• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved Chromium infection?

Status
Not open for further replies.

Tennafa

PCHF Member
PCHF Member
Jun 6, 2018
26
0
44
#1
Installed my browsers back after cleaning and resetting my system and good ole Chromium managed to have itself bundled in one of my installs. I deleted it as much as I could, but the nasty bug keeps making its presence known. Can someone help me find and terminate this 'PUP'? Not the sort of pet I want to keep around ;)
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
3,256
1,660
Sydney, Australia
pchelpforum.net
#2
Chromium itself is a completely legitimate application, BUT if you did not install it then there is a high probability it came bundled with something else you installed and as such may be an issue needing attention.

As such will move this thread to malware removal.
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
3,256
1,660
Sydney, Australia
pchelpforum.net
#3
Please read the following first

Hello Tennafa and welcome to PCHF:)
My Name is gus and I'll be helping you. Before we start can I ask you to read these instructions carefully and if possible print them out for use as we go through the cleaning process. Depending on what tools are in use you may not have access to these instructions.


  • If you are unsure of any request as we progress PLEASE ASK, and remember as we proceed that there is no such thing as a silly question.
  • Please let me know if you are receiving help at another forum on this issue so I can close this thread?
  • At the right hand top of your first post please click on the"Watch thread" marker so you will receive an immediate alert when I reply.
  • Please do not run any tools other than the ones we ask you to, some can be very dangerous and actually make things worse.
  • Should any tools we ask you to use give you a security warning you can safely allow them to run, they have all been proven safe.
  • Download any requested tools and make sure to run them from the desktop, unless specifically instructed otherwise.
  • Please do not install any other software whilst we cleanup, this can complicate the process, making cleaning impossible.
  • With malware it can be impossible to determine the outcome, and whilst we will work to a positive result we strongly recommend you backup all your personal files and folders before we begin.
  • As we proceed with disinfecting it may appear as if your computer is back to normal, but please stay with me till I give you the all clear. In return I will do the same for you.
  • Do remember the fixes used to clean your machine are meant for your computer only, and the use on another computer may cause serious damage to that machine.
  • When your machine has been cleaned we will remove all the tools used, and also give you some tips to keep your computer clean and safe in the future.
  • Finally, please allow me a little time to analyse any logs I request from you, I know you want your computer cleaned yesterday but please remember we are all volunteers here and we do have a life that sometimes takes us away from computers. If your thread gets closed due to no response from you you can PM me or a staff member and have it reopened. Should you not hear from me within 48 hours please PM me.
  • That's the last of the fine print so lets get under way:)


Please go HERE and download AdwCleaner to your Desktop. Once downloaded right click the new icon and select Run as Administrator from the context menu to open the program. It will open at the Dashboard tab and no further changes to the program are necessary at this stage.

Click the Scan Now button.



Allow AdwCleaner to start scanning and depending on the amount of data on your PC it may take some time. At the conclusion of the scan any content considered unnecessary will be displayed in the Scan Results box. Ensure all items are selected for removal and click "Clean & Repair"



After selecting "Clean & Repair" another dialogue box may appear asking to restart now or later. If so choose "Clean & Restart Now"



Once the PC has restarted if AdwCleaner does not restart then open it again and click "Log Files" tab on the left. All log files will be listed. If you have used the program previously you may have several logs to select from so double click the most recent "Clean" log and it will open a notepad file on your Desktop.

Please COPY and PASTE the contents of that file in your next post:



We also need a log from Farbar Recovery Scan Tool (FRST) to examine your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"




If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.



Accept the default whitelist options,
  1. If the additions.txt options box is not checked please select it.
  2. Then select "Scan"


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.




Please COPY and PASTE the contents of these two files in your next post.

Your next post there should be three logs pasted (y)
  1. AdwCleaner
  2. FRST.txt
  3. Addition.txt
 

Tennafa

PCHF Member
PCHF Member
Jun 6, 2018
26
0
44
#4
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-07.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-10-2018
# Duration: 00:00:11
# OS: Windows 10 Home
# Cleaned: 7
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\csastats

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted Ask
Deleted Ask
Deleted AOL
Deleted AOL
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1447 octets] - [10/06/2018 01:28:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by Doneff Family (administrator) on DESKTOP-SGC4SIS (10-06-2018 01:34:39)
Running from C:\Users\Doneff Family\Desktop
Loaded Profiles: Doneff Family (Available Profiles: Doneff Family)
Platform: Windows 10 Home Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
() C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
() C:\Windows\jmesoft\Service.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\update\UpdateAgent.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
Failed to access process -> McSvHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Lenovo) C:\Program Files\Lenovo\QuickOptimizer\QuickOptimizerIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412952 2015-09-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1413384 2015-09-30] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [UMonit] => C:\Windows\SysWOW64\UMonit64.exe [53832 2015-07-15] ()
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\...\Run: [OneDrive] => "C:\Users\Doneff Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3201312 2018-06-08] (Valve Corporation)
HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\...\Run: [Chromium] => c:\users\doneff family\appdata\local\chromium\application\chrome.exe [829440 2017-02-15] (The Chromium Authors)
HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd)
HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\...\RunOnce: [Adobe Speed Launcher] => 1528608667

