockerCSP.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000305152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
    2018-01-07 10:52 - 2018-01-01 09:37 - 000250368 _____ (Microsoft Corporation) C:\Windows\system32\SCardSvr.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000250368 _____ (Microsoft Corporation) C:\Windows\system32\BrokerLib.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000232960 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000138752 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000099328 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2018-01-07 10:52 - 2018-01-01 09:37 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
    2018-01-07 10:52 - 2018-01-01 09:36 - 000773120 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
    2018-01-07 10:52 - 2018-01-01 09:36 - 000626176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
    2018-01-07 10:52 - 2018-01-01 09:36 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
    2018-01-07 10:52 - 2018-01-01 09:36 - 000457728 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2018-01-07 10:52 - 2018-01-01 09:36 - 000388096 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2018-01-07 10:52 - 2018-01-01 09:36 - 000310784 _____ (Microsoft Corporation) C:\Windows\system32\wifiprofilessettinghandler.dll
    2018-01-07 10:52 - 2018-01-01 09:36 - 000307712 _____ (Microsoft Corporation) C:\Windows\system32\icsvcext.dll
    2018-01-07 10:52 - 2018-01-01 09:36 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2018-01-07 10:52 - 2018-01-01 09:36 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
    2018-01-07 10:52 - 2018-01-01 09:35 - 000996864 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
    2018-01-07 10:52 - 2018-01-01 09:35 - 000847360 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
    2018-01-07 10:52 - 2018-01-01 09:35 - 000741376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2018-01-07 10:52 - 2018-01-01 09:35 - 000692736 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2018-01-07 10:52 - 2018-01-01 09:35 - 000538624 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
    2018-01-07 10:52 - 2018-01-01 09:35 - 000422912 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
    2018-01-07 10:52 - 2018-01-01 09:35 - 000365568 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
    2018-01-07 10:52 - 2018-01-01 09:35 - 000292352 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
    2018-01-07 10:52 - 2018-01-01 09:35 - 000278016 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
    2018-01-07 10:52 - 2018-01-01 09:35 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000973312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000805888 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000752640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000399872 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000239616 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2018-01-07 10:52 - 2018-01-01 09:34 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2018-01-07 10:52 - 2018-01-01 09:34 - 000058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2018-01-07 10:52 - 2018-01-01 09:34 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2018-01-07 10:52 - 2018-01-01 09:34 - 000013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2018-01-07 10:52 - 2018-01-01 09:33 - 003306496 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000877568 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000799744 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000687616 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000583168 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000365568 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\ncryptprov.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2018-01-07 10:52 - 2018-01-01 09:33 - 000120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2018-01-07 10:52 - 2018-01-01 09:33 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2018-01-07 10:52 - 2018-01-01 09:32 - 002078720 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2018-01-07 10:52 - 2018-01-01 09:32 - 001028608 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
    2018-01-07 10:52 - 2018-01-01 09:32 - 000970752 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2018-01-07 10:52 - 2018-01-01 09:32 - 000922112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2018-01-07 10:52 - 2018-01-01 09:32 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2018-01-07 10:52 - 2018-01-01 09:32 - 000123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2018-01-07 10:52 - 2018-01-01 09:32 - 000097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2018-01-07 10:52 - 2018-01-01 09:32 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2018-01-07 10:52 - 2018-01-01 09:31 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
    2018-01-07 10:52 - 2018-01-01 09:31 - 007339520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2018-01-07 10:52 - 2018-01-01 09:31 - 001736704 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
    2018-01-07 10:52 - 2018-01-01 09:31 - 001398272 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2018-01-07 10:52 - 2018-01-01 09:31 - 001355264 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
    2018-01-07 10:52 - 2018-01-01 09:31 - 000266240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2018-01-07 10:52 - 2018-01-01 09:30 - 012803584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2018-01-07 10:52 - 2018-01-01 09:30 - 004719104 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2018-01-07 10:52 - 2018-01-01 09:30 - 003206656 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
    2018-01-07 10:52 - 2018-01-01 09:30 - 000706560 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2018-01-07 10:52 - 2018-01-01 09:30 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
    2018-01-07 10:52 - 2018-01-01 09:30 - 000397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2018-01-07 10:52 - 2018-01-01 09:30 - 000397312 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
    2018-01-07 10:52 - 2018-01-01 09:30 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
    2018-01-07 10:52 - 2018-01-01 09:29 - 002426368 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
    2018-01-07 10:52 - 2018-01-01 09:29 - 001583616 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2018-01-07 10:52 - 2018-01-01 09:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2018-01-07 10:52 - 2018-01-01 09:29 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
    2018-01-07 10:52 - 2018-01-01 09:29 - 000877568 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2018-01-07 10:52 - 2018-01-01 09:29 - 000755200 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2018-01-07 10:52 - 2018-01-01 09:29 - 000552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2018-01-07 10:52 - 2018-01-01 09:29 - 000358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
    2018-01-07 10:52 - 2018-01-01 09:29 - 000272384 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
    2018-01-07 10:52 - 2018-01-01 09:29 - 000126464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2018-01-07 10:52 - 2018-01-01 09:28 - 001802752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2018-01-07 10:52 - 2018-01-01 09:28 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2018-01-07 10:52 - 2018-01-01 09:27 - 006249472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
    2018-01-07 10:52 - 2018-01-01 09:26 - 011888640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2018-01-07 10:52 - 2018-01-01 09:26 - 000722944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2018-01-07 10:52 - 2018-01-01 09:26 - 000502272 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
