Inactive Possible Infection Windows 10

[cronos]

Noticed my cursor jump around and restart the computer once yesterday. Also though I spotted some access to gmail from my computer while I was asleep from my computer. Not certain there is an issue.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2017
Ran by frank (administrator) on LAPTOP-IQSLKOFV (07-10-2017 21:17:40)
Running from C:\Users\frank\Downloads
Loaded Profiles: frank (Available Profiles: frank)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(HP) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\syswow64\wbem\WmiPrvSE.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8900104 2016-09-09] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-07] (AVAST Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{67c6456b-c7f8-4eb3-b087-c5123e077200}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-07] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default [2017-10-07]
CHR Extension: (Google Slides) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-07]
CHR Extension: (Google Docs) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-07]
CHR Extension: (Google Drive) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-07]
CHR Extension: (YouTube) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-07]
CHR Extension: (Google Sheets) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-07]
CHR Extension: (Google Docs Offline) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-07]
CHR Extension: (The Camelizer) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2017-10-07]
CHR Extension: (AdBlock) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-10-07]
CHR Extension: (History Eraser App) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjolhjmdgbhebcdnfjhngobjggghoipa [2017-10-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-07]
CHR Extension: (Click&Clean App) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-10-07]
CHR Extension: (Gmail) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-07]
CHR Extension: (Chrome Media Router) - C:\Users\frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-07] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-07] (AVAST Software)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-19] (Intel Corporation)
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317952 2016-09-09] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [56128 2016-10-12] (HP)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-07] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-07] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-07] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-07] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1020536 2017-10-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-07] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-07] (AVAST Software)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-09-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-09-19] (Intel Corporation)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [42312 2016-10-12] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [174600 2017-04-13] (Intel Corporation)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [522736 2017-10-07] (AO Kaspersky Lab)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7643648 2017-07-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-05] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-08-22] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [53848 2017-08-18] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-07 21:17 - 2017-10-07 21:17 - 002400768 _____ (Farbar) C:\Users\frank\Downloads\FRST64.exe
2017-10-07 21:17 - 2017-10-07 21:17 - 000011550 _____ C:\Users\frank\Downloads\FRST.txt
2017-10-07 21:17 - 2017-10-07 21:17 - 000000000 ____D C:\Users\frank\Downloads\FRST-OlderVersion
2017-10-07 21:17 - 2017-10-07 21:17 - 000000000 ____D C:\FRST
2017-10-07 12:25 - 2017-10-07 18:25 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B26E548C-5E35-48EE-8005-7067AFE7970D}
2017-10-07 12:13 - 2017-10-07 12:21 - 000000010 _____ C:\Users\frank\AppData\Local\sponge.last.runtime.cache
2017-10-07 12:11 - 2017-10-07 12:24 - 000614685 _____ C:\Users\frank\AppData\Local\census.cache
2017-10-07 12:11 - 2017-10-07 12:24 - 000248588 _____ C:\Users\frank\AppData\Local\ars.cache
2017-10-07 12:06 - 2017-10-07 12:06 - 000000000 ____D C:\WINDOWS\Trend Micro
2017-10-07 12:01 - 2017-10-07 12:01 - 000000036 _____ C:\Users\frank\AppData\Local\housecall.guid.cache
2017-10-07 12:01 - 2016-08-22 20:20 - 000332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-10-07 11:58 - 2017-10-07 11:58 - 002527376 _____ (Trend Micro Inc.) C:\Users\frank\Downloads\HousecallLauncher64 (1).exe
2017-10-07 11:58 - 2017-10-07 11:58 - 000003198 _____ C:\WINDOWS\System32\Tasks\DRScanner Startup
2017-10-07 11:58 - 2017-10-07 11:58 - 000002118 _____ C:\Users\Public\Desktop\HouseCall for Home IoT Devices.lnk
2017-10-07 11:58 - 2017-10-07 11:58 - 000000000 ____D C:\Users\frank\AppData\Local\Trend Micro
2017-10-07 11:58 - 2017-10-07 11:58 - 000000000 ____D C:\Program Files (x86)\Trend Micro
2017-10-07 11:57 - 2017-10-07 11:51 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-10-07 11:53 - 2017-10-07 11:54 - 002527376 _____ (Trend Micro Inc.) C:\Users\frank\Downloads\HousecallLauncher64.exe
2017-10-07 11:53 - 2017-10-07 11:53 - 000523344 _____ (Trend Micro Inc.) C:\Users\frank\Downloads\HouseCallforHomeNetworks.exe
2017-10-07 06:48 - 2017-10-07 06:48 - 000000000 ____D C:\Users\frank\AppData\Roaming\Skype
2017-10-07 03:57 - 2017-10-07 03:57 - 000000000 ____D C:\WINDOWS\InfusedApps
2017-10-07 03:56 - 2017-10-07 03:57 - 000000000 ____D C:\Windows.old
2017-10-07 03:56 - 2017-10-07 03:56 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-10-07 03:56 - 2017-10-07 02:57 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-10-07 03:54 - 2017-10-07 03:54 - 000000000 ____D C:\Program Files\Synaptics
2017-10-07 03:53 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\Setup
2017-10-07 03:52 - 2017-10-07 03:52 - 000000000 ____D C:\WINDOWS\OCR
2017-10-07 03:52 - 2017-10-07 03:52 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-10-07 03:52 - 2017-10-07 03:52 - 000000000 ____D C:\Program Files\MSBuild
2017-10-07 03:52 - 2017-10-07 03:52 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-10-07 03:52 - 2017-10-07 03:52 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\system32\0409
2017-10-07 03:51 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\DigitalLocker
2017-10-07 03:50 - 2017-09-02 16:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-07 03:50 - 2017-09-02 16:15 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-07 03:48 - 2017-10-07 11:58 - 000000000 ___RD C:\Program Files (x86)
2017-10-07 03:48 - 2017-10-07 05:44 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-07 03:48 - 2017-10-07 04:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-07 03:48 - 2017-10-07 03:57 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\system32\setup
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\Program Files\Windows Defender
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-10-07 03:48 - 2017-10-07 03:53 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-10-07 03:48 - 2017-10-07 03:52 - 000000000 ____D C:\WINDOWS\SystemApps
2017-10-07 03:48 - 2017-10-07 03:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\system32\Com
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\IME
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\Help