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6ebf827e-a573-4a5a-a9fc-0d545af93b34}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-10-19] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-10-19] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: yf00cps5.default
FF ProfilePath: C:\Users\Doneff Family\AppData\Roaming\Mozilla\Firefox\Profiles\yf00cps5.default [2018-06-09]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Doneff Family\AppData\Roaming\Mozilla\Firefox\Profiles\yf00cps5.default\features\{2a017961-b7aa-4d07-98f1-c56ba634ab25}\[email protected] [2018-06-07] [Legacy]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-06-07] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-07] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-10-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-10-19] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/webhp?sourceid=chrome-instant&espv=210&es_th=1&ie=UTF-8"
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default [2018-06-10]
CHR Extension: (Slides) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-07]
CHR Extension: (Docs) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-07]
CHR Extension: (Google Drive) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-07]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-07]
CHR Extension: (Sheets) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-07]
CHR Extension: (Fair AdBlocker) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2018-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07]
CHR Extension: (Gmail) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-07]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-07]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-06-10]
CHR Extension: (Slides) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-09]
CHR Extension: (Docs) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-09]
CHR Extension: (Google Drive) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-09]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-09]
CHR Extension: (Sheets) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-09]
CHR Extension: (Gmail) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-09]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-06-09]
CHR Extension: (Slides) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-09]
CHR Extension: (Docs) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-09]
CHR Extension: (Google Drive) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-09]
CHR Extension: (YouTube) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-09]
CHR Extension: (Sheets) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-09]
CHR Extension: (Gmail) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-09]
CHR Extension: (Chrome Media Router) - C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR Profile: C:\Users\Doneff Family\AppData\Local\Google\Chrome\User Data\System Profile [2018-06-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 FastbootService; C:\Program Files (x86)\Lenovo\LenovoPortal\FastBoot\FbService.exe [288768 2015-09-08] (Lenovo) [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [30624 2015-07-16] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
R2 LenovoPortalService; C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe [24312 2015-09-08] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-07-01] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-10-19] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 UpdateAgentService; C:\Program Files\update\UpdateAgent.exe [226216 2015-09-08] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-08] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-08] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-08-02] (McAfee, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-06-08] (Malwarebytes)
R0 Fastboot; C:\WINDOWS\System32\DRIVERS\Fastboot.sys [67608 2015-09-08] (Windows (R) Win 7 DDK provider) [File not signed]
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-06-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-06-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-10] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-06-10] (Malwarebytes)
R2 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-08-02] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-08-02] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243496 2016-08-02] (McAfee, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvle.inf_amd64_fcbf876c2536c2ec\nvlddmkm.sys [17036560 2018-02-13] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [598784 2015-06-15] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2018-04-11] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-06-08] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-06-08] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [159936 2016-08-16] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-08] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-06-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-06-07] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-10 01:34 - 2018-06-10 01:35 - 000023422 _____ C:\Users\Doneff Family\Desktop\FRST.txt
2018-06-10 01:34 - 2018-06-10 01:34 - 000000000 ____D C:\FRST
2018-06-10 01:28 - 2018-06-10 01:29 - 000000000 ____D C:\AdwCleaner
2018-06-10 01:26 - 2018-06-10 01:26 - 002413056 _____ (Farbar) C:\Users\Doneff Family\Desktop\FRST64.exe
2018-06-10 01:24 - 2018-06-10 01:25 - 007372496 _____ (Malwarebytes) C:\Users\Doneff Family\Desktop\adwcleaner_7.2.0.exe
2018-06-09 22:15 - 2018-06-09 22:15 - 000002300 _____ C:\Users\Public\Desktop\Aion.lnk
2018-06-09 22:15 - 2018-06-09 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2018-06-09 22:15 - 2018-06-09 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2018-06-09 22:15 - 2018-06-09 22:15 - 000000000 ____D C:\Program Files (x86)\NCWest
2018-06-09 22:15 - 2018-06-09 22:15 - 000000000 ____D C:\Program Files (x86)\NCSOFT
2018-06-09 22:14 - 2018-06-09 22:14 - 005003264 _____ (NC Interactive, LLC) C:\Users\Doneff Family\Downloads\AionInstaller.exe
2018-06-09 17:50 - 2018-06-09 17:50 - 000002503 _____ C:\Users\Doneff Family\Desktop\J.J. - Chrome.lnk
2018-06-09 15:25 - 2018-06-09 15:26 - 000002503 _____ C:\Users\Doneff Family\Desktop\Nick - Chrome.lnk
2018-06-09 15:25 - 2018-06-09 15:25 - 000002459 _____ C:\Users\Doneff Family\Desktop\Tennafa - Chrome.lnk
2018-06-08 22:42 - 2018-06-10 01:30 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-06-08 22:42 - 2018-06-08 22:42 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-06-08 16:50 - 2018-06-10 01:30 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-06-08 16:46 - 2018-06-10 01:35 - 000041983 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-06-08 16:46 - 2018-06-10 01:34 - 000072922 _____ C:\WINDOWS\ZAM.krnl.trace
2018-06-08 13:58 - 2018-06-08 13:57 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-06-08 12:53 - 2018-06-08 12:54 - 000003540 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3420273172-2562434122-3499667742-1001UA
2018-06-08 12:53 - 2018-06-08 12:54 - 000003272 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3420273172-2562434122-3499667742-1001Core
2018-06-08 08:34 - 2018-06-08 08:34 - 000000000 ____D C:\ProgramData\HP
2018-06-08 08:33 - 2018-06-08 08:33 - 000000000 ____D C:\Users\Doneff Family\AppData\LocalLow\Adobe
2018-06-07 23:18 - 2018-06-07 23:18 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-06-07 23:18 - 2018-06-07 23:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-06-07 23:17 - 2018-06-07 23:17 - 000000000 ____D C:\ProgramData\Intel Security
2018-06-07 23:17 - 2018-06-07 23:17 - 000000000 ____D C:\Program Files\Common Files\Intel Security
2018-06-07 23:15 - 2018-06-07 23:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-06-07 23:15 - 2018-06-07 23:15 - 000000000 ____D C:\Program Files\Common Files\AV
2018-06-07 23:08 - 2018-06-07 23:08 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-06-07 23:08 - 2018-06-07 23:08 - 000002886 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-06-07 23:08 - 2018-06-07 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-06-07 23:08 - 2018-06-07 23:08 - 000000000 ____D C:\Program Files\CCleaner
2018-06-07 23:06 - 2018-06-07 23:09 - 000000000 ___RD C:\Users\Doneff Family\Desktop\Toolbox
2018-06-07 23:05 - 2018-06-10 01:30 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-07 23:05 - 2018-06-10 01:30 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-06-07 23:04 - 2018-06-08 22:42 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-07 23:04 - 2018-06-07 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-07 23:04 - 2018-06-07 23:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-07 23:04 - 2018-06-07 23:04 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-07 23:02 - 2018-06-07 23:02 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-06-07 23:02 - 2018-06-07 23:02 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-06-07 23:02 - 2018-06-07 23:02 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\Zemana
2018-06-07 23:02 - 2018-06-07 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-06-07 23:02 - 2018-06-07 23:02 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-06-07 22:50 - 2018-06-07 22:50 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\chromium
2018-06-07 22:27 - 2018-06-07 22:27 - 000003394 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3420273172-2562434122-3499667742-1001
2018-06-07 22:09 - 2018-06-09 23:50 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\D3DSCache
2018-06-07 22:09 - 2018-06-07 22:09 - 000000000 ____D C:\Users\Doneff Family\AppData\Roaming\MKKE
2018-06-07 22:09 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2018-06-07 22:09 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2018-06-07 22:09 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2018-06-07 22:09 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2018-06-07 22:09 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2018-06-07 22:09 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2018-06-07 22:09 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2018-06-07 22:09 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2018-06-07 22:09 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2018-06-07 22:09 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2018-06-07 22:09 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2018-06-07 22:09 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2018-06-07 22:08 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2018-06-07 22:08 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2018-06-07 22:08 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2018-06-07 22:08 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2018-06-07 22:08 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2018-06-07 22:08 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2018-06-07 22:08 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2018-06-07 22:08 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2018-06-07 22:08 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2018-06-07 22:08 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2018-06-07 22:08 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2018-06-07 22:08 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2018-06-07 22:08 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2018-06-07 22:08 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2018-06-07 22:08 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2018-06-07 22:08 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2018-06-07 22:08 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2018-06-07 22:08 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2018-06-07 22:08 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2018-06-07 22:08 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2018-06-07 22:08 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2018-06-07 22:08 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2018-06-07 22:08 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2018-06-07 22:08 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2018-06-07 22:08 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2018-06-07 22:08 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2018-06-07 22:08 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2018-06-07 22:08 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2018-06-07 22:08 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2018-06-07 22:08 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2018-06-07 22:08 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2018-06-07 22:08 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2018-06-07 22:08 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2018-06-07 22:08 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2018-06-07 22:08 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2018-06-07 22:08 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2018-06-07 22:08 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2018-06-07 22:08 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2018-06-07 22:08 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2018-06-07 