Solved B.S.O.D.

PanaMax

TS Rookie
I've had B.S.O.D. problems for quite awhile. Some days it doesn't bother at all, some it's repeatedly. I did a reset, but kept some personal files, such as pictures, videos, etc. Still get a CRITICAL PROCESS DIED.

Below is Part 1 of my FRST.txt. - Pasted:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Office-PC (administrator) on LAPTOP-EJHII4NS (20-03-2018 21:06:36)
Running from E:\Users\Office-PC\Desktop
Loaded Profiles: Office-PC (Available Profiles: Office-PC & Administrator)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2502b44bc436c53a\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2502b44bc436c53a\igfxEM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(SweetLabs, Inc) C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18368504 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485304 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485304 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485304 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [629248 2015-11-13] ()
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-10-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4180056 2017-05-08] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-17] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-02-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\Run: [GUDelayStartup] => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\RunOnce: [Uninstall C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64"
HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\RunOnce: [Uninstall C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 4.2.2.2 8.8.8.8 208.67.222.222
Tcpip\..\Interfaces\{5f4d51a6-e1a8-44c1-9875-156cefaa9102}: [DhcpNameServer] 172.168.123.2
Tcpip\..\Interfaces\{89bc9e5d-b31d-4220-961b-e4ef8ee4820a}: [DhcpNameServer] 4.2.2.2 8.8.8.8 208.67.222.222

Internet Explorer:
==================
HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003 -> DefaultScope {3F6E2D0C-6E41-4D63-8AF1-652A7ECE420E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003 -> {3E92244C-4811-414A-9125-6430DFC961CB} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003 -> {3F6E2D0C-6E41-4D63-8AF1-652A7ECE420E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003 -> {E9527294-7732-4F9C-A66E-36B41BE5E442} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-17] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-17] (Microsoft Corporation)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1232202.dll [2018-03-09] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-17] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default [2018-03-18]
CHR Extension: (Docs) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-18]
CHR Extension: (Google Drive) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-27]
CHR Extension: (YouTube) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-27]
CHR Extension: (Google Docs Offline) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-18]
CHR Extension: (Gmail) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-17] (AVAST Software)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [666608 2016-03-22] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [194048 2017-04-10] (Dolby Laboratories, Inc.)
R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (Seiko Epson Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1210352 2016-03-22] (Lenovo)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] ()
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-10] (NVIDIA Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258648 2017-05-08] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel® Corporation)
S2 ImControllerInstallerService; "X:\windows\System32\ImController.InfInstaller.exe" [X]
S2 ImControllerService; "X:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" [X]
S4 McProxy; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 

PanaMax

TS Rookie
Part II:



===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-17] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-17] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-17] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-17] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-17] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-17] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-17] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-17] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-17] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-17] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-17] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-17] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-17] (AVAST Software)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [115704 2015-07-15] (GenesysLogic)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_172f5564dac9e735\nvlddmkm.sys [17524720 2018-02-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30280 2018-01-10] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [26696 2018-01-10] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57928 2018-01-10] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-08-19] (Realtek )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3119872 2016-06-07] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60504 2017-05-08] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [64088 2017-05-08] (Synaptics Incorporated)
S3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [48296 2015-07-23] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-20 21:06 - 2018-03-20 21:06 - 000000000 ____D C:\FRST
2018-03-20 14:56 - 2018-03-20 14:56 - 000000000 _____ C:\WINDOWS\eeventmanager.INI
2018-03-20 14:53 - 2018-03-20 14:56 - 000000951 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}.job
2018-03-20 14:53 - 2018-03-20 14:56 - 000000765 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}.job
2018-03-20 14:53 - 2018-03-20 14:53 - 000004150 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Update {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}
2018-03-20 14:53 - 2018-03-20 14:53 - 000003972 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Invitation {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}
2018-03-20 14:51 - 2018-03-20 14:52 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2018-03-20 14:51 - 2018-03-20 14:51 - 000000000 ____D C:\Program Files\EpsonNet
2018-03-20 14:50 - 2018-03-20 14:51 - 000001014 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2018-03-20 14:50 - 2018-03-20 14:51 - 000000000 ____D C:\Program Files (x86)\epson
2018-03-20 14:50 - 2012-07-24 00:00 - 000466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2018-03-20 14:50 - 2012-05-17 00:00 - 000144560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2018-03-20 14:50 - 2010-11-22 13:27 - 000147472 _____ (TWAIN Working Group) C:\WINDOWS\SysWOW64\twaindsm.dll
2018-03-20 14:32 - 2018-03-20 14:56 - 000000951 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {33D7BEA6-1458-4CC9-817B-94359EA493F8}.job
2018-03-20 14:32 - 2018-03-20 14:56 - 000000765 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {33D7BEA6-1458-4CC9-817B-94359EA493F8}.job
2018-03-20 14:32 - 2018-03-20 14:54 - 000000000 ____D C:\ProgramData\EPSON
2018-03-20 14:32 - 2018-03-20 14:32 - 000004150 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Update {33D7BEA6-1458-4CC9-817B-94359EA493F8}
2018-03-20 14:32 - 2018-03-20 14:32 - 000003972 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Invitation {33D7BEA6-1458-4CC9-817B-94359EA493F8}
2018-03-20 14:32 - 2018-03-20 14:32 - 000000000 ____D C:\Program Files\Common Files\EPSON
2018-03-17 19:27 - 2018-03-20 20:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-17 19:27 - 2018-03-20 20:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-17 19:26 - 2018-03-17 19:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-17 19:26 - 2018-03-17 19:26 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-17 19:26 - 2018-03-17 19:26 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-17 19:23 - 2018-03-17 19:23 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-17 19:23 - 2018-03-17 19:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-17 19:23 - 2018-03-17 19:23 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-17 19:23 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-17 19:21 - 2018-03-17 19:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-17 19:21 - 2018-03-17 19:21 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-17 19:21 - 2018-03-17 19:21 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-17 19:21 - 2018-03-17 19:21 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-03-17 19:21 - 2018-03-17 19:21 - 000002878 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-03-17 19:21 - 2018-03-17 19:21 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-17 19:21 - 2018-03-17 19:21 - 000000000 ____D C:\Program Files\CCleaner
2018-03-17 19:11 - 2018-03-17 19:11 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-03-17 19:11 - 2018-03-17 19:11 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-17 19:11 - 2018-02-23 14:28 - 000136536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-03-17 19:11 - 2018-02-23 14:22 - 005953096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 002587992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 001768008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 000633984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 000451144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 000147904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 000122896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 000081752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-03-17 19:11 - 2018-02-16 09:48 - 008083703 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-03-17 19:11 - 2018-01-10 09:29 - 002424904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-03-17 19:11 - 2018-01-10 09:29 - 002090056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-03-17 19:11 - 2018-01-10 09:28 - 001309256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-03-17 19:11 - 2018-01-10 04:41 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-03-17 19:11 - 2017-12-13 14:25 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-03-17 19:11 - 2017-12-08 17:25 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-03-17 19:11 - 2017-12-08 17:25 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-03-17 19:11 - 2017-12-08 17:24 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-03-17 19:11 - 2017-12-08 17:24 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-03-17 19:05 - 2018-03-17 19:05 - 000000000 ____D C:\NVIDIA
2018-03-17 18:56 - 2018-03-17 18:56 - 000000000 ____D C:\Users\Office-PC\AppData\Local\DBG
2018-03-17 18:55 - 2018-03-17 18:55 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2018-03-17 18:54 - 2018-03-17 19:27 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-17 18:54 - 2018-03-17 19:26 - 000000000 ____D C:\ProgramData\Adobe
2018-03-17 18:54 - 2018-03-17 18:54 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-17 18:53 - 2018-03-17 18:54 - 000000000 ____D C:\ProgramData\Oracle
2018-03-17 18:53 - 2018-03-17 18:53 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-03-17 18:53 - 2018-03-17 18:53 - 000000000 ____D C:\Program Files (x86)\Java
2018-03-17 18:40 - 2018-03-17 18:40 - 000000020 ___SH C:\Users\Office-PC\ntuser.ini
2018-03-17 18:28 - 2018-03-19 18:32 - 000000000 ____D C:\Windows.old
2018-03-17 18:28 - 2018-03-17 18:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-03-17 18:28 - 2018-03-17 18:28 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-03-17 18:28 - 2018-03-17 15:37 - 000000000 ____D C:\WINDOWS\Panther
2018-03-17 18:28 - 2015-04-28 13:06 - 000043256 _____ C:\WINDOWS\system32\oemlogo.bmp
2018-03-17 18:27 - 2018-03-17 18:27 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-03-17 18:26 - 2018-03-17 18:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2018-03-17 18:26 - 2018-03-17 18:26 - 000000000 ____D C:\Program Files\Synaptics
2018-03-17 18:25 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\Setup
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
 