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ____D C:\Program Files\Common Files\System
2017-10-07 03:48 - 2017-10-07 03:51 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 __RSD C:\WINDOWS\Media
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ___SD C:\WINDOWS\system32\Nui
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\Web
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\Vss
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\tracing
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\TAPI
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SystemResources
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\winevt
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\ras
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\IME
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\ias
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\downlevel
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\DDFs
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\System
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SKB
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\security
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\schemas
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\SchCache
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\Resources
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\Registration
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\PLA
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\Performance
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\InputMethod
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\Globalization
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\Cursors
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\Branding
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\appcompat
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\addins
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\Program Files\Windows Security
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\Program Files\Windows NT
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\Program Files\Common Files\Services
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\Program Files (x86)\Windows NT
2017-10-07 03:48 - 2017-10-07 03:48 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-10-07 03:48 - 2017-10-07 03:47 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-07 03:48 - 2017-10-07 03:47 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-10-07 03:48 - 2017-10-07 03:47 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2017-10-07 03:48 - 2017-10-07 03:47 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-07 03:48 - 2017-10-07 03:47 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-10-07 03:48 - 2017-10-07 03:47 - 000015940 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-10-07 03:48 - 2017-10-07 03:47 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-10-07 03:48 - 2017-10-07 03:47 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-10-07 03:48 - 2017-10-07 03:47 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-10-07 03:48 - 2017-10-07 03:47 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-10-07 03:48 - 2017-10-07 03:47 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-10-07 03:48 - 2017-10-07 03:47 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-10-07 03:48 - 2017-10-07 03:47 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-10-07 03:48 - 2017-10-07 03:47 - 000000219 _____ C:\WINDOWS\system.ini
2017-10-07 03:48 - 2017-10-07 03:47 - 000000092 _____ C:\WINDOWS\win.ini
2017-10-07 03:48 - 2017-10-07 03:04 - 000000000 ____D C:\WINDOWS\system32\spool
2017-10-07 03:48 - 2017-10-07 03:04 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-10-07 03:48 - 2017-10-07 03:04 - 000000000 ____D C:\WINDOWS\rescache
2017-10-07 03:48 - 2017-10-07 03:02 - 000000000 __RHD C:\Users\Public\Libraries
2017-10-07 03:48 - 2017-10-07 03:02 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-10-07 03:48 - 2017-10-07 03:00 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-10-07 03:48 - 2017-10-07 02:59 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-10-07 03:48 - 2017-10-07 02:59 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-10-07 03:48 - 2017-10-07 02:59 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-10-07 03:48 - 2017-10-07 02:59 - 000000000 ____D C:\WINDOWS\HoloShell
2017-10-07 03:48 - 2017-10-07 02:57 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2017-10-07 03:48 - 2017-10-07 02:57 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2017-10-07 03:47 - 2017-10-07 04:12 - 000000000 ____D C:\WINDOWS\INF
2017-10-07 03:44 - 2017-10-07 20:54 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-07 03:43 - 2017-10-07 11:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-10-07 03:43 - 2017-10-07 03:56 - 000024576 _____ C:\WINDOWS\system32\config\SAM
2017-10-07 03:43 - 2017-10-07 03:51 - 000000000 ____D C:\WINDOWS\servicing
2017-10-07 03:43 - 2017-10-07 03:48 - 000000000 ____D C:\WINDOWS\system32\SMI
2017-10-07 03:43 - 2017-10-07 03:04 - 000000000 ____D C:\WINDOWS\Panther
2017-10-07 03:43 - 2017-10-07 03:01 - 147062784 _____ C:\WINDOWS\system32\config\SYSTEM
2017-10-07 03:43 - 2017-10-07 03:01 - 070516736 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-10-07 03:43 - 2017-10-07 03:01 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-10-07 03:43 - 2017-10-07 03:01 - 000262144 _____ C:\WINDOWS\system32\config\DEFAULT
2017-10-07 03:43 - 2017-10-07 03:01 - 000057344 _____ C:\WINDOWS\system32\config\SECURITY
2017-10-07 03:20 - 2017-10-07 03:20 - 000000000 ____D C:\Users\frank\AppData\Roaming\AVAST Software
2017-10-07 03:20 - 2017-10-07 03:20 - 000000000 ____D C:\Users\frank\AppData\Local\Comms
2017-10-07 03:20 - 2017-10-07 03:20 - 000000000 ____D C:\Users\frank\AppData\Local\CEF
2017-10-07 03:19 - 2017-10-07 03:19 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-10-07 03:19 - 2017-10-07 03:19 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-10-07 03:18 - 2017-10-07 03:18 - 000003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-10-07 03:18 - 2017-10-07 03:17 - 001020536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-10-07 03:18 - 2017-10-07 03:17 - 000587168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-10-07 03:18 - 2017-10-07 03:17 - 000363440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-10-07 03:18 - 2017-10-07 03:17 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-10-07 03:18 - 2017-10-07 03:17 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-10-07 03:18 - 2017-10-07 03:17 - 000201352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-10-07 03:18 - 2017-10-07 03:17 - 000198976 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-10-07 03:18 - 2017-10-07 03:17 - 000147776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-10-07 03:18 - 2017-10-07 03:17 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-10-07 03:18 - 2017-10-07 03:17 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-10-07 03:18 - 2017-10-07 03:17 - 000057736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-10-07 03:18 - 2017-10-07 03:17 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-10-07 03:17 - 2017-10-07 03:17 - 000401488 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-10-07 03:13 - 2017-10-07 03:28 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-10-07 03:10 - 2017-10-07 03:10 - 000000000 ____D C:\Program Files\AVAST Software
2017-10-07 03:09 - 2017-10-07 21:00 - 000911014 _____