22:08 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2018-06-07 22:08 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2018-06-07 22:08 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2018-06-07 22:08 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2018-06-07 22:08 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2018-06-07 22:08 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2018-06-07 22:08 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2018-06-07 22:08 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2018-06-07 22:08 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2018-06-07 22:08 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2018-06-07 22:08 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2018-06-07 22:08 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2018-06-07 22:08 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2018-06-07 22:08 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2018-06-07 22:08 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2018-06-07 22:08 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2018-06-07 22:08 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2018-06-07 22:08 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2018-06-07 22:08 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2018-06-07 22:08 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2018-06-07 22:08 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2018-06-07 22:08 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2018-06-07 22:08 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2018-06-07 22:08 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2018-06-07 22:08 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2018-06-07 22:08 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2018-06-07 22:08 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2018-06-07 22:08 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2018-06-07 22:08 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2018-06-07 22:08 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2018-06-07 22:08 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2018-06-07 22:08 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2018-06-07 22:08 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2018-06-07 22:08 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2018-06-07 22:08 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2018-06-07 22:08 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2018-06-07 22:08 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2018-06-07 22:08 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2018-06-07 22:08 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2018-06-07 22:08 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2018-06-07 22:08 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2018-06-07 22:08 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2018-06-07 22:08 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2018-06-07 22:08 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2018-06-07 22:08 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2018-06-07 22:08 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2018-06-07 22:08 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2018-06-07 22:08 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2018-06-07 22:08 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2018-06-07 22:08 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2018-06-07 22:08 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2018-06-07 22:08 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2018-06-07 22:08 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2018-06-07 22:08 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2018-06-07 22:08 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2018-06-07 22:08 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2018-06-07 22:08 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2018-06-07 22:08 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2018-06-07 22:08 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2018-06-07 22:08 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2018-06-07 22:08 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2018-06-07 22:08 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2018-06-07 22:08 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2018-06-07 22:08 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2018-06-07 22:08 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2018-06-07 22:08 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2018-06-07 22:08 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2018-06-07 22:08 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2018-06-07 22:08 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2018-06-07 22:08 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2018-06-07 22:08 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2018-06-07 22:08 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2018-06-07 22:08 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2018-06-07 22:08 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2018-06-07 22:08 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2018-06-07 22:08 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2018-06-07 22:08 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2018-06-07 22:08 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2018-06-07 22:08 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2018-06-07 22:08 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2018-06-07 22:08 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2018-06-07 22:08 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2018-06-07 22:08 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2018-06-07 22:08 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2018-06-07 22:08 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2018-06-07 22:08 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2018-06-07 22:08 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2018-06-07 22:08 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2018-06-07 22:08 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2018-06-07 22:08 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2018-06-07 22:08 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2018-06-07 22:08 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2018-06-07 22:08 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2018-06-07 22:08 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2018-06-07 22:08 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2018-06-07 22:08 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2018-06-07 22:08 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2018-06-07 22:08 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2018-06-07 22:08 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2018-06-07 22:08 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2018-06-07 22:08 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2018-06-07 22:08 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2018-06-07 22:08 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2018-06-07 22:08 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2018-06-07 22:08 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2018-06-07 22:08 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2018-06-07 22:08 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2018-06-07 22:08 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2018-06-07 22:08 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2018-06-07 22:08 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2018-06-07 22:08 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2018-06-07 22:08 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2018-06-07 22:08 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2018-06-07 22:08 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2018-06-07 22:08 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2018-06-07 22:08 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2018-06-07 22:08 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2018-06-07 22:08 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2018-06-07 22:08 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2018-06-07 22:08 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2018-06-07 22:08 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2018-06-07 22:08 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2018-06-07 22:08 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2018-06-07 22:08 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2018-06-07 22:08 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2018-06-07 22:08 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2018-06-07 22:08 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2018-06-07 22:08 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2018-06-07 22:08 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2018-06-07 22:08 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2018-06-07 22:08 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2018-06-07 21:11 - 2018-06-07 21:11 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-06-07 21:11 - 2018-06-07 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-06-07 21:11 - 2018-06-07 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2018-06-07 21:11 - 2018-06-07 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-06-07 21:11 - 2015-09-07 19:05 - 000002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2018-06-07 21:11 - 2015-04-28 14:06 - 000043256 _____ C:\WINDOWS\system32\oemlogo.bmp
2018-06-07 21:10 - 2018-06-07 23:11 - 000000000 ____D C:\WINDOWS\Panther
2018-06-07 21:08 - 2018-06-07 21:08 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-06-07 21:08 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\Setup
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-06-07 21:07 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\OCR
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\Program Files\MSBuild
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-06-07 21:07 - 2018-06-07 21:07 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\system32\0409
2018-06-07 21:06 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-06-07 21:04 - 2018-06-05 19:29 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-07 21:04 - 2018-06-05 19:29 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-07 21:03 - 2018-06-07 21:09 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-06-07 21:03 - 2018-06-07 21:01 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-06-07 21:03 - 2018-06-07 21:01 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-06-07 21:03 - 2018-06-07 21:01 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-06-07 21:03 - 2018-06-07 21:01 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-06-07 21:03 - 2018-06-07 21:01 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-06-07 21:03 - 2018-06-07 21:01 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-06-07 21:03 - 2018-06-07 21:01 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-06-07 21:03 - 2018-06-07 21:01 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-06-07 21:03 - 2018-06-07 21:01 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-06-07 21:02 - 2018-06-10 01:32 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-07 21:02 - 2018-06-09 22:15 - 000000000 ___RD C:\Program Files (x86)
2018-06-07 21:02 - 2018-06-09 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-07 21:02 - 2018-06-09 00:48 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-07 21:02 - 2018-06-08 16:57 - 000000000 ____D C:\Program Files\Windows Defender
2018-06-07 21:02 - 2018-06-08 07:47 - 000000000 ____D C:\WINDOWS\appcompat
2018-06-07 21:02 - 2018-06-07 23:18 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-07 21:02 - 2018-06-07 22:28 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-07 21:02 - 2018-06-07 21:11 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-07 21:02 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-07 21:02 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-07 21:02 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-06-07 21:02 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-06-07 21:02 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-07 21:02 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-07 21:02 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-06-07 21:02 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\Provisioning
2018-06-07 21:02 - 2018-06-07 21:08 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-07 21:02 - 2018-06-07 21:08 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-07 21:02 - 2018-06-07 21:08 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-07 21:02 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-07 21:02 - 2018-06-07 21:07 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\system32\com
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\IME
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\Program Files\Common Files\system
2018-06-07 21:02 - 2018-06-07 21:06 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 __RSD C:\WINDOWS\media