PanaMax

TS Rookie
Part III:


2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ___RD C:\WINDOWS\WebManagement
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\OCR
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\Program Files\MSBuild
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\0409
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-03-17 18:22 - 2018-03-02 16:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-17 18:22 - 2018-03-02 16:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-17 18:21 - 2018-03-20 14:51 - 000000000 ___RD C:\Program Files (x86)
2018-03-17 18:21 - 2018-03-19 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-17 18:21 - 2018-03-18 15:19 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-17 18:21 - 2018-03-18 15:18 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-17 18:21 - 2018-03-18 04:37 - 000000000 ____D C:\WINDOWS\appcompat
2018-03-17 18:21 - 2018-03-17 19:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-17 18:21 - 2018-03-17 19:35 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-17 18:21 - 2018-03-17 19:11 - 000000000 ____D C:\WINDOWS\Help
2018-03-17 18:21 - 2018-03-17 18:55 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-03-17 18:21 - 2018-03-17 18:28 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-03-17 18:21 - 2018-03-17 18:28 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\Provisioning
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-03-17 18:21 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\setup
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\com
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\IME
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\Program Files\Common Files\system
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 __RSD C:\WINDOWS\media
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Web
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Vss
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\tracing
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\TAPI
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SystemResources
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SystemApps
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
 

PanaMax

TS Rookie
Part IV:


2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\ras
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\IME
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\ias
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\System
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SKB
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\security
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\schemas
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SchCache
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Resources
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\rescache
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\PLA
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Performance
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\InputMethod
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Globalization
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Cursors
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Branding
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\addins
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files\Windows Security
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files\windows nt
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files\Common Files\Services
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-03-17 18:21 - 2018-03-17 18:20 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-03-17 18:21 - 2018-03-17 18:20 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-03-17 18:21 - 2018-03-17 18:20 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-03-17 18:21 - 2018-03-17 18:20 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-03-17 18:21 - 2018-03-17 18:20 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-03-17 18:21 - 2018-03-17 18:20 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2018-03-17 18:21 - 2018-03-17 18:20 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-03-17 18:21 - 2018-03-17 18:20 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-03-17 18:21 - 2018-03-17 18:20 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-03-17 18:21 - 2018-03-17 18:20 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-03-17 18:21 - 2018-03-17 15:39 - 000000000 ____D C:\ProgramData\USOPrivate
2018-03-17 18:21 - 2018-03-17 15:37 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-17 18:21 - 2018-03-17 15:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-03-17 18:21 - 2018-03-17 15:35 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-17 18:21 - 2018-03-17 15:35 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-03-17 18:21 - 2018-03-17 15:35 - 000000000 ____D C:\WINDOWS\Registration
2018-03-17 18:21 - 2018-03-17 15:32 - 000000000 ____D C:\WINDOWS\system32\spool
2018-03-17 18:21 - 2018-03-17 15:31 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-03-17 18:21 - 2018-03-17 15:30 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-03-17 18:21 - 2018-03-17 15:30 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-03-17 18:21 - 2018-03-17 15:29 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-03-17 18:20 - 2018-03-20 14:51 - 000000000 ____D C:\WINDOWS\INF
2018-03-17 18:17 - 2018-03-20 20:48 - 096993280 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-03-17 18:17 - 2018-03-20 20:48 - 064749568 _____ C:\WINDOWS\system32\config\SYSTEM
2018-03-17 18:17 - 2018-03-20 20:48 - 001835008 _____ C:\WINDOWS\system32\config\DEFAULT
2018-03-17 18:17 - 2018-03-20 20:48 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-17 18:17 - 2018-03-20 20:48 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY
2018-03-17 18:17 - 2018-03-17 18:28 - 000028672 _____ C:\WINDOWS\system32\config\SAM
2018-03-17 18:17 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\servicing
2018-03-17 18:17 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-03-17 18:17 - 2018-03-17 16:21 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-17 18:17 - 2018-03-17 16:09 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-17 18:16 - 2018-03-17 18:28 - 000000000 ___HD C:\$SysReset
2018-03-17 17:11 - 2018-03-17 17:11 - 000001122 _____ C:\Users\Administrator\Desktop\Kodi.lnk
2018-03-17 17:06 - 2018-03-17 17:06 - 000943806 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-03-17 17:04 - 2018-03-17 17:05 - 000002047 _____ C:\Users\Administrator\Desktop\Pictures.lnk
2018-03-17 17:03 - 2018-03-17 17:03 - 000001200 _____ C:\Users\Administrator\Desktop\Downloads.lnk
2018-03-17 17:02 - 2018-03-17 17:03 - 000002054 _____ C:\Users\Administrator\Desktop\Documents.lnk
2018-03-17 17:01 - 2018-03-17 17:01 - 000001252 _____ C:\Users\Administrator\Desktop\DnsJumper.lnk
2018-03-17 17:00 - 2018-03-17 17:00 - 000001113 _____ C:\Users\Administrator\Desktop\Games.lnk
2018-03-17 16:32 - 2018-03-17 16:32 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-17 16:32 - 2018-03-17 16:32 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-17 16:32 - 2018-03-17 16:32 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-03-17 16:32 - 2018-03-17 16:32 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-03-17 16:32 - 2018-03-17 16:32 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-03-17 16:32 - 2018-03-17 16:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2018-03-17 16:32 - 2018-03-17 16:32 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-03-17 16:26 - 2018-03-17 16:26 - 000000000 ____D C:\Program Files\AVAST Software
2018-03-17 16:25 - 2018-03-17 17:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2018-03-17 16:22 - 2018-03-17 16:32 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-17 16:19 - 2018-03-17 16:19 - 000000000 ____D C:\Users\Administrator\AppData\Local\DBG
2018-03-17 16:09 - 2018-03-17 16:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\CyberLink
2018-03-17 15:43 - 2018-03-17 15:43 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2018-03-17 15:40 - 2018-03-20 21:06 - 001141528 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-17 15:40 - 2018-03-17 15:40 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1460132598-1632162819-4137796141-500
2018-03-17 15:39 - 2018-03-17 15:40 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-03-17 15:39 - 2018-03-17 15:39 - 000000000 ____D C:\ProgramData\USOShared