 

[cronos]

C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-07 03:09 - 2017-10-07 03:09 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-163469714-1549570686-1575771799-1001
2017-10-07 03:07 - 2017-10-07 03:30 - 000000000 ____D C:\Users\frank\AppData\Local\Google
2017-10-07 03:07 - 2017-10-07 03:13 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-07 03:07 - 2017-10-07 03:07 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-07 03:07 - 2017-10-07 03:07 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-07 03:06 - 2017-10-07 03:09 - 000002370 _____ C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-07 03:05 - 2017-10-07 03:07 - 000000000 ____D C:\Users\frank\AppData\Local\MicrosoftEdge
2017-10-07 03:05 - 2017-10-07 03:05 - 000000000 ____D C:\Users\frank\AppData\Local\DBG
2017-10-07 03:04 - 2017-10-07 04:31 - 000000000 ____D C:\Users\frank\AppData\Local\Packages
2017-10-07 03:04 - 2017-10-07 04:21 - 000000000 ____D C:\Users\frank\AppData\Local\Publishers
2017-10-07 03:04 - 2017-10-07 03:04 - 000000020 ___SH C:\Users\frank\ntuser.ini
2017-10-07 03:04 - 2017-10-07 03:04 - 000000000 ____D C:\Users\frank\AppData\Roaming\Synaptics
2017-10-07 03:04 - 2017-10-07 03:04 - 000000000 ____D C:\Users\frank\AppData\Roaming\Adobe
2017-10-07 03:04 - 2017-10-07 03:04 - 000000000 ____D C:\Users\frank\AppData\Local\VirtualStore
2017-10-07 03:04 - 2017-10-07 03:04 - 000000000 ____D C:\Users\frank\AppData\Local\TileDataLayer
2017-10-07 03:04 - 2017-10-07 03:04 - 000000000 ____D C:\Users\frank\AppData\Local\ConnectedDevicesPlatform
2017-10-07 03:02 - 2017-10-07 20:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-07 03:02 - 2017-10-07 03:02 - 000018274 _____ C:\Users\frank\Desktop\Removed Apps.html
2017-10-07 03:02 - 2017-10-07 03:02 - 000000000 ____D C:\Users\frank\Documents\FreshStart
2017-10-07 03:01 - 2017-10-07 16:59 - 000000000 ____D C:\Users\frank
2017-10-07 02:59 - 2017-10-07 02:59 - 000146463 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-10-07 02:59 - 2017-10-07 02:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-10-07 02:59 - 2017-10-07 02:59 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-10-07 02:58 - 2017-10-07 02:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-10-07 02:58 - 2017-10-07 02:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-10-07 02:58 - 2017-10-07 02:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-10-07 02:58 - 2017-10-07 02:58 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-10-07 02:58 - 2017-10-07 02:58 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-10-07 02:58 - 2017-10-07 02:58 - 000000000 ____D C:\WINDOWS\system32\Intel
2017-10-07 02:58 - 2017-10-07 02:58 - 000000000 ____D C:\Program Files\Realtek
2017-10-07 02:58 - 2017-10-07 02:58 - 000000000 ____D C:\Program Files\Intel
2017-10-07 02:58 - 2017-10-07 02:58 - 000000000 ____D C:\Program Files (x86)\Intel
2017-10-07 02:58 - 2017-10-07 02:58 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-10-07 02:58 - 2017-03-18 21:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-10-07 02:58 - 2017-02-22 01:45 - 000122384 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-10-07 02:58 - 2017-02-22 01:45 - 000113168 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-10-07 02:57 - 2017-10-07 20:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-07 02:57 - 2017-10-07 03:01 - 000282104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-07 02:39 - 2017-10-07 03:57 - 000000000 ___HD C:\$SysReset
2017-10-07 02:18 - 2017-10-07 02:18 - 000522736 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-10-07 02:18 - 2017-10-07 02:18 - 000149584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2017-10-07 02:10 - 2017-10-07 02:16 - 161567408 _____ (Kaspersky Lab) C:\Users\frank\Downloads\kfa18.0.0.405aben_es_fr_12643.exe
2017-10-05 14:29 - 2017-10-05 14:29 - 000000000 ____D C:\Users\frank\Documents\Custom Office Templates
2017-10-04 20:01 - 2017-10-04 20:01 - 002220872 _____ C:\Users\frank\Downloads\winrar-x64-550.exe
2017-10-04 20:01 - 2017-10-04 20:01 - 000000000 ____D C:\Users\frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-10-04 19:57 - 2017-10-04 20:00 - 011035025 _____ C:\Users\frank\Downloads\automating-testing-rest-api.rar
2017-10-04 15:08 - 2017-10-04 15:08 - 000692142 _____ C:\Users\frank\Downloads\House Plans Planning Permission.pdf
2017-10-03 01:06 - 2017-10-03 01:06 - 000109347 _____ C:\Users\frank\Downloads\DFIN-511.pdf
2017-09-20 22:58 - 2017-09-20 22:58 - 001129217 _____ C:\Users\frank\Downloads\Volvo-V60TE-Pricelist.pdf
2017-09-13 09:32 - 2017-09-05 06:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-13 09:32 - 2017-09-05 06:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 09:32 - 2017-09-05 06:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-13 09:32 - 2017-09-05 06:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 09:32 - 2017-09-05 06:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 09:32 - 2017-09-05 06:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 09:32 - 2017-09-05 06:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-13 09:32 - 2017-09-05 06:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-13 09:32 - 2017-09-05 06:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-13 09:32 - 2017-09-05 06:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 09:32 - 2017-09-05 06:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-13 09:32 - 2017-09-05 06:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-13 09:32 - 2017-09-05 06:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 09:32 - 2017-09-05 06:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-13 09:32 - 2017-09-05 06:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-13 09:32 - 2017-09-05 06:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 09:32 - 2017-09-05 06:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-13 09:32 - 2017-09-05 06:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-13 09:32 - 2017-09-05 06:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-13 09:32 - 2017-09-05 06:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-13 09:32 - 2017-09-05 06:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-13 09:32 - 2017-09-05 06:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-13 09:32 - 2017-09-05 06:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-13 09:32 - 2017-09-05 06:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-13 09:32 - 2017-09-05 06:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 09:32 - 2017-09-05 06:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-13 09:32 - 2017-09-05 06:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-13 09:32 - 2017-09-05 06:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-13 09:32 - 2017-09-05 06:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-13 09:32 - 2017-09-05 05:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 09:32 - 2017-09-05 05:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-13 09:32 - 2017-09-05 05:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 09:32 - 2017-09-05 05:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-13 09:32 - 2017-09-05 05:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-13 09:32 - 2017-09-05 05:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-13 09:32 - 2017-09-05 05:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 09:32 - 2017-09-05 05:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-13 09:32 - 2017-09-05 05:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 09:32 - 2017-09-05 05:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 09:32 - 2017-09-05 05:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-13 09:32 - 2017-09-05 05:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-13 09:32 - 2017-09-05 05:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 09:32 - 2017-09-05 05:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 09:32 - 2017-09-05 05:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 09:32 - 2017-09-05 05:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 09:32 - 2017-09-05 05:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 09:32 - 2017-09-05 05:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-13 09:32 - 2017-09-05 05:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-13 09:32 - 2017-09-05 05:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-13 09:32 - 2017-09-05 05:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-13 09:32 - 2017-09-05 05:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-13 09:32 - 2017-09-05 05:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 09:32 - 2017-09-05 05:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-13 09:32 - 2017-09-05 05:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-13 09:32 - 2017-09-05 05:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-13 09:32 - 2017-09-05 05:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-13 09:32 - 2017-09-05 05:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-13 09:32 - 2017-09-05 05:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 09:32 - 2017-09-05 05:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-13 09:32 - 2017-09-05 05:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-13 09:32 - 2017-09-05 05:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-13 09:32 - 2017-09-05 05:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-13 09:32 - 2017-09-05 05:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-13 09:32 - 2017-09-05 05:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-13 09:32 - 2017-09-05 05:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-13 09:32 - 2017-09-05 05:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-13 09:32 - 2017-09-05 05:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 09:32 - 2017-09-05 05:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-13 09:32 - 2017-09-05 05:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-13 09:32 - 2017-09-05 05:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-13 09:32 - 2017-09-05 05:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-13 09:32 - 2017-09-05 05:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-13 09:32 - 2017-09-05 05:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-13 09:32 - 2017-09-05 05:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 09:32 - 2017-09-05 05:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-13 09:32 - 2017-09-05 05:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 09:32 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 09:32 - 2017-09-05 05:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-13 09:32 - 2017-09-05 05:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-13 09:32 - 2017-09-05 05:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 09:32 - 2017-09-05 05:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-13 09:32 - 2017-09-05 05:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-13 09:32 - 2017-09-05 05:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 09:32 - 2017-09-05 05:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 09:32 - 2017-09-05 05:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-13 09:32 - 2017-09-05 05:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 09:32 - 2017-09-05 05:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 09:32 - 2017-09-05 05:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-13 09:32 - 2017-09-05 05:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 09:32 - 2017-09-05 05:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-13 09:32 - 2017-09-05 05:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-13 09:32 - 2017-09-05 05:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-13 09:32 - 2017-09-05 05:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-13 09:32 - 2017-09-05 05:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-13 09:32 - 2017-09-05 05:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 09:32 - 2017-09-05 05:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-13 09:32 - 2017-09-05 05:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-13 09:32 - 2017-09-05 05:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-13 09:32 - 2017-09-05 05:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-13 09:32 - 2017-09-05 05:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-13 09:32 - 2017-09-05 05:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-13 09:32 - 2017-09-05 05:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-13 09:32 - 2017-09-05 05:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-13 09:32 - 2017-09-05 05:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-13 09:32 - 2017-09-05 05:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 09:32 - 2017-09-05 05:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-13 09:32 - 2017-09-05 05:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-13 09:32 - 2017-09-05 05:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 09:32 - 2017-09-05 05:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 09:32 - 2017-09-05 05:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 09:32 - 2017-09-05 05:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-13 09:32 - 2017-09-05 05:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-13 09:32 - 2017-09-05 05:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-13 09:32 - 2017-09-05 05:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 09:32 - 2017-09-05 05:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-13 09:32 - 2017-09-05 05:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 09:32 - 2017-09-05 05:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 09:32 - 2017-09-05 05:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-13 09:32 - 2017-09-05 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 09:32 - 2017-09-05 05:19 - 000080384 _____ (Microsoft Corporation)