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\my-mm
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\ias
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-06-07 21:02 - 2018-06-07 21:03 - 000000000 ____D C:\WINDOWS\IdentityCRL
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\Web
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\WaaS
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\Vss
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\tracing
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\TAPI
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SystemResources
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SystemApps
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\ras
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\IME
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\DriverState
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\System
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SKB
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\ServiceState
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\security
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\schemas
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\SchCache
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\Resources
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\rescache
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\PLA
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\Performance
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\InputMethod
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\Globalization
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\Cursors
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\Branding
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\addins
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\Program Files\Windows Security
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\Program Files\windows nt
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\Program Files\Common Files\Services
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-06-07 21:02 - 2018-06-07 21:02 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-06-07 21:02 - 2018-06-07 20:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-06-07 21:02 - 2018-06-07 20:39 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-07 21:02 - 2018-06-07 20:39 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-07 21:02 - 2018-06-07 20:29 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-06-07 21:02 - 2018-06-07 20:29 - 000000000 ____D C:\WINDOWS\Registration
2018-06-07 21:02 - 2018-06-07 20:28 - 000000000 __RHD C:\Users\Public\Libraries
2018-06-07 21:02 - 2018-06-07 20:24 - 000000000 ____D C:\WINDOWS\system32\spool
2018-06-07 21:02 - 2018-06-07 20:18 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-06-07 21:02 - 2018-06-07 20:18 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-07 21:02 - 2018-06-07 20:18 - 000000000 ____D C:\ProgramData\USOPrivate
2018-06-07 21:02 - 2018-06-07 20:17 - 000000000 ____D C:\WINDOWS\Help
2018-06-07 21:01 - 2018-06-10 01:34 - 000000000 ____D C:\WINDOWS\INF
2018-06-07 20:59 - 2018-06-07 20:59 - 000000000 ____D C:\Users\Doneff Family\AppData\Roaming\LSC
2018-06-07 20:57 - 2018-06-09 19:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-07 20:53 - 2018-06-10 01:29 - 077856768 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-06-07 20:53 - 2018-06-10 01:29 - 016252928 _____ C:\WINDOWS\system32\config\SYSTEM
2018-06-07 20:53 - 2018-06-10 01:29 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2018-06-07 20:53 - 2018-06-10 01:29 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-07 20:53 - 2018-06-10 01:29 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2018-06-07 20:53 - 2018-06-10 01:29 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2018-06-07 20:53 - 2018-06-07 21:14 - 000000000 ___HD C:\$SysReset
2018-06-07 20:53 - 2018-06-07 21:06 - 000000000 ____D C:\WINDOWS\servicing
2018-06-07 20:53 - 2018-06-07 21:02 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-06-07 20:53 - 2018-06-07 17:53 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-06-07 20:52 - 2018-06-07 20:52 - 000000000 ____D C:\Users\Doneff Family\REACHit
2018-06-07 20:52 - 2018-06-07 20:52 - 000000000 ____D C:\Users\Doneff Family\AppData\Roaming\Intel Corporation
2018-06-07 20:52 - 2018-06-07 20:52 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\Lenovo
2018-06-07 20:51 - 2018-06-07 22:27 - 000000000 ___RD C:\Users\Doneff Family\OneDrive
2018-06-07 20:51 - 2018-06-07 20:51 - 000001417 _____ C:\Users\Doneff Family\Desktop\Microsoft Edge.lnk
2018-06-07 20:51 - 2018-06-07 20:51 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\Power2Go
2018-06-07 20:51 - 2018-06-07 18:23 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\MicrosoftEdge
2018-06-07 20:50 - 2018-06-07 20:50 - 000000000 ____D C:\Users\Doneff Family\AppData\Roaming\Google
2018-06-07 20:50 - 2018-06-07 20:50 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\Publishers
2018-06-07 20:49 - 2018-06-08 08:33 - 000000000 ____D C:\Users\Doneff Family\AppData\Roaming\Adobe
2018-06-07 20:49 - 2018-06-07 22:55 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\VirtualStore
2018-06-07 20:49 - 2018-06-07 21:12 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\Packages
2018-06-07 20:49 - 2018-06-07 20:49 - 000000000 ___RD C:\Users\Doneff Family\3D Objects
2018-06-07 20:49 - 2018-06-07 19:42 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\ConnectedDevicesPlatform
2018-06-07 20:47 - 2018-06-08 22:27 - 000002245 _____ C:\Users\Doneff Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-07 20:47 - 2018-06-08 18:24 - 000000000 ____D C:\Users\Doneff Family
2018-06-07 20:47 - 2018-06-07 20:47 - 000000020 ___SH C:\Users\Doneff Family\ntuser.ini
2018-06-07 20:39 - 2018-06-08 08:33 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\Adobe
2018-06-07 20:39 - 2018-06-07 20:39 - 000004594 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-07 20:39 - 2018-06-07 20:39 - 000004412 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-06-07 20:39 - 2018-06-07 20:39 - 000000000 ____D C:\Users\Doneff Family\AppData\Roaming\Macromedia
2018-06-07 20:33 - 2018-06-08 12:54 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\Google
2018-06-07 20:33 - 2018-06-08 12:52 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-07 20:33 - 2018-06-08 12:52 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-07 20:33 - 2018-06-07 20:33 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-07 20:33 - 2018-06-07 20:33 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-07 20:33 - 2018-06-07 20:33 - 000000000 ____D C:\Program Files (x86)\Google
2018-06-07 20:30 - 2018-06-07 20:30 - 000000000 _SHDL C:\Users\Default User
2018-06-07 20:30 - 2018-06-07 20:30 - 000000000 _SHDL C:\Users\All Users
2018-06-07 20:29 - 2018-06-10 01:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-07 20:29 - 2018-06-08 16:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-07 20:29 - 2018-06-07 20:56 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2018-06-07 20:29 - 2018-06-07 20:29 - 000002740 _____ C:\WINDOWS\System32\Tasks\OFFICE2013ACT
2018-06-07 20:29 - 2018-06-07 20:29 - 000002212 _____ C:\WINDOWS\System32\Tasks\PDVDServ12 Task
2018-06-07 20:29 - 2018-04-11 19:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-06-07 20:28 - 2018-06-07 20:28 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-06-07 20:25 - 2018-06-07 20:25 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-06-07 20:23 - 2018-06-09 14:06 - 000000000 ____D C:\Users\Doneff Family\AppData\LocalLow\Mozilla
2018-06-07 20:23 - 2018-06-07 20:27 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\Mozilla
2018-06-07 20:23 - 2018-06-07 20:23 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-07 20:23 - 2018-06-07 20:23 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-06-07 20:23 - 2018-06-07 20:23 - 000000000 ____D C:\Users\Doneff Family\AppData\Roaming\Mozilla
2018-06-07 20:23 - 2018-06-07 20:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-07 20:22 - 2018-06-07 20:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-07 20:22 - 2018-06-07 20:22 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-06-07 20:18 - 2018-06-07 20:18 - 000000000 ____D C:\ProgramData\USOShared
2018-06-07 20:17 - 2018-06-10 01:30 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-07 20:17 - 2018-06-07 20:23 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-06-07 20:17 - 2018-06-07 20:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-06-07 20:17 - 2018-06-07 20:17 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-06-07 20:17 - 2018-06-07 20:17 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-06-07 20:17 - 2018-06-07 20:17 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-06-07 20:17 - 2017-12-18 23:22 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-06-07 20:17 - 2017-12-18 22:43 - 005964872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-06-07 20:17 - 2017-12-18 22:43 - 002589168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-06-07 20:17 - 2017-12-18 22:43 - 001767224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-06-07 20:17 - 2017-12-18 22:43 - 000609312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-06-07 20:17 - 2017-12-18 22:43 - 000450360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-06-07 20:17 - 2017-12-18 22:43 - 000122768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-06-07 20:17 - 2017-12-18 22:43 - 000081808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-06-07 20:17 - 2017-12-14 05:59 - 007917671 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-06-07 20:16 - 2018-06-07 20:16 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-06-07 20:16 - 2018-06-07 20:16 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-06-07 20:16 - 2018-06-07 20:16 - 000000000 ____D C:\Program Files\Realtek
2018-06-07 20:15 - 2018-06-10 01:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-07 20:15 - 2018-06-07 20:26 - 000234720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-07 20:15 - 2018-06-07 20:15 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-06-07 19:51 - 2018-06-09 11:39 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\Steam
2018-06-07 19:51 - 2018-06-07 19:51 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\CEF
2018-06-07 19:46 - 2018-06-10 01:30 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-07 19:46 - 2018-06-07 19:46 - 000001043 _____ C:\Users\Public\Desktop\Steam.lnk
2018-06-07 19:46 - 2018-06-07 19:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-06-07 19:44 - 2018-06-07 19:44 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\PlaceholderTileLogoFolder
2018-06-07 18:23 - 2018-06-07 18:23 - 000000000 ___HD C:\Users\Doneff Family\MicrosoftEdgeBackups
2018-06-07 18:16 - 2018-06-07 18:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-07 18:15 - 2018-06-07 18:15 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-07 18:15 - 2018-06-07 18:15 - 141696960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-07 18:15 - 2018-06-07 18:15 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2018-06-07 18:15 - 2018-06-07 18:15 - 000002103 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2018-06-07 18:15 - 2018-06-07 18:15 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-06-07 17:58 - 2018-06-07 17:58 - 000000000 ____D C:\Users\Doneff Family\AppData\Local\Comms