    2018-01-07 10:52 - 2018-01-01 09:25 - 002010112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2018-01-07 10:52 - 2018-01-01 09:25 - 000824832 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
    2018-01-07 10:52 - 2018-01-01 09:25 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
    2018-01-07 10:52 - 2018-01-01 09:25 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys
    2018-01-07 10:52 - 2018-01-01 09:24 - 001463296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2018-01-07 10:52 - 2018-01-01 09:24 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
    2018-01-07 10:52 - 2018-01-01 09:24 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\wscproxystub.dll
    2018-01-07 10:52 - 2018-01-01 09:23 - 000239616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
    2018-01-07 10:52 - 2018-01-01 09:23 - 000101888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
    2018-01-07 10:52 - 2018-01-01 09:23 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
    2018-01-07 10:52 - 2018-01-01 09:23 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\fdPnp.dll
    2018-01-07 10:52 - 2018-01-01 09:23 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2018-01-07 10:52 - 2018-01-01 09:23 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys
    2018-01-07 10:52 - 2018-01-01 09:23 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2018-01-07 10:52 - 2018-01-01 09:23 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\fdWNet.dll
    2018-01-07 10:52 - 2018-01-01 09:23 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\wmiprop.dll
    2018-01-07 10:52 - 2018-01-01 09:23 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys
    2018-01-07 10:52 - 2018-01-01 09:18 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
    2018-01-05 10:52 - 2018-01-10 11:59 - 000000000 ____D C:\Users\Home\Desktop\chap 2
    2018-01-04 21:18 - 2018-01-04 21:18 - 000142783 _____ C:\Users\Home\Desktop\4D, 5D, 6D Forecast table.pdf
    2018-01-03 15:42 - 2018-01-03 15:42 - 000000000 ____D C:\Users\Home\AppData\Local\VirtualStore
    2018-01-03 14:56 - 2018-01-07 10:06 - 000000000 ____D C:\Users\Home\AppData\Roaming\Syncios Data Transfer
    2018-01-03 14:56 - 2018-01-03 14:56 - 000000000 ____D C:\Users\Home\Documents\Syncios Data Transfer
    2018-01-03 14:56 - 2018-01-03 14:56 - 000000000 ____D C:\Users\Home\.android
    2018-01-03 14:53 - 2018-01-14 20:30 - 000001332 _____ C:\Users\Home\Desktop\Syncios Data Transfer.lnk
    2018-01-03 14:53 - 2018-01-03 14:53 - 000000000 ____D C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Syncios
    2018-01-03 14:53 - 2018-01-03 14:53 - 000000000 ____D C:\Program Files (x86)\AnvSoft
    2018-01-03 14:46 - 2018-01-03 14:46 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
    2018-01-03 14:46 - 2018-01-03 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2018-01-03 14:46 - 2018-01-03 14:46 - 000000000 ____D C:\Program Files\iTunes
    2018-01-03 14:46 - 2018-01-03 14:46 - 000000000 ____D C:\Program Files\iPod
    2018-01-03 14:45 - 2018-01-03 14:45 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2018-01-03 14:45 - 2018-01-03 14:45 - 000000000 ____D C:\Windows\System32\Tasks\Apple
    2018-01-03 14:45 - 2018-01-03 14:45 - 000000000 ____D C:\Users\Home\AppData\Local\Apple
    2018-01-03 14:45 - 2018-01-03 14:45 - 000000000 ____D C:\Program Files\Common Files\Apple
    2018-01-03 14:45 - 2018-01-03 14:45 - 000000000 ____D C:\Program Files\Bonjour
    2018-01-03 14:45 - 2018-01-03 14:45 - 000000000 ____D C:\Program Files (x86)\Bonjour
    2018-01-03 14:45 - 2018-01-03 14:45 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
    2018-01-03 10:00 - 2018-01-07 09:32 - 000000000 ____D C:\Users\Home\Desktop\exam
    2018-01-03 09:34 - 2018-01-14 14:20 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2018-01-03 09:31 - 2018-01-03 09:31 - 000076484 _____ C:\Users\Home\Desktop\0061066798_MGT5000_Coversheet
    2018-01-03 09:26 - 2018-01-03 09:26 - 000009774 _____ C:\Users\Home\Desktop\USQ Transcirpts score.pdf
    2018-01-02 10:49 - 2018-01-02 10:49 - 000185428 _____ C:\Users\Home\Desktop\AIS Form v21.pdf
    2018-01-02 10:49 - 2018-01-02 10:49 - 000000000 ____D C:\Users\Home\AppData\Local\CEF
    2017-12-31 16:45 - 2017-12-31 16:45 - 000000279 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin (2).lnk
    2017-12-30 17:03 - 2017-12-30 17:03 - 000000000 ____D C:\ProgramData\VS Revo Group
    2017-12-29 14:57 - 2017-12-29 14:57 - 000000000 ____D C:\Program Files\Reference Assemblies
    2017-12-29 14:57 - 2017-12-29 14:57 - 000000000 ____D C:\Program Files\MSBuild
    2017-12-29 14:57 - 2017-12-29 14:57 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2017-12-29 14:57 - 2017-12-29 14:57 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2017-12-29 14:55 - 2017-02-10 11:26 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
    2017-12-29 14:55 - 2017-02-10 11:26 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2017-12-29 14:55 - 2017-02-10 11:26 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2017-12-29 14:55 - 2017-02-10 11:21 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
    2017-12-29 14:55 - 2017-02-10 11:21 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2017-12-29 14:55 - 2017-02-10 11:21 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2017-12-27 21:59 - 2017-12-27 21:59 - 000000000 __SHD C:\ProgramData\ms-drivers
    2017-12-27 21:59 - 2017-12-27 21:59 - 000000000 __SHD C:\ProgramData\icsxml
    2017-12-27 21:55 - 2017-12-27 22:01 - 000000000 ____D C:\Users\Home\AppData\Local\MetaGeek,_LLC
    2017-12-27 21:55 - 2017-12-27 21:55 - 000000000 __SHD C:\Users\Home\AppData\Local\icsxml
    2017-12-27 21:54 - 2017-12-27 21:54 - 000000000 __SHD C:\Users\Home\AppData\Local\ms-drivers
    2017-12-27 21:54 - 2017-12-27 21:54 - 000000000 __SHD C:\ProgramData\DIBsection
    2017-12-27 21:54 - 2017-12-27 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek
    2017-12-27 21:54 - 2017-12-27 21:54 - 000000000 ____D C:\Program Files (x86)\MetaGeek
    2017-12-27 19:34 - 2017-11-06 20:50 - 000402608 _____ (Intel Corporation) C:\Windows\system32\ibtproppage.dll
    2017-12-27 19:34 - 2017-11-06 20:50 - 000132104 _____ (Intel Corporation) C:\Windows\system32\Drivers\ibtusb.sys
    2017-12-27 19:34 - 2017-11-06 20:50 - 000116762 _____ C:\Windows\system32\Drivers\ibtfw.dat
    2017-12-27 19:27 - 2017-12-20 03:41 - 001980632 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsDecode.dll
    2017-12-27 19:27 - 2017-12-20 03:41 - 001132760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtsMFT0.dll
    2017-12-27 19:27 - 2017-12-20 03:41 - 000666048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtCamP64.dll
    2017-12-27 19:27 - 2017-12-20 03:41 - 000577472 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtCamP.dll
    2017-12-27 19:26 - 2017-12-20 03:41 - 002650328 _____ (Realtek Semiconductor Corp.) C:\Windows\RtCamU64.exe
    2017-12-27 09:07 - 2017-12-27 09:07 - 000000000 ___SD C:\Windows\UpdateAssistantV2
    2017-12-26 21:16 - 2017-12-26 21:16 - 000000371 _____ C:\Users\Home\Desktop\job report.txt
    2017-12-26 12:09 - 2018-01-07 09:37 - 000000000 ____D C:\Users\Home\Desktop\job files important documents
    2017-12-26 10:31 - 2017-12-26 10:31 - 000000279 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
    2017-12-26 10:20 - 2017-12-26 10:20 - 000000000 ____D C:\Users\Home\Tracing
    2017-12-25 08:44 - 2017-11-30 10:58 - 006763128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-12-25 08:44 - 2017-11-30 10:57 - 001123968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