C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-13 09:32 - 2017-09-05 05:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-13 09:32 - 2017-09-05 05:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-13 09:32 - 2017-09-05 05:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-13 09:32 - 2017-09-05 05:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 09:32 - 2017-09-05 05:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 09:32 - 2017-09-05 05:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-13 09:32 - 2017-09-05 05:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-13 09:32 - 2017-09-05 05:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-13 09:32 - 2017-09-05 05:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 09:32 - 2017-09-05 05:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 09:32 - 2017-09-05 05:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 09:32 - 2017-09-05 05:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-13 09:32 - 2017-09-05 05:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 09:32 - 2017-09-05 05:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 09:32 - 2017-09-05 05:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-13 09:32 - 2017-09-05 05:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-13 09:32 - 2017-09-05 05:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 09:32 - 2017-09-05 05:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 09:32 - 2017-09-05 05:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 09:32 - 2017-09-05 05:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 09:32 - 2017-09-05 05:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-13 09:32 - 2017-09-05 05:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 09:32 - 2017-09-05 05:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 09:32 - 2017-09-05 05:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 09:32 - 2017-09-05 05:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-13 09:32 - 2017-09-05 05:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 09:32 - 2017-09-05 05:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-13 09:32 - 2017-09-05 05:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-13 09:32 - 2017-09-05 05:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 09:32 - 2017-09-05 05:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-13 09:32 - 2017-09-05 05:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-13 09:32 - 2017-09-05 05:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-13 09:32 - 2017-09-05 05:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 09:32 - 2017-09-05 05:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 09:32 - 2017-09-05 05:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-13 09:32 - 2017-09-05 05:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 09:32 - 2017-09-05 05:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 09:32 - 2017-09-05 05:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-13 09:32 - 2017-09-05 05:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-13 09:32 - 2017-09-05 05:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 09:32 - 2017-09-05 05:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 09:32 - 2017-09-05 05:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 09:32 - 2017-09-05 05:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-13 09:32 - 2017-09-05 05:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 09:32 - 2017-09-05 05:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 09:32 - 2017-09-05 05:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 09:32 - 2017-09-05 05:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 09:32 - 2017-09-05 05:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 09:32 - 2017-09-05 05:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-13 09:32 - 2017-09-05 05:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-13 09:32 - 2017-09-05 05:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 09:32 - 2017-09-05 05:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 09:32 - 2017-09-05 05:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-13 09:32 - 2017-09-05 05:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-13 09:32 - 2017-09-05 05:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-13 09:32 - 2017-09-05 05:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 09:32 - 2017-09-05 05:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-13 09:32 - 2017-09-05 05:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-13 09:32 - 2017-09-05 05:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-13 09:31 - 2017-09-05 06:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-13 09:31 - 2017-09-05 06:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-13 09:31 - 2017-09-05 06:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-13 09:31 - 2017-09-05 06:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-13 09:31 - 2017-09-05 06:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-13 09:31 - 2017-09-05 06:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 09:31 - 2017-09-05 06:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-13 09:31 - 2017-09-05 06:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-13 09:31 - 2017-09-05 06:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 09:31 - 2017-09-05 06:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-13 09:31 - 2017-09-05 06:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 09:31 - 2017-09-05 06:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-13 09:31 - 2017-09-05 06:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-13 09:31 - 2017-09-05 06:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-13 09:31 - 2017-09-05 06:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-13 09:31 - 2017-09-05 06:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-13 09:31 - 2017-09-05 06:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-13 09:31 - 2017-09-05 06:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-13 09:31 - 2017-09-05 06:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-13 09:31 - 2017-09-05 06:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-13 09:31 - 2017-09-05 06:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-13 09:31 - 2017-09-05 06:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-13 09:31 - 2017-09-05 06:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-13 09:31 - 2017-09-05 06:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-13 09:31 - 2017-09-05 06:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-13 09:31 - 2017-09-05 06:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-13 09:31 - 2017-09-05 06:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-13 09:31 - 2017-09-05 06:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-13 09:31 - 2017-09-05 06:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-13 09:31 - 2017-09-05 06:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-13 09:31 - 2017-09-05 06:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-13 09:31 - 2017-09-05 06:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-13 09:31 - 2017-09-05 05:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-13 09:31 - 2017-09-05 05:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 09:31 - 2017-09-05 05:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-13 