2018-05-23 04:10 - 2018-05-23 04:10 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 023862272 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 022707712 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 022002688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 021389360 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 020383720 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 019525120 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 019399168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 013570560 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 012712960 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 012500992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 011903488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 009159064 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-23 04:10 - 2018-05-23 04:10 - 008623104 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 007987712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 007583232 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 007519992 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 007436624 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 006661632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 006569952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 006044104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 005951488 ____N (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 005782528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 004929024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 004867072 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 004706816 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 004372992 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 004070400 ____N (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 003732800 ____N C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 003712000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 003655168 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-23 04:10 - 2018-05-23 04:10 - 003440640 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 003392512 ____N (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 003389952 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 003320320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 003283400 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 003086336 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 003015168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 002961408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 002902528 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 002900992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 002897408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-23 04:10 - 2018-05-23 04:10 - 002841312 ____N C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 002835864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-23 04:10 - 2018-05-23 04:10 - 002753040 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 002700800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 002486976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 002422168 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-23 04:10 - 2018-05-23 04:10 - 002366976 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 002242208 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 002236928 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-23 04:10 - 2018-05-23 04:10 - 002170368 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001953280 ____N C:\WINDOWS\system32\rdpnano.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001855488 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001817088 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001664512 ____N (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001636352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001634800 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001586176 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001585664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001565592 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001550848 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001534976 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001466368 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001456616 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-23 04:10 - 2018-05-23 04:10 - 001454016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001426328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001421312 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001380864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001258280 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-23 04:10 - 2018-05-23 04:10 - 001235968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001191168 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001174424 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-23 04:10 - 2018-05-23 04:10 - 001160192 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 001063320 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-23 04:10 - 2018-05-23 04:10 - 001034624 ____N (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-23 04:10 - 2018-05-23 04:10 - 001012120 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-23 04:10 - 2018-05-23 04:10 - 000976384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-23 04:10 - 2018-05-23 04:10 - 000960512 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000944640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000933376 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000917504 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000898560 ____N (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000894464 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000885848 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000860160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000836608 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000814592 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000788216 ____N (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000786168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000776880 ____N (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000775680 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000758272 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000733992 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000726528 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000709816 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-23 04:10 - 2018-05-23 04:10 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-23 04:10 - 2018-05-23 04:10 - 000695296 ____N (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-23 04:10 - 2018-05-23 04:10 - 000669184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000668672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000665320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000658432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000624128 ____N (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000619520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000615424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000613376 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000606448 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000604568 ____N (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-23 04:10 - 2018-05-23 04:10 - 000596480 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000585728 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000584192 ____N (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000581120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-23 04:10 - 2018-05-23 04:10 - 000578560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000567136 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000561664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000559968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000553984 ____N (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000543744 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000524800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000494488 ____N (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-23 04:10 - 2018-05-23 04:10 - 000474624 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000473496 ____N (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000444416 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000434584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-23 04:10 - 2018-05-23 04:10 - 000392192 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000382872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-23 04:10 - 2018-05-23 04:10 - 000344064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000288256 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000272288 ____N (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000269216 ____N (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000256000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000241664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000171520 ____N (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000170904 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-23 04:10 - 2018-05-23 04:10 - 000159744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000154112 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000150528 ____N (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000150016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000143360 ____N (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000142336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000134552 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000117760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000046592 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2018-05-23 04:10 - 2018-05-23 04:10 - 000023552 ____N (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000019968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-23 04:10 - 2018-05-23 04:10 - 000001312 ____N C:\WINDOWS\system32\tcbres.wim
2018-05-23 04:07 - 2018-05-23 04:07 - 001166520 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-23 04:07 - 2018-05-23 04:07 - 000778936 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-23 04:07 - 2018-05-23 04:07 - 000124624 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-23 04:07 - 2018-05-23 04:07 - 000103120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-23 04:07 - 2018-05-23 04:07 - 000035456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-23 04:07 - 2018-05-23 04:07 - 000035456 ____N (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-23 04:06 - 2018-05-23 04:06 - 004492288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-23 04:06 - 2018-05-23 04:06 - 003398144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-23 04:06 - 2018-05-23 04:06 - 000925696 ____N (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-23 04:06 - 2018-05-23 04:06 - 000575488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-23 04:06 - 2018-05-23 04:06 - 000100352 ____N (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-23 04:06 - 2018-05-23 04:06 - 000082432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-23 04:06 - 2018-05-23 04:06 - 000076060 ____N C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-23 04:06 - 2018-05-23 04:06 - 000076060 ____N C:\WINDOWS\system32\xpsrchvw.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-10 01:34 - 2015-07-16 11:54 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-09 22:15 - 2015-09-07 19:09 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-06-08 13:35 - 2015-09-07 19:05 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-06-07 23:20 - 2015-09-07 19:05 - 000000000 ____D C:\ProgramData\McAfee
2018-06-07 23:19 - 2015-09-07 19:05 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-06-07 20:49 - 2015-07-16 11:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-07 20:28 - 2015-09-08 09:04 - 000000000 ____D C:\Users\Public\Documents\Lenovo
2018-06-07 20:28 - 2015-07-10 07:04 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-06-07 20:24 - 2015-09-08 09:02 - 000000000 ____D C:\WINDOWS\jmesoft
2018-06-07 20:24 - 2015-09-08 09:02 - 000000000 ____D C:\ProgramData\Realtek
2018-06-07 20:24 - 2015-09-07 19:11 - 000000000 ____D C:\Users\Public\CyberLink
2018-06-07 20:24 - 2015-09-07 19:11 - 000000000 ____D C:\ProgramData\Office2013
2018-06-07 20:24 - 2015-09-07 19:09 - 000000000 ____D C:\ProgramData\Temp
2018-06-07 20:24 - 2015-09-07 19:09 - 000000000 ____D C:\ProgramData\OneKey Recovery
2018-06-07 20:24 - 2015-09-07 19:08 - 000000000 ____D C:\WINDOWS\Downloaded Installations
2018-06-07 20:24 - 2015-09-07 19:08 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-07 20:24 - 2015-07-16 11:50 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-06-07 20:24 - 2015-07-10 07:04 - 000000000 ___RD C:\WINDOWS\PurchaseDialog
2018-06-07 20:24 - 2015-07-10 07:04 - 000000000 ___RD C:\WINDOWS\DesktopTileResources
2018-06-07 20:23 - 2015-09-08 09:03 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-06-07 20:23 - 2015-09-08 09:02 - 000000000 ____D C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
2018-06-07 20:23 - 2015-09-08 09:01 - 000000000 ____D C:\ProgramData\Intel
2018-06-07 20:23 - 2015-09-08 09:01 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-06-07 20:23 - 2015-09-08 09:01 - 000000000 ____D C:\Program Files (x86)\Intel
2018-06-07 20:23 - 2015-09-08 08:59 - 000000000 ____D C:\Program Files (x86)\Genesyslogic
2018-06-07 20:23 - 2015-09-07 19:10 - 000000000 ____D C:\ProgramData\install_clap
2018-06-07 20:23 - 2015-09-07 19:10 - 000000000 ____D C:\ProgramData\CyberLink
2018-06-07 20:23 - 2015-09-07 19:10 - 000000000 ____D C:\Program Files (x86)\Cyberlink
2018-06-07 20:23 - 2015-09-07 19:08 - 000000000 ____D C:\Program Files (x86)\Lenovo
2018-06-07 20:23 - 2015-09-07 19:05 - 000000000 ____D C:\ProgramData\Lenovo
2018-06-07 20:23 - 2015-09-07 19:05 - 000000000 ____D C:\Program Files (x86)\mcafee.com
2018-06-07 20:23 - 2015-09-07 19:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2018-06-07 20:23 - 2015-09-07 19:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-07 20:22 - 2015-09-08 09:04 - 000000000 ____D C:\Program Files\update
2018-06-07 20:22 - 2015-09-08 09:00 - 000000000 ____D C:\Program Files\Intel
2018-06-07 20:22 - 2015-09-08 09:00 - 000000000 ____D C:\Program Files\DIFX
2018-06-07 20:22 - 2015-09-07 19:08 - 000000000 ____D C:\Program Files\Lenovo
2018-06-07 20:22 - 2015-09-07 19:05 - 000000000 ____D C:\Program Files\mcafee.com
2018-06-07 20:22 - 2015-09-07 19:05 - 000000000 ____D C:\Program Files\mcafee
2018-06-07 20:22 - 2015-07-10 09:16 - 000000000 ____D C:\Program Files\Windows Journal
2018-06-07 18:15 - 2015-09-07 19:09 - 000000000 ____D C:\ProgramData\Adobe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-07 20:14