    2017-12-25 08:44 - 2017-11-30 10:43 - 000095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
    2017-12-25 08:44 - 2017-11-30 10:43 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-12-25 08:44 - 2017-11-30 10:42 - 000148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
    2017-12-25 08:44 - 2017-11-30 10:42 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscript.ocx
    2017-12-25 08:44 - 2017-11-30 10:41 - 000146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
    2017-12-25 08:44 - 2017-11-30 10:40 - 000528384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
    2017-12-25 08:44 - 2017-11-30 10:40 - 000206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
    2017-12-25 08:44 - 2017-11-30 10:40 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
    2017-12-25 08:44 - 2017-11-30 10:38 - 001248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
    2017-12-25 08:44 - 2017-11-30 10:38 - 000636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
    2017-12-25 08:44 - 2017-11-30 10:36 - 001019904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
    2017-12-25 08:44 - 2017-11-30 10:34 - 004559360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
    2017-12-25 08:44 - 2017-11-17 17:31 - 000223640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
    2017-12-25 08:44 - 2017-11-02 13:04 - 001292360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2017-12-25 08:44 - 2017-11-02 12:49 - 001838848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-12-25 08:44 - 2017-11-02 12:45 - 000613136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2017-12-25 08:44 - 2017-11-02 12:45 - 000362144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2017-12-25 08:44 - 2017-11-02 12:45 - 000354360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2017-12-25 08:44 - 2017-11-02 12:45 - 000283544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2017-12-25 08:44 - 2017-11-02 12:45 - 000172952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2017-12-25 08:44 - 2017-11-02 12:45 - 000133896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2017-12-25 08:44 - 2017-11-02 12:44 - 005808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
    2017-12-25 08:44 - 2017-11-02 12:44 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
    2017-12-25 08:44 - 2017-11-02 12:30 - 000407040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
    2017-12-25 08:44 - 2017-11-02 12:30 - 000155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
    2017-12-25 08:44 - 2017-11-02 12:27 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-12-25 08:44 - 2017-11-02 12:27 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertPKICmdlet.dll
    2017-12-25 08:44 - 2017-11-02 12:26 - 002671616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2017-12-25 08:44 - 2017-11-02 12:26 - 000371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
    2017-12-25 08:44 - 2017-11-02 12:26 - 000068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll
    2017-12-25 08:44 - 2017-11-02 12:25 - 012227072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2017-12-25 08:44 - 2017-11-02 12:24 - 007598080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2017-12-25 08:44 - 2017-11-02 12:24 - 000463872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
    2017-12-25 08:44 - 2017-11-02 12:24 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Launcher.dll
    2017-12-25 08:44 - 2017-11-02 12:23 - 000680960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
    2017-12-25 08:44 - 2017-11-02 12:23 - 000590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
    2017-12-25 08:44 - 2017-11-02 12:23 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsreg.dll
    2017-12-25 08:44 - 2017-11-02 12:22 - 001884160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2017-12-25 08:44 - 2017-11-02 12:22 - 001494528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
    2017-12-25 08:44 - 2017-11-02 12:21 - 004417024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-12-25 08:44 - 2017-11-02 12:21 - 000787456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-12-25 08:44 - 2017-10-25 15:40 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
    2017-12-25 08:44 - 2017-10-15 23:09 - 002259760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
    2017-12-25 08:44 - 2017-10-15 23:01 - 000583160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
    2017-12-25 08:44 - 2017-10-15 22:51 - 000584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
    2017-12-25 08:44 - 2017-10-15 22:49 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
    2017-12-25 08:44 - 2017-10-15 22:45 - 001292288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
    2017-12-25 08:44 - 2017-10-15 22:44 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
    2017-12-25 08:44 - 2017-10-15 22:42 - 005225984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2017-12-25 08:44 - 2017-10-15 22:42 - 003667456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
    2017-12-25 08:44 - 2017-10-15 22:38 - 000089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
    2017-12-25 08:41 - 2017-11-30 11:23 - 007910960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
    2017-12-25 08:41 - 2017-11-30 10:45 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
    2017-12-25 08:41 - 2017-11-30 10:44 - 000042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
    2017-12-25 08:41 - 2017-11-30 10:42 - 001878016 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
    2017-12-25 08:41 - 2017-11-30 10:37 - 001293824 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
    2017-12-25 08:41 - 2017-11-30 10:36 - 005557760 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
    2017-12-25 08:41 - 2017-11-17 16:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-12-25 08:41 - 2017-11-02 13:20 - 000469568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-12-25 08:41 - 2017-11-02 13:13 - 001345600 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2017-12-25 08:41 - 2017-11-02 13:13 - 000095640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
    2017-12-25 08:41 - 2017-11-02 13:12 - 000026472 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-12-25 08:41 - 2017-11-02 12:37 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
    2017-12-25 08:41 - 2017-11-02 12:35 - 000228352 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
    2017-12-25 08:41 - 2017-11-02 12:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2017-12-25 08:41 - 2017-11-02 12:35 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-12-25 08:41 - 2017-11-02 12:34 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
    2017-12-25 08:41 - 2017-11-02 12:34 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
    2017-12-25 08:41 - 2017-11-02 12:34 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-12-25 08:41 - 2017-11-02 12:34 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
    2017-12-25 08:41 - 2017-11-02 12:33 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\CertPKICmdlet.dll
    2017-12-25 08:41 - 2017-11-02 12:32 - 008213504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2017-12-25 08:41 - 2017-11-02 12:32 - 000255488 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2017-12-25 08:41 - 2017-11-02 12:32 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Storage.dll
    2017-12-25 08:41 - 2017-11-02 12:30 - 000601088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Launcher.dll
    2017-12-25 08:41 - 2017-11-02 12:30 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe
    2017-12-25 08:41 - 2017-11-02 12:29 - 000415232 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
    2017-12-25 08:41 - 2017-11-02 12:27 - 000565248 _____ (Microsoft Corporation) C:\Windows\system32\dsreg.dll
    2017-12-25 08:41 - 2017-11-02 12:27 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
    2017-12-25 08:41 - 2017-11-02 12:26 - 001937408 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2017-12-25 08:41 - 2017-11-02 12:26 - 000986624 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-12-25 08:41 - 2017-11-02 12:25 - 003377664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2017-12-25 08:41 - 2017-11-02 12:25 - 002052608 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
    2017-12-25 08:41 - 2017-11-02 12:23 - 002449408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-12-25 08:41 - 2017-11-02 12:23 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
    2017-12-25 08:41 - 2017-10-15 22:15 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
    2017-12-25 08:41 - 2017-10-15 22:08 - 001260544 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
    2017-12-25 08:41 - 2017-10-15 22:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll
    2017-12-25 08:40 - 2017-11-30 11:33 - 000038808 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
    2017-12-25 08:40 - 2017-11-30 11:23 - 001194248 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
    2017-12-25 08:40 - 2017-11-30 10:45 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-12-25 08:40 - 2017-11-30 10:44 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
    2017-12-25 08:40 - 2017-11-30 10:43 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
    2017-12-25 08:40 - 2017-11-30 10:42 - 000560640 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
    2017-12-25 08:40 - 2017-11-30 10:42 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2017-12-25 08:40 - 2017-11-30 10:41 - 000527360 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
    2017-12-25 08:40 - 2017-11-30 10:41 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
    2017-12-25 08:40 - 2017-11-30 10:41 - 000222208 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
    2017-12-25 08:40 - 2017-11-30 10:39 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
    2017-12-25 08:40 - 2017-11-17 17:46 - 000678808 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-12-25 08:40 - 2017-11-17 17:46 - 000484248 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
    2017-12-25 08:40 - 2017-11-17 17:46 - 000136088 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-12-25 08:40 - 2017-11-17 17:46 - 000034712 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
    2017-12-25 08:40 - 2017-11-17 17:39 - 005477088 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
    2017-12-25 08:40 - 2017-11-17 16:56 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
    2017-12-25 08:40 - 2017-11-02 13:16 - 002398696 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-12-25 08:40 - 2017-11-02 13:13 - 002443672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-12-25 08:40 - 2017-11-02 13:12 - 000727336 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2017-12-25 08:40 - 2017-11-02 13:12 - 000412752 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2017-12-25 08:40 - 2017-11-02 13:12 - 000319384 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2017-12-25 08:40 - 2017-11-02 13:12 - 000144248 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2017-12-25 08:40 - 2017-11-02 13:12 - 000038808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2017-12-25 08:40 - 2017-11-02 13:10 - 006557520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
    2017-12-25 08:40 - 2017-11-02 13:05 - 000187800 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2017-12-25 08:40 - 2017-11-02 12:37 - 001278976 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
    2017-12-25 08:40 - 2017-11-02 12:37 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
    2017-12-25 08:40 - 2017-11-02 12:37 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
    2017-12-25 08:40 - 2017-11-02 12:36 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
    2017-12-25 08:40 - 2017-11-02 12:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpstorport.sys
    2017-12-25 08:40 - 2017-11-02 12:34 - 000138240 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageLiveTileTask.exe
    2017-12-25 08:40 - 2017-11-02 12:33 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageHandlers.dll
    2017-12-25 08:40 - 2017-11-02 12:33 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\OnDemandConnRouteHelper.dll
    2017-12-25 08:40 - 2017-11-02 12:31 - 000411648 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2017-12-25 08:40 - 2017-11-02 12:31 - 000153088 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
    2017-12-25 08:40 - 2017-11-02 12:30 - 013381120 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2017-12-25 08:40 - 2017-11-02 12:30 - 000719872 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll
    2017-12-25 08:40 - 2017-11-02 12:30 - 000635392 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
    2017-12-25 08:40 - 2017-11-02 12:30 - 000165888 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
    2017-12-25 08:40 - 2017-11-02 12:28 - 000772096 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
    2017-12-25 08:40 - 2017-11-02 12:27 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
    2017-12-25 08:40 - 2017-11-02 12:26 - 004445696 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
    2017-12-25 08:40 - 2017-11-02 12:26 - 003060224 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
    2017-12-25 08:40 - 2017-11-02 12:25 - 001713664 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
    2017-12-25 08:40 - 2017-11-02 12:24 - 004707840 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2017-12-25 08:40 - 2017-11-02 12:19 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
    2017-12-25 08:40 - 2017-10-15 22:57 - 000712600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
    2017-12-25 08:40 - 2017-10-15 22:57 - 000409496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-12-25 08:40 - 2017-10-15 22:53 - 002969880 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
    2017-12-25 08:40 - 2017-10-15 22:53 - 000387928 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
    2017-12-25 08:40 - 2017-10-15 22:49 - 000094616 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2017-12-25 08:40 - 2017-10-15 22:14 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\SEMgrPS.dll
    2017-12-25 08:40 - 2017-10-15 22:13 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
    2017-12-25 08:40 - 2017-10-15 22:10 - 001303040 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
    2017-12-25 08:40 - 2017-10-15 22:05 - 004396032 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
    2017-12-25 08:40 - 2017-10-15 22:02 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkInternalPS.dll
    2017-12-25 08:39 - 2017-11-30 10:39 - 002809344 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
    2017-12-25 08:39 - 2017-11-17 17:46 - 002032536 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2017-12-25 08:39 - 2017-11-17 17:46 - 001578904 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-12-25 08:39 - 2017-11-17 17:46 - 000613784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-12-25 08:39 - 2017-11-17 17:46 - 000612248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-12-25 08:39 - 2017-11-17 17:46 - 000379288 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-12-25 08:39 - 2017-11-17 17:46 - 000259992 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-12-25 08:39 - 2017-11-17 17:46 - 000190360 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-12-25 08:39 - 2017-11-17 17:46 - 000067992 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