09:31 - 2017-09-05 05:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-13 09:31 - 2017-09-05 05:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-13 09:31 - 2017-09-05 05:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-13 09:31 - 2017-09-05 05:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-13 09:31 - 2017-09-05 05:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-13 09:31 - 2017-09-05 05:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-13 09:31 - 2017-09-05 05:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-13 09:31 - 2017-09-05 05:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-13 09:31 - 2017-09-05 05:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-13 09:31 - 2017-09-05 05:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-13 09:31 - 2017-09-05 05:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-13 09:31 - 2017-09-05 05:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-13 09:31 - 2017-09-05 05:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-13 09:31 - 2017-09-05 05:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-13 09:31 - 2017-09-05 05:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-13 09:31 - 2017-09-05 05:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-13 09:31 - 2017-09-05 05:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-13 09:31 - 2017-09-05 05:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-13 09:31 - 2017-09-05 05:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-13 09:31 - 2017-09-05 05:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-13 09:31 - 2017-09-05 05:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-13 09:31 - 2017-09-05 05:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-13 09:31 - 2017-09-05 05:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 09:31 - 2017-09-05 05:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-13 09:31 - 2017-09-05 05:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-13 09:31 - 2017-09-05 05:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-13 09:31 - 2017-09-05 05:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-13 09:31 - 2017-09-05 05:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-13 09:31 - 2017-09-05 05:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-13 09:31 - 2017-09-05 05:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-13 09:31 - 2017-09-05 05:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 09:31 - 2017-09-05 05:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-13 09:31 - 2017-09-05 05:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-13 09:31 - 2017-09-05 05:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-13 09:31 - 2017-09-05 05:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-13 09:31 - 2017-09-05 05:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-13 09:31 - 2017-09-05 05:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-13 09:31 - 2017-09-05 05:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-13 09:31 - 2017-09-05 05:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-13 09:31 - 2017-09-05 05:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-13 09:31 - 2017-09-05 05:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 09:31 - 2017-09-05 05:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-13 09:31 - 2017-09-05 05:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-13 09:31 - 2017-09-05 05:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-13 09:31 - 2017-09-05 05:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-13 09:31 - 2017-09-05 05:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-13 09:31 - 2017-09-05 05:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-13 09:31 - 2017-09-05 05:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-13 09:31 - 2017-09-05 05:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-13 09:31 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-13 09:31 - 2017-09-05 05:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-13 09:31 - 2017-09-05 05:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 09:31 - 2017-09-05 05:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-13 09:31 - 2017-09-05 05:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-13 09:31 - 2017-09-05 05:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-13 09:31 - 2017-09-05 05:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-13 09:31 - 2017-09-05 05:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-13 09:31 - 2017-09-05 05:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-13 09:31 - 2017-09-05 05:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-13 09:31 - 2017-09-05 05:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-13 09:31 - 2017-09-05 05:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-13 09:31 - 2017-09-05 05:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-13 09:31 - 2017-09-05 05:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-13 09:31 - 2017-09-05 05:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-13 09:31 - 2017-09-05 05:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-13 09:31 - 2017-09-05 05:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-13 09:31 - 2017-09-05 05:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-13 09:31 - 2017-09-05 05:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-13 09:31 - 2017-09-05 05:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-13 09:31 - 2017-09-05 05:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-13 09:31 - 2017-09-05 05:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-13 09:31 - 2017-09-05 05:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-13 09:31 - 2017-09-05 05:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-13 09:31 - 2017-09-05 05:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-13 09:31 - 2017-09-05 05:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-13 09:31 - 2017-09-05 05:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-13 09:31 - 2017-09-05 05:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-13 09:31 - 2017-09-05 05:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-13 09:31 - 2017-09-05 05:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-13 09:31 - 2017-09-05 05:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-13 09:31 - 2017-09-05 05:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-13 09:31 - 2017-09-05 05:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-13 09:31 - 2017-09-05 05:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-13 09:31 - 2017-09-05 05:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-13 09:31 - 2017-09-05 05:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-13 09:31 - 2017-09-05 05:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-13 09:31 - 2017-09-05 05:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-13 09:31 - 2017-09-01 06:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-07 20:50 - 2017-06-09 22:36 - 000000000 __SHD C:\Users\frank\IntelGraphicsProfiles
2017-10-07 03:46 - 2017-03-18 21:56 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2017-10-07 03:09 - 2017-06-09 22:38 - 000000000 ___RD C:\Users\frank\OneDrive
2017-10-07 03:04 - 2016-07-29 13:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-07 02:58 - 2017-03-18 15:04 - 000000000 ____D C:\Intel
2017-09-25 20:17 - 2016-08-23 20:10 - 000000000 ____D C:\SWSETUP