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Doneff Family (10-06-2018 01:36:22)
Running from C:\Users\Doneff Family\Desktop
Windows 10 Home Version 1803 17134.48 (X64) (2018-06-08 00:31:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3420273172-2562434122-3499667742-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3420273172-2562434122-3499667742-503 - Limited - Disabled)
Doneff Family (S-1-5-21-3420273172-2562434122-3499667742-1001 - Administrator - Enabled) => C:\Users\Doneff Family
Guest (S-1-5-21-3420273172-2562434122-3499667742-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3420273172-2562434122-3499667742-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Components (HKLM-x32\...\{1720B0E0-C520-43A6-B677-97A1D80F3B99}) (Version: 1.0.023.00 - Lenovo) Hidden
Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.02.0803 - Lenovo)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.79 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Lenovo Accelerator Application (HKLM-x32\...\{10672FE6-3D50-4F79-B0C7-A5573A5D415D}) (Version: 2.2.0.0701 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.006.00 - Lenovo)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.4212 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.4212 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{A5591EC4-8AD6-48EE-9F8D-FACFA8BA4E35}) (Version: 3.0.002.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.023.00 - Lenovo)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 15.0.185 - McAfee, Inc.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.11 - Lenovo)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.868.060315 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7586 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.0 - Lenovo)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Windows Driver Package - Genesys Logic (GeneStor) USB (07/13/2015 4.5.0.6) (HKLM\...\AE2E6FAB44844413B4C6F53C908EACC8AFC838F0) (Version: 07/13/2015 4.5.0.6 - Genesys Logic)
Windows Driver Package - NVIDIA (nvlddmkm) Display (07/22/2015 10.18.13.5362) (HKLM\...\81C36D5B443FFB6F528F76BD424D750C53ADF10E) (Version: 07/22/2015 10.18.13.5362 - NVIDIA)
Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (04/16/2015 1.3.34.3) (HKLM\...\E1EF4D4E1E41BA85DB6DA51424B73AE1B3F0056A) (Version: 04/16/2015 1.3.34.3 - NVIDIA Corporation)
Windows Driver Package - Realtek (rt640x64) Net (05/05/2015 10.001.0505.2015) (HKLM\...\6A304520C2F25CD034E477A379C47308AA84A2DC) (Version: 05/05/2015 10.001.0505.2015 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetooth (06/11/2015 1.3.868.3) (HKLM\...\604A7B07184AD24892732BED4543610976632257) (Version: 06/11/2015 1.3.868.3 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. (RTWlanE) Net (07/09/2015 2023.14.0615.2015) (HKLM\...\5D078DEFD18360A7A64D38392C9F1007DC86AE23) (Version: 07/09/2015 2023.14.0615.2015 - Realtek Semiconductor Corp.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-07] ()
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-10-19] (McAfee, Inc.)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-07-12] (Lenovo)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-07-12] (Lenovo)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-18] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-06-07] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-10-19] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0758C57F-D45D-4505-8844-F782E37B10C8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-09-20] (McAfee, Inc.)
Task: {08F559D6-E7EA-4C44-8ED5-B16331915238} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {0CDDF136-DE57-4D94-8790-F9FBC0597783} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {1965A7D1-A727-4E7E-9344-622742807CB9} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {1C1B8EE6-AB4E-478E-996B-DD076E56C97D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-08] (Microsoft Corporation)
Task: {1C63D883-9F41-410C-B3E5-8C4F2D8A9AFD} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] ()
Task: {1E58DB8E-8EAB-405C-8B48-0B4EB33FC995} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-07] (Google Inc.)
Task: {1EB42D4E-007B-43CB-9664-3D2A134DDEDC} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-07-01] (Lenovo)
Task: {2615297F-5FD4-4093-931B-A3E916E448EA} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-07-01] (Lenovo)
Task: {32CAB17D-7612-450C-802D-4A34FB6B1CF2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-08] (Microsoft Corporation)
Task: {385C898D-6AD4-43AA-A670-F4E840CDEAF1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-07] (Adobe Systems Incorporated)
Task: {50DE43FB-062C-4960-8B67-3D21B52DA22B} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
Task: {6599FF25-1EAA-4B2A-91D3-B64A62336FEF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => sc control iMControllerService 128
Task: {6D87B4DF-970B-42E7-B467-137709A12EE5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-24] (Piriform Ltd)
Task: {6D8A52E3-4E10-4F1D-AAF9-65C473556489} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-08] (Microsoft Corporation)
Task: {768CF462-4AAA-45D4-95C0-F3A9C3FB53E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-07] (Google Inc.)
Task: {7AFDC169-FB7D-45C7-92AF-E73656CF6EC8} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-05-20] (CyberLink Corp.)
Task: {834C866A-B805-4A53-BA00-C33E36E99CAE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-08] (Microsoft Corporation)
Task: {83EFE97E-21B6-4B52-A661-188ACC502460} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-07-12] ()
Task: {89B922F5-F3CA-4A20-B2C3-8A71582C603A} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {8D54ABB1-7845-470D-9286-F2FCF8225397} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-24] (Piriform Ltd)
Task: {94B31663-9A81-4798-95CE-74535FEF7C55} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-01] (Lenovo)
Task: {9BED05D7-939C-4B39-90E0-9C259BC2A40E} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
Task: {A7E1474D-32D6-4476-B8BF-3221576DF40E} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {C32DB398-26A6-4B9D-B2BA-603AD43E9FE0} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-07-01] ()
Task: {CF3FF208-46D6-42C1-BEF4-61D66619D948} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {EE3BF1D3-FBC9-4794-82AE-3760AC18DA45} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2018-06-07] (Lenovo)
Task: {F9030FC6-EFB9-4D95-829B-A8BD60579774} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3420273172-2562434122-3499667742-1001UA => C:\Users\Doneff Family\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {FA7F888E-1C02-41B7-9EDE-FA5B3721D918} - System32\Tasks\Lenovo\QuickOptimizer => C:\Program Files\lenovo\QuickOptimizer\QuickOptimizerIcon.exe [2015-07-10] (Lenovo)
Task: {FAA81923-5158-4674-8CF6-67A327FCBA9F} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-07-12] ()
Task: {FDF91FDC-1D7B-4209-A7EE-3BAA0C7F995B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3420273172-2562434122-3499667742-1001Core => C:\Users\Doneff Family\AppData\Local\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Doneff Family\Desktop\J.J. - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Doneff Family\Desktop\Nick - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Doneff Family\Desktop\Tennafa - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\eea8ad856af8c0ba\Chromium.lnk -> C:\Users\Doneff Family\AppData\Local\chromium\Application\chrome.exe (The Chromium Authors) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2015-05-19 12:11 - 2015-05-19 12:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2015-09-08 09:04 - 2015-09-08 09:04 - 000024312 _____ () C:\Program Files (x86)\Lenovo\LenovoPortal\LenovoPortalService.exe
2015-09-08 09:02 - 2011-08-16 23:46 - 000032768 _____ () C:\Windows\jmesoft\Service.exe
2015-09-08 09:04 - 2015-09-08 09:04 - 000226216 _____ () C:\Program Files\update\UpdateAgent.exe
2018-06-07 23:04 - 2018-06-08 22:42 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-06-07 23:04 - 2018-06-08 22:42 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 ____N () C:\Windows\System32\InputHost.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 ____N () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-07 23:02 - 2018-06-07 23:02 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2018-04-11 19:35 - 2018-04-12 05:19 - 002184704 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-06-07 21:09 - 2018-06-07 21:10 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-06-07 21:09 - 2018-06-07 21:10 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-06-07 21:09 - 2018-06-07 21:10 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-06-07 21:09 - 2018-06-07 21:10 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2015-09-08 08:59 - 2015-07-15 06:54 - 000053832 _____ () C:\Windows\SysWOW64\UMonit64.exe
2015-07-10 20:40 - 2015-07-10 20:40 - 000016288 _____ () C:\Program Files\lenovo\QuickOptimizer\ShowTaskbarIcon.dll
2015-07-10 20:40 - 2015-07-10 20:40 - 005067168 _____ () C:\Program Files\lenovo\QuickOptimizer\DTPrismAssistInf.dll
2015-09-08 09:02 - 2011-08-16 23:46 - 000024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2018-06-07 20:33 - 2018-06-05 21:25 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.79\libglesv2.dll
2018-06-07 20:33 - 2018-06-05 21:25 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.79\libegl.dll
2018-06-07 23:17 - 2016-10-25 00:31 - 000508368 _____ () C:\Program Files\Common Files\McAfee\Sustainability\GenericPlugin.dll
2009-12-04 19:59 - 2009-12-04 19:59 - 000619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 20:04 - 2009-12-04 20:04 - 000013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2015-09-08 09:02 - 2011-05-17 16:27 - 000028672 _____ () C:\Windows\jmesoft\hidhook.dll
2015-07-11 02:37 - 2015-07-11 02:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2015-07-10 07:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures2\Pictures\Ford Mustang Cobra Jet Mach 1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0243C029-FC7A-450D-AA1C-C6AEB8E84F06}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoPortal\Lenovo.Portal.exe
FirewallRules: [{9F8344C0-F257-46F2-A0A1-135D3411907F}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{5C8F0591-D6D6-442D-90F8-BCD4803A45A5}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{B142853E-FC92-4041-99A4-1A6C6F7BC295}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{E6533BB3-683E-4A98-AAAA-58DF457A2BAB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A0F23771-2435-402C-8934-186E867456BC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{671A948E-917C-4F20-A39F-79BAA1E0EDE0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9BE4ED09-80FC-476A-9B3F-64B0D4DD0E07}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{739521AA-305E-4722-A262-6C64D352C5C7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{329AED65-BAD0-440B-9D59-BB20E3EFCB2A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{680C10EC-A04F-4A79-B393-E10DCCB742EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{9075AC2E-17D5-410A-B07B-B0846AD7117A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{070FFD8E-156F-41AF-9208-8D9FAD6FB1E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{7374ED4F-52B6-4550-8756-7619D6630255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{93751B4F-4527-408C-B79F-5BABF26D325E}] => (Allow) C:\Users\Doneff Family\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{CFDE1E47-5A60-4098-90E4-7F80948EAC6D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{37314FB4-146D-4BC6-89EA-CAB52FAF8973}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{0F0148C0-CC64-4266-8515-C982C4E578E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3CA82548-9EF5-4AE9-BC2B-931E9C476B65}C:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe] => (Block) C:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe
FirewallRules: [UDP Query User{419CB217-5D23-44A5-97B0-5D8744E6E36E}C:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe] => (Block) C:\program files (x86)\steam\steamapps\common\mortalkombat_kompleteedition\disccontentpc\mkke.exe