    2017-12-25 08:39 - 2017-11-02 13:14 - 000667040 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2017-12-25 08:39 - 2017-11-02 13:13 - 000212888 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
    2017-12-25 08:39 - 2017-11-02 13:12 - 000654976 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
    2017-12-25 08:39 - 2017-11-02 13:12 - 000430848 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2017-12-25 08:39 - 2017-11-02 12:33 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
    2017-12-25 08:39 - 2017-11-02 12:28 - 001468416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
    2017-12-25 08:39 - 2017-11-02 12:28 - 000939008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
    2017-12-25 08:39 - 2017-11-02 12:25 - 001886208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
    2017-12-25 08:39 - 2017-10-15 22:59 - 000923040 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
    2017-12-25 08:39 - 2017-10-15 22:56 - 000872464 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
    2017-12-25 08:39 - 2017-10-15 22:08 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
    2017-12-24 18:03 - 2017-12-24 18:03 - 000012214 _____ C:\Users\Home\Desktop\ideas.txt
    2017-12-24 14:21 - 2018-01-14 20:30 - 000001313 _____ C:\Users\Home\Desktop\resmon.lnk
    2017-12-24 13:55 - 2017-12-24 13:55 - 000001400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk
    2017-12-24 13:54 - 2017-12-24 13:55 - 000000000 ____D C:\ProgramData\PlugCache
    2017-12-24 13:54 - 2017-12-24 13:54 - 000000000 ____D C:\Users\Home\AppData\Local\DBG
    2017-12-24 13:44 - 2018-01-15 15:54 - 000000000 ____D C:\Users\Home\AppData\Local\ElevatedDiagnostics
    2017-12-24 09:22 - 2018-01-15 14:46 - 000329992 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-12-24 09:01 - 2017-12-24 09:01 - 000000000 _____ C:\Windows\SysWOW64\last.dump
    2017-12-24 08:54 - 2017-12-24 08:54 - 000000000 ____D C:\Program Files\Common Files\Avast Software
    2017-12-24 08:53 - 2017-12-24 08:53 - 000061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
    2017-12-24 08:21 - 2017-12-24 08:21 - 000000000 ____D C:\Users\Home\AppData\Local\NVIDIA Corporation
    2017-12-24 00:47 - 2017-12-24 00:47 - 000000000 ____D C:\Program Files\AVAST Software
    2017-12-24 00:46 - 2017-12-24 08:52 - 000000000 ____D C:\ProgramData\AVAST Software
    2017-12-24 00:35 - 2017-12-24 00:35 - 000000000 ____D C:\Users\Home\AppData\Local\Intel
    2017-12-24 00:34 - 2017-12-24 00:34 - 000000000 ____D C:\ProgramData\Intel
    2017-12-24 00:31 - 2017-12-24 00:31 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudioPro.lnk
    2017-12-24 00:31 - 2017-12-24 00:31 - 000000000 ____D C:\Program Files\Waves
    2017-12-24 00:25 - 2017-12-24 00:25 - 000002446 _____ C:\Users\Home\Desktop\driver udpaet.txt
    2017-12-23 23:41 - 2017-12-23 23:41 - 000000000 ____D C:\Users\Home\Documents\System Report
    2017-12-23 23:38 - 2017-12-23 23:44 - 000000000 ____D C:\Users\Home\AppData\Roaming\FreshDiagnose
    2017-12-23 22:08 - 2017-12-23 22:08 - 000000000 ____D C:\Users\Home\Desktop\New Folder (2)
    2017-12-22 16:25 - 2015-06-18 10:25 - 000087696 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LEqdUsb.sys
    2017-12-22 16:23 - 2017-06-28 04:55 - 000191648 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS2_I2C.sys
    2017-12-22 16:23 - 2017-06-28 04:55 - 000098976 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS2_GPIO2.sys
    2017-12-22 16:23 - 2017-05-08 19:39 - 001730296 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01009.dll
    2017-12-22 16:23 - 2017-05-08 19:39 - 000038480 _____ (Intel Corporation) C:\Windows\system32\Drivers\ICCWDT.sys
    2017-12-22 16:21 - 2017-10-17 00:08 - 000906240 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
    2017-12-22 16:13 - 2017-12-16 08:23 - 040237456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 036350960 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 035157488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 029381936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 023267096 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 019040512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 013867656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 013255032 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 011781912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 010883744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 004202992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 003817584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 003615032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 001990128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438871.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 001674736 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438871.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 001321448 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 001135464 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 001101104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 001038496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 001032688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 000980880 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 000933360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 000794392 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 000634224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 000616240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2017-12-22 16:13 - 2017-12-16 08:23 - 000506864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2017-12-22 16:12 - 2017-12-16 08:23 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
    2017-12-22 16:12 - 2017-12-16 08:23 - 000000669 _____ C:\Windows\system32\nv-vk64.json
    2017-12-22 16:05 - 2017-12-14 03:52 - 003677120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2017-12-22 16:05 - 2017-12-13 23:08 - 015292305 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
    2017-12-22 16:04 - 2017-12-14 03:55 - 000343672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2017-12-22 16:04 - 2017-12-14 03:54 - 003509168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2017-12-22 16:04 - 2017-12-14 03:54 - 001353288 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2017-12-22 16:04 - 2017-12-14 03:54 - 000691640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
    2017-12-22 16:04 - 2017-12-14 03:53 - 024910440 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioCapture64.dll
    2017-12-22 16:04 - 2017-12-14 03:53 - 024034024 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRenderAVX64.dll
    2017-12-22 16:04 - 2017-12-14 03:52 - 003786672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe
    2017-12-22 16:04 - 2017-12-14 03:52 - 003205568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2017-12-22 16:04 - 2017-12-14 03:52 - 002922944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2017-12-22 15:37 - 2017-10-30 04:06 - 013334260 _____ C:\Windows\system32\Drivers\Netwfw04.dat
    2017-12-19 02:50 - 2017-12-11 07:10 - 000808944 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-01-16 10:38 - 2017-07-13 17:12 - 000000000 ____D C:\Users\Home\AppData\Local\ClassicShell
    2018-01-16 10:37 - 2017-07-14 03:37 - 000000000 __SHD C:\Users\Home\IntelGraphicsProfiles