2018-03-17 15:39 - 2018-03-17 15:39 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-03-17 15:38 - 2018-03-17 15:38 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2018-03-17 15:38 - 2018-03-17 15:38 - 000000000 ____D C:\Users\Public\Lenovo App Explorer
2018-03-17 15:38 - 2018-03-17 15:38 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2018-03-17 15:37 - 2018-03-17 16:39 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-03-17 15:37 - 2018-03-17 16:35 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-03-17 15:37 - 2018-03-17 15:37 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-03-17 15:37 - 2018-03-17 15:37 - 000000000 _SHDL C:\Users\Default User
2018-03-17 15:37 - 2018-03-17 15:37 - 000000000 _SHDL C:\Users\All Users
2018-03-17 15:37 - 2018-03-17 15:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-03-17 15:36 - 2018-03-20 21:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-17 15:36 - 2018-03-17 15:36 - 000002408 _____ C:\WINDOWS\System32\Tasks\App Explorer
2018-03-17 15:36 - 2018-03-17 15:36 - 000002206 _____ C:\WINDOWS\System32\Tasks\Nvbackend
2018-03-17 15:36 - 2018-03-17 15:36 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2018-03-17 15:36 - 2018-03-17 15:36 - 000000000 ____D C:\WINDOWS\System32\Tasks\CyberLink
2018-03-17 15:35 - 2018-03-17 15:35 - 000025542 _____ C:\Users\Office-PC\Desktop\Removed Apps.html
2018-03-17 15:35 - 2018-03-17 15:35 - 000024304 _____ C:\Users\Administrator\Desktop\Removed Apps.html
2018-03-17 15:35 - 2018-03-17 15:35 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-03-17 15:34 - 2018-03-20 20:41 - 000000000 ____D C:\Users\Office-PC\AppData\Local\Host App Service
2018-03-17 15:34 - 2018-03-19 22:31 - 000000000 ____D C:\Users\Office-PC
2018-03-17 15:34 - 2018-03-17 16:36 - 000000000 ____D C:\Users\Administrator
2018-03-17 15:34 - 2018-03-17 15:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Host App Service
2018-03-17 15:33 - 2018-03-17 15:33 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-17 15:31 - 2018-03-17 15:31 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-03-17 15:30 - 2018-03-20 21:01 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-17 15:30 - 2018-03-17 19:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-03-17 15:30 - 2018-03-17 19:11 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-17 15:30 - 2018-03-17 15:31 - 000000000 ____D C:\Program Files\Intel
2018-03-17 15:30 - 2018-03-17 15:31 - 000000000 ____D C:\Program Files (x86)\Intel
2018-03-17 15:30 - 2018-03-17 15:30 - 000000102 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2018-03-17 15:30 - 2018-03-17 15:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-03-17 15:30 - 2018-03-17 15:30 - 000000000 ____D C:\ProgramData\Dolby
2018-03-17 15:30 - 2018-03-17 15:30 - 000000000 ____D C:\Program Files\Dolby
2018-03-17 15:30 - 2018-03-17 15:30 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-03-17 15:30 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-03-17 15:30 - 2016-10-13 10:34 - 000113688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-03-17 15:30 - 2016-10-13 10:34 - 000104472 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-03-17 15:29 - 2018-03-20 21:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-17 15:29 - 2018-03-17 15:34 - 000222608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-17 15:29 - 2018-03-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-03-17 15:29 - 2018-03-17 15:32 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-03-17 15:29 - 2018-03-17 15:29 - 000292344 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____D C:\Program Files\Realtek
2018-03-17 14:46 - 2018-02-25 22:46 - 000997736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-03-17 14:46 - 2018-02-25 22:46 - 000949280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-03-17 14:46 - 2018-02-25 22:46 - 000625696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-03-17 14:46 - 2018-02-25 22:46 - 000516128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 019854816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 016496072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 013571008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 011131688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 004317160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 003717432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 001985384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439101.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 001684000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439101.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 001136944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 001065880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 040277488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 035188640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 001345944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 001153752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 000902280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 000811992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 000650424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-03-17 14:46 - 2018-02-25 22:42 - 012966216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-03-17 14:46 - 2018-02-25 22:42 - 011000480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-03-17 14:46 - 2018-02-25 22:42 - 004630848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-03-17 14:46 - 2018-02-25 22:42 - 003938208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-03-17 14:46 - 2018-02-25 22:42 - 001061352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-03-17 14:46 - 2018-02-23 23:36 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2018-03-17 14:46 - 2018-01-10 09:31 - 001730120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2018-03-17 14:46 - 2018-01-10 09:31 - 000026696 ____N (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\nvswcfilter.sys
2018-03-17 14:46 - 2018-01-10 09:25 - 000057928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-03-17 14:46 - 2017-12-14 21:03 - 000059240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-03-17 14:06 - 2018-03-17 14:06 - 000000000 ___HD C:\Users\Office-PC\MicrosoftEdgeBackups
2018-03-16 22:19 - 2018-03-02 08:40 - 000425200 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
 