==================== Restore Points =========================

07-06-2018 18:13:29 McAfee Vulnerability Scanner
09-06-2018 19:37:08 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2018 01:36:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcsvhost.exe, version: 5.0.281.0, time stamp: 0x551d930f
Faulting module name: LogCntrl.dll, version: 4.1.109.0, time stamp: 0x576ae6f0
Exception code: 0xc0000005
Fault offset: 0x00000000000059e2
Faulting process id: 0x2f14
Faulting application start time: 0x01d4007d0148f11b
Faulting application path: c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe
Faulting module path: c:\program files\common files\mcafee\platform\mcsvchost\LogCntrl.dll
Report Id: 2708288c-64cc-40ae-9e54-6f3871e46781
Faulting package full name:
Faulting package-relative application ID:

Error: (06/10/2018 01:36:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcsvhost.exe, version: 5.0.281.0, time stamp: 0x551d930f
Faulting module name: LogCntrl.dll, version: 4.1.109.0, time stamp: 0x576ae6f0
Exception code: 0xc0000005
Fault offset: 0x00000000000059e2
Faulting process id: 0x1e8c
Faulting application start time: 0x01d4007cfdf350a2
Faulting application path: c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe
Faulting module path: c:\program files\common files\mcafee\platform\mcsvchost\LogCntrl.dll
Report Id: 76bd47a2-e38e-4f3b-876c-a184e4d6f99c
Faulting package full name:
Faulting package-relative application ID:

Error: (06/10/2018 01:34:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcsvhost.exe, version: 5.0.281.0, time stamp: 0x551d930f
Faulting module name: LogCntrl.dll, version: 4.1.109.0, time stamp: 0x576ae6f0
Exception code: 0xc0000005
Fault offset: 0x00000000000059e2
Faulting process id: 0x918
Faulting application start time: 0x01d4007cb6254a7f
Faulting application path: c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe
Faulting module path: c:\program files\common files\mcafee\platform\mcsvchost\LogCntrl.dll
Report Id: 65bd12e7-3f98-4fb5-a181-43de5bef6da4
Faulting package full name:
Faulting package-relative application ID:

Error: (06/10/2018 01:33:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.5.0.1081, time stamp: 0x556ecc3d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x057d4c2d
Faulting process id: 0x2780
Faulting application start time: 0x01d4007c77fb8e25
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 7d599621-3410-460c-9a8d-cf72bd07f196
Faulting package full name:
Faulting package-relative application ID:

Error: (06/10/2018 01:33:33 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/10/2018 01:33:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcsvhost.exe, version: 5.0.281.0, time stamp: 0x551d930f
Faulting module name: LogCntrl.dll, version: 4.1.109.0, time stamp: 0x576ae6f0
Exception code: 0xc0000005
Fault offset: 0x00000000000059e2
Faulting process id: 0x818
Faulting application start time: 0x01d4007c807b9468
Faulting application path: c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe
Faulting module path: c:\program files\common files\mcafee\platform\mcsvchost\LogCntrl.dll
Report Id: 65ef78e3-db65-4c9f-8981-7a13ced13713
Faulting package full name:
Faulting package-relative application ID:

Error: (06/10/2018 01:32:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcsvhost.exe, version: 5.0.281.0, time stamp: 0x551d930f
Faulting module name: LogCntrl.dll, version: 4.1.109.0, time stamp: 0x576ae6f0
Exception code: 0xc0000005
Fault offset: 0x00000000000059e2
Faulting process id: 0xcb4
Faulting application start time: 0x01d4007c7c543a43
Faulting application path: c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe
Faulting module path: c:\program files\common files\mcafee\platform\mcsvchost\LogCntrl.dll
Report Id: ca432579-e10e-4ba2-8bc6-2f7443dce582
Faulting package full name:
Faulting package-relative application ID:

Error: (06/10/2018 01:32:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcsvhost.exe, version: 5.0.281.0, time stamp: 0x551d930f
Faulting module name: LogCntrl.dll, version: 4.1.109.0, time stamp: 0x576ae6f0
Exception code: 0xc0000005
Fault offset: 0x00000000000059e2
Faulting process id: 0x282c
Faulting application start time: 0x01d4007c791661d7
Faulting application path: c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe
Faulting module path: c:\program files\common files\mcafee\platform\mcsvchost\LogCntrl.dll
Report Id: eaa71701-ba94-43f3-baf5-99de52576d72
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (06/10/2018 01:36:45 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SGC4SIS)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (06/10/2018 01:36:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/10/2018 01:36:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (06/10/2018 01:36:39 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SGC4SIS)
Description: DCOM got error "1053" attempting to start the service mcpltsvc with arguments "Unavailable" in order to run the server:
{20966775-18A4-4299-B8E3-772C336B52A7}

Error: (06/10/2018 01:36:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/10/2018 01:36:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (06/10/2018 01:36:33 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-SGC4SIS)
Description: The server {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2} did not register with DCOM within the required timeout.