    2018-01-16 10:37 - 2017-07-14 03:19 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-01-16 10:37 - 2017-03-18 20:03 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-01-16 10:36 - 2017-03-19 05:03 - 000000000 ___HD C:\Windows\system32\GroupPolicy
    2018-01-16 10:36 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\Registration
    2018-01-16 10:36 - 2017-03-18 19:40 - 000262144 _____ C:\Windows\system32\config\BBI
    2018-01-16 09:41 - 2017-08-18 12:53 - 000000000 ____D C:\Users\Home\Desktop\movies
    2018-01-16 02:53 - 2017-03-18 20:02 - 000000000 ____D C:\Windows\system32\SleepStudy
    2018-01-15 21:48 - 2017-03-18 13:02 - 000000000 ____D C:\Windows\Panther
    2018-01-15 21:42 - 2017-07-27 19:33 - 000019053 _____ C:\Windows\diagwrn.xml
    2018-01-15 21:42 - 2017-07-27 19:33 - 000019053 _____ C:\Windows\diagerr.xml
    2018-01-15 21:29 - 2017-03-18 19:40 - 000032768 _____ C:\Windows\system32\config\ELAM
    2018-01-15 21:26 - 2017-09-30 23:09 - 000000000 ___HD C:\$WINDOWS.~BT
    2018-01-15 21:26 - 2017-03-19 05:01 - 000000000 ____D C:\Windows\INF
    2018-01-15 20:36 - 2017-07-16 12:34 - 000000000 ____D C:\Users\Home\AppData\Roaming\vlc
    2018-01-15 18:17 - 2017-03-18 20:13 - 000000000 ____D C:\Users\Home\AppData\Local\Packages
    2018-01-15 16:54 - 2017-03-18 20:11 - 001787510 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-01-15 16:49 - 2017-07-14 03:29 - 000000000 ____D C:\Program Files\Realtek
    2018-01-15 16:24 - 2017-03-18 20:12 - 000000000 ____D C:\Users\Home
    2018-01-15 16:16 - 2017-07-14 07:10 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
    2018-01-14 20:30 - 2017-07-15 11:16 - 000001104 _____ C:\Users\Home\Desktop\QuickGamma.lnk
    2018-01-14 14:38 - 2017-03-18 20:13 - 000000000 ____D C:\Users\Home\AppData\Roaming\Adobe
    2018-01-14 11:25 - 2017-03-19 05:03 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-01-14 11:25 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\AppReadiness
    2018-01-10 15:50 - 2017-03-19 04:51 - 000000000 ____D C:\Windows\CbsTemp
    2018-01-10 14:13 - 2017-09-07 20:05 - 000000000 ____D C:\ProgramData\Oracle
    2018-01-10 14:10 - 2017-09-07 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2018-01-10 14:10 - 2017-09-07 20:05 - 000000000 ____D C:\Program Files (x86)\Java
    2018-01-10 14:06 - 2017-09-07 20:06 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2018-01-10 12:41 - 2017-07-13 17:33 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-01-10 12:41 - 2017-03-19 05:03 - 000000000 ____D C:\Program Files\IP Address Messenger
    2018-01-09 21:08 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\rescache
    2018-01-09 19:19 - 2017-03-18 20:13 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-01-09 19:12 - 2017-03-19 05:03 - 000000000 ___SD C:\Windows\SysWOW64\F12
    2018-01-09 19:12 - 2017-03-19 05:03 - 000000000 ___SD C:\Windows\system32\F12
    2018-01-09 19:12 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\system32\en-GB
    2018-01-09 18:35 - 2017-07-14 22:54 - 000000000 ____D C:\ProgramData\Skype
    2018-01-09 18:30 - 2017-07-26 18:34 - 000000000 ____D C:\Users\Home\Documents\PlagiarismCheckerX
    2018-01-09 18:04 - 2017-07-14 03:25 - 000000000 ____D C:\Users\Home\AppData\Roaming\Skype
    2018-01-08 08:22 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\system32\NDF
    2018-01-05 09:32 - 2017-07-14 03:37 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
    2018-01-05 09:32 - 2017-07-14 03:20 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2018-01-04 15:25 - 2017-07-14 05:46 - 000000000 ____D C:\Users\Home\AppData\LocalLow\uTorrent
    2018-01-04 15:25 - 2017-07-14 05:45 - 000000000 ____D C:\Users\Home\AppData\Roaming\uTorrent
    2018-01-03 15:31 - 2017-07-29 16:21 - 000000000 ____D C:\Users\Home\AppData\Roaming\TeamViewer
    2018-01-03 14:44 - 2017-08-02 21:52 - 000000000 ____D C:\ProgramData\Apple
    2018-01-03 09:37 - 2017-07-13 18:02 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
    2018-01-03 09:37 - 2017-07-13 18:02 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
    2017-12-31 16:39 - 2017-07-21 13:23 - 000000000 ____D C:\Users\Home\Desktop\[backup] edit pics
    2017-12-31 16:32 - 2017-08-03 17:53 - 000000000 ____D C:\Users\Home\Desktop\resume
    2017-12-31 15:26 - 2017-07-14 03:34 - 000000000 ____D C:\Users\Home\Documents\Dell Downloads
    2017-12-29 15:00 - 2017-07-14 03:30 - 000000000 ____D C:\Users\Home\AppData\Local\Deployment
    2017-12-27 09:07 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\SysWOW64\en-GB
    2017-12-27 09:07 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\system32\oobe
    2017-12-27 09:07 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\system32\appraiser
    2017-12-27 09:07 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\ShellExperiences
    2017-12-27 09:07 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\Provisioning
    2017-12-27 09:07 - 2017-03-19 05:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2017-12-27 09:07 - 2017-03-19 05:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-12-25 08:24 - 2017-07-14 03:38 - 000000000 ____D C:\ProgramData\Package Cache
    2017-12-25 08:24 - 2017-07-14 03:37 - 000000000 ____D C:\Program Files\Intel
    2017-12-24 12:21 - 2017-03-19 05:03 - 000000000 ____D C:\Windows\LiveKernelReports
    2017-12-24 09:43 - 2017-07-14 09:17 - 000002656 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
    2017-12-24 09:43 - 2017-07-14 09:17 - 000002648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
    2017-12-24 09:43 - 2017-07-14 09:17 - 000002642 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
    2017-12-24 09:43 - 2017-07-14 09:17 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2017-12-24 09:20 - 2017-07-13 18:13 - 000000000 ____D C:\Windows\Minidump
    2017-12-24 09:19 - 2017-07-21 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
    2017-12-24 09:10 - 2017-07-29 16:21 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2017-12-24 08:21 - 2017-08-02 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    2017-12-24 08:21 - 2017-08-02 21:36 - 000000000 ____D C:\Program Files (x86)\Wondershare
    2017-12-24 08:20 - 2017-07-22 16:50 - 000000000 ____D C:\Users\Home\AppData\Roaming\Opera Software
    2017-12-24 08:15 - 2017-03-18 20:13 - 000000000 ____D C:\Users\Home\AppData\Local\ConnectedDevicesPlatform
    2017-12-24 00:41 - 2017-07-14 03:19 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-12-24 00:41 - 2017-07-14 03:18 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2017-12-24 00:39 - 2017-07-14 03:18 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2017-12-24 00:32 - 2017-07-14 03:34 - 000000000 ____D C:\Windows\system32\RTCOM
    2017-12-24 00:32 - 2017-07-14 03:33 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
    2017-12-24 00:30 - 2017-07-14 03:33 - 000110423 _____ C:\Windows\system32\Drivers\rtkhdasetting.zip
    2017-12-24 00:01 - 2017-07-14 04:05 - 000000000 ____D C:\Windows\system32\MRT
    2017-12-23 23:58 - 2017-10-15 16:39 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
    2017-12-23 23:58 - 2017-07-14 04:04 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-12-23 23:56 - 2017-07-14 03:36 - 000000000 ____D C:\Intel
    2017-12-21 12:35 - 2017-10-22 17:41 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-12-21 12:35 - 2017-10-22 17:41 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-12-20 03:41 - 2016-11-14 22:04 - 003237312 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\rtsuvc.sys
    2017-12-20 03:41 - 2016-11-14 22:04 - 000104384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtCamO64.dll
    2017-12-19 21:18 - 2017-12-10 19:13 - 000000000 ____D C:\Users\Home\Desktop\mba files