==================== Files in the root of some directories =======

2017-10-07 12:11 - 2017-10-07 12:24 - 000248588 _____ () C:\Users\frank\AppData\Local\ars.cache
2017-10-07 12:11 - 2017-10-07 12:24 - 000614685 _____ () C:\Users\frank\AppData\Local\census.cache
2017-10-07 12:01 - 2017-10-07 12:01 - 000000036 _____ () C:\Users\frank\AppData\Local\housecall.guid.cache
2017-10-07 12:13 - 2017-10-07 12:21 - 000000010 _____ () C:\Users\frank\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-07 02:57

==================== End of FRST.txt ============================

 

[cronos]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2017
Ran by frank (07-10-2017 21:18:18)
Running from C:\Users\frank\Downloads
Windows 10 Home Version 1703 (X64) (2017-10-07 02:04:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-163469714-1549570686-1575771799-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-163469714-1549570686-1575771799-503 - Limited - Disabled)
frank (S-1-5-21-163469714-1549570686-1575771799-1001 - Administrator - Enabled) => C:\Users\frank
Guest (S-1-5-21-163469714-1549570686-1575771799-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HouseCall for Home IoT Devices (HKLM\...\DRScanner) (Version: 3.0.1066 - Trend Micro Inc.)
Microsoft OneDrive (HKU\S-1-5-21-163469714-1549570686-1575771799-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-07] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-07] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-07] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxDTCM.dll [2017-02-22] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-07] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {54EEAB31-101C-4C4D-A4DF-B54B22CCD3EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-07] (Google Inc.)
Task: {99FFDF62-4173-48CF-9528-D421D7DBFF9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-07] (Google Inc.)
Task: {B0942CB5-FCE7-49A0-8EFF-9F8B4CAF5410} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-07] (AVAST Software)
Task: {B7E44353-B3D0-45DB-92E8-70E8A5AAC831} - System32\Tasks\DRScanner Startup => C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe [2017-08-25] (Trend Micro Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-20 04:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-07 03:17 - 2017-10-07 03:17 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-10-07 03:13 - 2017-09-21 08:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-10-07 03:13 - 2017-09-21 08:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-03-20 04:45 - 2017-03-20 04:45 - 010650112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-03-20 04:45 - 2017-03-20 04:45 - 002653184 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-03-20 04:45 - 2017-03-20 04:45 - 000761344 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-10-07 11:58 - 2017-08-24 09:22 - 003068560 _____ () C:\Program Files (x86)\Trend Micro\DRScanner\sdk\DrsSDK.dll
2017-10-07 03:17 - 2017-10-07 03:17 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-10-07 03:17 - 2017-10-07 03:17 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-10-07 03:17 - 2017-10-07 03:17 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-10-07 03:17 - 2017-10-07 03:17 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-10-07 03:17 - 2017-10-07 03:17 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-10-07 03:17 - 2017-10-07 03:17 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-07 03:17 - 2017-10-07 03:17 - 000700656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-10-07 03:48 - 2017-10-07 03:47 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-163469714-1549570686-1575771799-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{62FEACA0-0235-4AD9-9FD2-7FD648B38BF9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{64A31435-30CC-432E-9076-90B5AC65575D}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
FirewallRules: [{A557FD4F-C3D9-46AF-85EE-457D9FC1021D}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\nmap\nmap.exe
FirewallRules: [{28EE82D5-A187-46C2-9C9E-7A280D0D1776}] => (Allow) C:\Users\frank\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe
FirewallRules: [{7CDC471E-8EAE-4DFC-A405-81210743BA3D}] => (Allow) C:\Users\frank\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe
FirewallRules: [{96DD430A-C17F-4CC6-9370-142F7D9AD908}] => (Allow) C:\Users\frank\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2017 08:52:15 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (10/07/2017 08:52:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/07/2017 03:21:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.7906.4225, time stamp: 0x5898ef4f
Faulting module name: biwinrt.dll, version: 10.0.15063.0, time stamp: 0x87ee4a59
Exception code: 0xe0464645
Fault offset: 0x00000000000156f9
Faulting process ID: 0x28f0
Faulting application start time: 0x01d33f12f9db41bc
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxTsr.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report ID: 451a0b65-1718-4b8a-b7f9-915deb74d340
Faulting package full name: microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/07/2017 03:20:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.7906.4225, time stamp: 0x5898ef4f
Faulting module name: biwinrt.dll, version: 10.0.15063.0, time stamp: 0x87ee4a59
Exception code: 0xe0464645
Fault offset: 0x00000000000156f9
Faulting process ID: 0x2924
Faulting application start time: 0x01d33f12e7fa800e
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxTsr.exe
Faulting module path: C:\Windows\System32\biwinrt.dll
Report ID: 98531825-6776-49a5-8e3f-4f276ff00dec
Faulting package full name: microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (10/07/2017 03:19:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/07/2017 03:07:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0x269c
Faulting application start time: 0x01d33f10ecdcb717
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report ID: e14fb8ef-4936-49e9-b804-883b63def4a8
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/07/2017 03:07:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0x2f8
Faulting application start time: 0x01d33f10d766b379
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report ID: 17792f32-5f4f-4d2e-a02b-bd6c1f6dce6a
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/07/2017 03:07:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0x3048
Faulting application start time: 0x01d33f10eaa49d31
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report ID: cab53b6d-d590-49ce-be66-d90b4ad33d39
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/07/2017 03:06:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0x269c
Faulting application start time: 0x01d33f10ecdcb717
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report ID: cd202f19-e414-4ab9-afdb-8be6aa9a4292
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (10/07/2017 03:06:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0x269c
Faulting application start time: 0x01d33f10ecdcb717
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report ID: b49dc079-eb62-4d27-8940-edd5e9cd840d
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess


System errors:
=============
Error: (10/07/2017 08:52:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (10/07/2017 08:52:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (10/07/2017 08:52:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (10/07/2017 08:52:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (10/07/2017 08:52:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (10/07/2017 08:52:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (10/07/2017 08:52:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (10/07/2017 08:52:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (10/07/2017 08:52:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (10/07/2017 08:52:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The npf service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


CodeIntegrity:
===================================
Date: 2017-10-07 20:52:48.672
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\npf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-07 20:52:48.665
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\npf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-07 20:52:48.660
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\npf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-07 20:52:48.652
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\npf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-07 20:52:48.643
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\npf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-07 20:52:48.635
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\npf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-07 20:52:48.628
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\npf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-07 20:52:48.621
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\npf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-07 20:52:48.614
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\npf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-10-07 20:52:48.607
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\npf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8077.22 MB
Available physical RAM: 4620.68 MB
Total Virtual: 9997.22 MB
Available Virtual: 6380.03 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:118.01 GB) (Free:86.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: A24C06A2)

Partition: GPT.

==================== End of Addition.txt ============================

 

[cronos]

RogueKiller V12.11.18.0 (x64) [Oct 2 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : frank [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/07/2017 21:43:44 (Duration : 00:15:59)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {28EE82D5-A187-46C2-9C9E-7A280D0D1776} : v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\frank\AppData\Local\Temp\HouseCall\tmase\nmap\bonjour.exe|Name=bonjour4trend|Desc=bonjour4trend|EmbedCtxt=bonjour4trend|Edge=TRUE|Defer=App| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7CDC471E-8EAE-4DFC-A405-81210743BA3D} : v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\frank\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe|Name=drs4trend|Desc=drs4trend|EmbedCtxt=drs4trend|Edge=TRUE|Defer=App| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {96DD430A-C17F-4CC6-9370-142F7D9AD908} : v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\frank\AppData\Local\Temp\HouseCall\tmase\drs\DrScaner.exe|Name=rule4scaner|Desc=rule4scaner|EmbedCtxt=rule4scaner|Edge=TRUE|Defer=App| [7] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SanDisk SD8SNAT-128G-1006 +++++
--- User ---
[MBR] e123651dc76e1ab55040e17cb8b79ad2
[BSP] bf5b7ab546beb86e4c45163c0a71f6ae : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 120842 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 248051712 | Size: 980 MB
User = LL1 ... OK
User = LL2 ... OK

 

[cronos]

# AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 07 21:26:07 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-04-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[cronos]

I decided to format the computer. Hopefully that is sufficient to resolve the problem. I've also enabled 2 factor auth. I ran the above tools from my reading of other fourm posts. They didn't find anything at all. So hopefully I'm wrong and there was no issue. But hard to know.

 

[Broni]

Thank you for letting me know