Error: (06/10/2018 01:34:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================

Date: 2018-06-10 01:30:41.940
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-10 01:30:41.940
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-09 22:36:58.723
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-09 22:36:58.720
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-09 22:22:01.644
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-09 22:21:37.754
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-09 22:21:37.403
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-06-09 17:59:15.039
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 20%
Total physical RAM: 12236.19 MB
Available physical RAM: 9709.67 MB
Total Virtual: 14668.19 MB
Available Virtual: 12114.36 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:899.67 GB) (Free:805.76 GB) NTFS
Drive d: (Extra) (Fixed) (Total:55.93 GB) (Free:19.23 GB) NTFS

\\?\Volume{b352df44-4019-4e96-ab23-3044706ce61d}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS
\\?\Volume{9a8b036e-9760-4917-9424-b296dade7189}\ (LENOVO_PART) (Fixed) (Total:30 GB) (Free:16.94 GB) NTFS
\\?\Volume{dc9b09f1-58ae-4d58-9a4e-ec13499b6429}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9F6FAE00)

Partition: GPT.

========================================================
Disk: 1 (Size: 55.9 GB) (Disk ID: 6635F736)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
3,256
1,660
Sydney, Australia
pchelpforum.net
#5
Hello Tennafa, I see you have Defender as your resident full time AV protection. As you have Zemana and Malwarebytes as second opinion scanners would strongly recommend removing McAfee. Doing this would remove a lot of unnecessary bloated crud from your machine.

Also recommend Geek Uninstaller to remove it. https://pchelpforum.net/t/geek-uninstaller.18186/

Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click "Save File" and then "OK"



Select a location then save the file. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.



To run the fix right click the FRST icon and choose "Run as Administrator" then click on "Fix"



Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the "Fixlist.txt" file you created will be renamed "Fixlog.txt"

Please COPY and PASTE the contents of this new file in your next post:)
 

Attachments

Tennafa

PCHF Member
PCHF Member
Jun 6, 2018
26
0
44
#6
The link you posted to remove McAfee takes me to an "Oops! We ran into some problems." page and says I don't have permission to view the page or perform the action. Should I remove McAfee before I do the fix or should I go ahead with the fix and remove McAfee later?
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
3,256
1,660
Sydney, Australia
pchelpforum.net
#7
The link works for me, but here is the guide on Speccy. It does not matter if you remove McAfee before or after the fix but reboot after you have removed McAfee.

Please go HERE and download Geek Uninstaller portable and save it to somewhere you can find later. Now use you favorite Unzip application to extract the zipped file from the download. This should create a new folder that contains a Geek.exe file which you can now double left click to open the program.

Optionally you can create a desktop shortcut by right clicking the Geek.exe file and choose "Send to" from the drop down menu. This will give you a shortcut icon on the desktop for future use of this handy application.

You can safely ignore any security pop ups that may appear before the program opens.

Either way you open it once Geek Uninstaller is running select the program you wish to uninstall by right clicking it and then choose "Uninstall" from the drop down menu.





Follow and accept all uninstall options once the uninstaller begins.

It is recommended when removing any Antivirus/Security program, or if you have errors or difficulty removing any program to use "Force removal" to uninstall the program.





Should you have any further difficulty removing any items please ask us for help:)
 

Tennafa

PCHF Member
PCHF Member
Jun 6, 2018
26
0
44
#8
ix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Doneff Family (11-06-2018 23:27:03) Run:1
Running from C:\Users\Doneff Family\Desktop
Loaded Profiles: Doneff Family (Available Profiles: Doneff Family)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Createrestorepoint:
Closeprocesses:
HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\...\Run: [Chromium] => c:\users\doneff family\appdata\local\chromium\application\chrome.exe [829440 2017-02-15] (The Chromium Authors)
ShortcutWithArgument: C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\eea8ad856af8c0ba\Chromium.lnk -> C:\Users\Doneff Family\AppData\Local\chromium\Application\chrome.exe (The Chromium Authors) -> --profile-directory=Default
FirewallRules: [{93751B4F-4527-408C-B79F-5BABF26D325E}] => (Allow) C:\Users\Doneff Family\AppData\Local\Chromium\Application\chrome.exe
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/webhp?sourceid=chrome-instant&espv=210&es_th=1&ie=UTF-8"
Task: {6D87B4DF-970B-42E7-B467-137709A12EE5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-24] (Piriform Ltd)
c:\users\doneff family\appdata\local\chromium
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
Emptytemp:
Reboot:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3420273172-2562434122-3499667742-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
C:\Users\Doneff Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\eea8ad856af8c0ba\Chromium.lnk => Shortcut argument removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93751B4F-4527-408C-B79F-5BABF26D325E}" => removed successfully
"Chrome StartupUrls" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6D87B4DF-970B-42E7-B467-137709A12EE5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D87B4DF-970B-42E7-B467-137709A12EE5}" => removed successfully
C:\WINDOWS\System32\Tasks\CCleaner Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removed successfully
c:\users\doneff family\appdata\local\chromium => moved successfully

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7921664 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53707080 B
Java, Flash, Steam htmlcache => 177681394 B
Windows/system/drivers => 1270216 B
Edge => 3253884 B
Chrome => 1305662564 B
Firefox => 382675369 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 878 B
LocalService => 0 B
NetworkService => 18418 B
NetworkService => 0 B
Doneff Family => 77063332 B

RecycleBin => 0 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:30:01 ====
 

Tennafa

PCHF Member
PCHF Member
Jun 6, 2018
26
0
44
#10
Better, thanks. Did a PC search of Chromium to make sure it was removed. Can't find any trace of it, except for Chrome. Hopefully I won't have any more trouble with sneaky tag-a-longs.
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
3,256
1,660
Sydney, Australia
pchelpforum.net
#11
Perhaps you could consider using Checky to help prevent the installation of unwanted carp. Doesn't mean you don't have to be alert when installing stuff but it will help. Get it HERE.

We will now clean our tools and files mess.

Please go HERE and download Delfix Save it to your desktop.
Right click the new Delfix desktop icon

and then click "run as administrator"
Place a tick in the following checkboxes
  1. Remove disinfection tools
  2. Create registry backup
  3. Purge system restore
  4. Then select "Run"



Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

Please paste a copy of this file in your next post:)
 

Tennafa

PCHF Member
PCHF Member
Jun 6, 2018
26
0
44
#12
# DelFix v1.013 - Logfile created 12/06/2018 at 22:41:53
# Updated 17/04/2016 by Xplode
# Username : Doneff Family - DESKTOP-SGC4SIS
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...


~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########
 
Status
Not open for further replies.