    ==================== Files in the root of some directories =======

    2018-01-15 14:43 - 2018-01-15 14:43 - 000000020 ___SH () C:\Users\Home\AppData\Roaming\1816CA7466166.ind
    2018-01-15 14:43 - 2018-01-15 14:43 - 000000020 ___SH () C:\Users\Home\AppData\Roaming\Programs8187ConfigDB.dat

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-01-14 20:41

    ==================== End of FRST.txt ============================
     
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  9. ramesh help

    ramesh help Established Techie7 Member

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 151
    Java version 32-bit out of Date!
    Adobe Flash Player 26.0.0.131
    Google Chrome (63.0.3239.132)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  10. ramesh help

    ramesh help Established Techie7 Member

    Farbar Service Scanner Version: 27-01-2016
    Ran by Home (administrator) on 16-01-2018 at 12:55:58
    Running from "C:\Users\Home\Downloads"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Disabled. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    Windows Autoupdate Disabled Policy:
    ============================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
    "NoAutoUpdate"=DWORD:1


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  11. ramesh help

    ramesh help Established Techie7 Member

  12. ramesh help

    ramesh help Established Techie7 Member

    2018-01-16 04:58:55.937 Sophos Virus Removal Tool version 2.6.1
    2018-01-16 04:58:55.937 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

    2018-01-16 04:58:55.937 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2018-01-16 04:58:55.937 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
    2018-01-16 04:58:55.937 Checking for updates...
    2018-01-16 04:58:55.965 Update progress: proxy server not available
    2018-01-16 04:59:04.631 Option all = no
    2018-01-16 04:59:04.631 Option recurse = yes
    2018-01-16 04:59:04.635 Option archive = no
    2018-01-16 04:59:04.635 Option service = yes
    2018-01-16 04:59:04.635 Option confirm = yes
    2018-01-16 04:59:04.635 Option sxl = yes
    2018-01-16 04:59:04.635 Option max-data-age = 35
    2018-01-16 04:59:04.635 Option vdl-logging = yes
    2018-01-16 04:59:04.663 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2018-01-16 04:59:04.663 Machine ID: 37433a3a3d314ab68c911eed2baaa442
    2018-01-16 04:59:04.663 Component SVRTcli.exe version 2.6.1
    2018-01-16 04:59:04.663 Component control.dll version 2.6.1
    2018-01-16 04:59:04.663 Component SVRTservice.exe version 2.6.1
    2018-01-16 04:59:04.663 Component engine\osdp.dll version 1.44.1.2286
    2018-01-16 04:59:04.663 Component engine\veex.dll version 3.68.6.2286
    2018-01-16 04:59:04.663 Component engine\savi.dll version 9.0.7.2286
    2018-01-16 04:59:04.667 Component rkdisk.dll version 1.5.31.1
    2018-01-16 04:59:04.667 Version info: Product version 2.6.1
    2018-01-16 04:59:04.667 Version info: Detection engine 3.68.6
    2018-01-16 04:59:04.667 Version info: Detection data 5.46
    2018-01-16 04:59:04.667 Version info: Build date 11/28/2017
    2018-01-16 04:59:04.667 Version info: Data files added 365
    2018-01-16 04:59:04.667 Version info: Last successful update (not yet updated)
    2018-01-16 04:59:10.937 Downloading updates...
    2018-01-16 04:59:10.949 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
    2018-01-16 04:59:10.949 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2018-01-16 04:59:10.949 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2018-01-16 04:59:10.949 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
    2018-01-16 04:59:10.949 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
    2018-01-16 04:59:10.949 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
    2018-01-16 04:59:10.949 Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
    2018-01-16 04:59:10.949 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
    2018-01-16 04:59:10.949 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
    2018-01-16 04:59:10.949 Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
    2018-01-16 04:59:10.949 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
    2018-01-16 04:59:10.949 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
    2018-01-16 04:59:10.949 Update progress: [I49502] sdds.data0910.xml: found supplement IDE549 LATEST path= baseVersion= [included from product IDE548 LATEST path=]
    2018-01-16 04:59:10.949 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE549 LATEST path=
    2018-01-16 04:59:10.949 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE549 LATEST path=
    2018-01-16 04:59:10.949 Update progress: [I49502] sdds.data0910.xml: found supplement IDE550 LATEST path= baseVersion= [included from product IDE549 LATEST path=]
    2018-01-16 04:59:10.949 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE550 LATEST path=
    2018-01-16 04:59:10.949 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE550 LATEST path=
    2018-01-16 04:59:10.949 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
    2018-01-16 04:59:11.971 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
    2018-01-16 04:59:11.971 Update progress: [I19463] Product download size 178991033 bytes
    2018-01-16 04:59:13.801 Update progress: [I19463] Syncing product IDE547 LATEST path=
    2018-01-16 04:59:13.801 Update progress: [I19463] Product download size 4521286 bytes
    2018-01-16 04:59:14.029 Update progress: [I19463] Syncing product IDE548 LATEST path=
    2018-01-16 04:59:14.029 Update progress: [I19463] Product download size 3541768 bytes
    2018-01-16 04:59:14.157 Update progress: [I19463] Syncing product IDE549 LATEST path=
    2018-01-16 04:59:14.157 Update progress: [I19463] Product download size 661337 bytes
    2018-01-16 04:59:14.189 Update progress: [I19463] Syncing product IDE550 LATEST path=
    2018-01-16 04:59:14.229 Installing updates...
    2018-01-16 04:59:14.842 Error level 1
    2018-01-16 04:59:25.543 Update successful
    2018-01-16 04:59:34.215 Option all = no
    2018-01-16 04:59:34.215 Option recurse = yes
    2018-01-16 04:59:34.215 Option archive = no
    2018-01-16 04:59:34.215 Option service = yes
    2018-01-16 04:59:34.215 Option confirm = yes
    2018-01-16 04:59:34.215 Option sxl = yes
    2018-01-16 04:59:34.215 Option max-data-age = 35
    2018-01-16 04:59:34.215 Option vdl-logging = yes
    2018-01-16 04:59:34.219 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2018-01-16 04:59:34.219 Machine ID: 37433a3a3d314ab68c911eed2baaa442
    2018-01-16 04:59:34.219 Component SVRTcli.exe version 2.6.1
    2018-01-16 04:59:34.219 Component control.dll version 2.6.1
    2018-01-16 04:59:34.219 Component SVRTservice.exe version 2.6.1
    2018-01-16 04:59:34.219 Component engine\osdp.dll version 1.44.1.2286
    2018-01-16 04:59:34.219 Component engine\veex.dll version 3.68.6.2286
    2018-01-16 04:59:34.219 Component engine\savi.dll version 9.0.7.2286
    2018-01-16 04:59:34.219 Component rkdisk.dll version 1.5.31.1
    2018-01-16 04:59:34.219 Version info: Product version 2.6.1
    2018-01-16 04:59:34.219 Version info: Detection engine 3.68.6
    2018-01-16 04:59:34.219 Version info: Detection data 5.46
    2018-01-16 04:59:34.219 Version info: Build date 11/28/2017
    2018-01-16 04:59:34.219 Version info: Data files added 366
    2018-01-16 04:59:34.219 Version info: Last successful update 1/16/2018 12:59:25 PM

    2018-01-16 05:22:07.962 >>> Virus 'Troj/KMS-A' found in file C:\$WINDOWS.~BT\NewOS\Windows\KMS-R@1nHook.dll
    2018-01-16 05:25:16.339 Could not open C:\$WINDOWS.~BT\NewOS\Windows\System32\config\bbimigrate\BBI
    2018-01-16 06:04:19.392 Could not open C:\hiberfil.sys
    2018-01-16 06:20:08.960 Could not open C:\swapfile.sys
    2018-01-16 06:20:09.494 Could not open C:\System Volume Information\{222bd0ee-fa66-11e7-a903-701ce7413de9}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.495 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.496 Could not open C:\System Volume Information\{3de190d2-f9ca-11e7-a8ff-d1b637c5b060}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.496 Could not open C:\System Volume Information\{3de191c3-f9ca-11e7-a8ff-d1b637c5b060}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.497 Could not open C:\System Volume Information\{3de19207-f9ca-11e7-a8ff-d1b637c5b060}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.497 Could not open C:\System Volume Information\{b7c04f99-f9bf-11e7-a8fc-701ce7413de9}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.498 Could not open C:\System Volume Information\{ecf888ea-f8e5-11e7-a8fb-701ce7413de9}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.498 Could not open C:\System Volume Information\{ecf88a72-f8e5-11e7-a8fb-701ce7413de9}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.499 Could not open C:\System Volume Information\{f6be6c40-f5c9-11e7-a8fa-701ce7413de9}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.500 Could not open C:\System Volume Information\{f6be6d6d-f5c9-11e7-a8fa-701ce7413de9}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.501 Could not open C:\System Volume Information\{f6be70e4-f5c9-11e7-a8fa-701ce7413de9}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.503 Could not open C:\System Volume Information\{f6be71df-f5c9-11e7-a8fa-701ce7413de9}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:20:09.504 Could not open C:\System Volume Information\{fa3e667c-f9d0-11e7-a902-f3e445b4601f}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2018-01-16 06:31:40.836 >>> Virus 'Troj/KMS-A' found in file C:\Windows\KMS-R@1nHook.dll
    2018-01-16 06:50:46.668 Could not open C:\Windows\System32\config\BBI
    2018-01-16 06:50:46.777 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2018-01-16 06:50:46.777 Could not open C:\Windows\System32\config\RegBack\SAM
    2018-01-16 06:50:46.777 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2018-01-16 06:50:46.777 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2018-01-16 06:50:46.792 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2018-01-16 07:21:04.207 The following items will be cleaned up:
    2018-01-16 07:21:04.207 Troj/KMS-A
     
  13. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    10. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    11. Please, let me know, how your computer is doing.
     
  14. ramesh help

    ramesh help Established Techie7 Member

    ok done. thanks. solve
     
  15. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
  16. ramesh help

    ramesh help Established Techie7 Member

    Sorry, i noticed that the explorer keeps hanging. not sure why i did not install anything else beside what you asked for. i have to end task on task manager while using microsoft office also
     
  17. ramesh help

    ramesh help Established Techie7 Member

    shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1
    the remote procedue call failed and did not execute

    error message when i ended explorer.exe via task manager
     
  18. broni

    broni Malware Annihilator Techie7 Moderator Head Security

  19. ramesh help

    ramesh help Established Techie7 Member

    ok already tried. will monitor if it happens again.
     
  20. broni

    broni Malware Annihilator Techie7 Moderator Head Security