PanaMax

TS Rookie
Part IV:


2018-03-16 22:19 - 2018-03-02 08:40 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-03-16 22:19 - 2018-03-02 08:40 - 000053488 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-03-14 10:15 - 2018-03-01 02:40 - 002514936 ____N (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 10:15 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 10:15 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 10:15 - 2018-03-01 02:29 - 000733592 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 10:15 - 2018-03-01 02:23 - 000749976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 10:15 - 2018-03-01 02:17 - 002710736 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 10:15 - 2018-03-01 02:17 - 000408984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 10:15 - 2018-03-01 02:15 - 002574232 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 10:15 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 10:15 - 2018-03-01 02:14 - 000147872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 10:15 - 2018-03-01 02:11 - 000093600 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 10:15 - 2018-03-01 02:10 - 000075168 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 10:15 - 2018-03-01 01:48 - 001930736 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 10:15 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 10:15 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 10:15 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 10:15 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 10:15 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 10:15 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 10:15 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 10:15 - 2018-03-01 01:03 - 000471552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 10:15 - 2018-03-01 01:03 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 10:15 - 2018-03-01 01:03 - 000162304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 10:15 - 2018-03-01 01:03 - 000065536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 10:15 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 10:15 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 10:15 - 2018-03-01 01:01 - 000155648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 10:15 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 10:15 - 2018-03-01 00:58 - 000459776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 10:15 - 2018-03-01 00:57 - 000369152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 10:15 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 10:15 - 2018-03-01 00:56 - 000559104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 10:15 - 2018-03-01 00:54 - 003664384 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 10:15 - 2018-03-01 00:54 - 000665088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 10:15 - 2018-03-01 00:54 - 000463360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 10:15 - 2018-03-01 00:53 - 000536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 10:15 - 2018-03-01 00:53 - 000056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 10:15 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 10:15 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 10:15 - 2018-03-01 00:51 - 000034816 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 10:15 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 10:15 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 10:15 - 2018-03-01 00:49 - 000529408 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 10:15 - 2018-03-01 00:48 - 000431616 ____N (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 10:15 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 10:15 - 2018-03-01 00:46 - 000770048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 10:15 - 2018-03-01 00:45 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 10:15 - 2018-03-01 00:45 - 000594944 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 10:15 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 10:15 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 10:15 - 2018-03-01 00:42 - 002084352 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 10:15 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 10:15 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 10:15 - 2018-03-01 00:41 - 003334144 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 10:15 - 2018-03-01 00:41 - 001548288 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 10:15 - 2018-03-01 00:41 - 000812032 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 10:15 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 10:15 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 10:15 - 2018-03-01 00:39 - 000899584 ____N (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 10:15 - 2018-03-01 00:39 - 000666624 ____N (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 10:15 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 10:15 - 2018-03-01 00:38 - 000726016 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 10:15 - 2018-02-21 21:13 - 000279456 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 10:15 - 2018-02-21 21:13 - 000077216 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 10:15 - 2018-02-21 21:11 - 000109984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 10:15 - 2018-02-21 21:10 - 000285080 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 10:15 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 10:15 - 2018-02-21 21:08 - 000571288 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 10:15 - 2018-02-21 21:03 - 000082848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 10:15 - 2018-02-21 21:02 - 000149400 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 10:15 - 2018-02-21 21:00 - 000187296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 10:15 - 2018-02-21 20:54 - 000437144 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 10:15 - 2018-02-21 20:52 - 000103328 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 10:15 - 2018-02-21 20:51 - 000555424 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 10:15 - 2018-02-21 20:51 - 000045472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 10:15 - 2018-02-21 20:50 - 000362904 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 10:15 - 2018-02-21 19:31 - 000057344 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 10:15 - 2018-02-21 19:30 - 000192512 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 10:15 - 2018-02-21 19:30 - 000046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 10:15 - 2018-02-21 19:26 - 001015296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-14 10:14 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 10:14 - 2018-03-01 22:02 - 000037888 ____N C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 10:14 - 2018-03-01 22:01 - 000640000 ____N (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 10:14 - 2018-03-01 22:00 - 000329728 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 10:14 - 2018-03-01 22:00 - 000248320 ____N (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 10:14 - 2018-03-01 22:00 - 000230912 ____N (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 10:14 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 10:14 - 2018-03-01 21:56 - 000267776 ____N (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2018-03-14 10:14 - 2018-03-01 15:28 - 000181760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 10:14 - 2018-03-01 02:50 - 000270744 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 10:14 - 2018-03-01 02:49 - 000389536 ____N (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 10:14 - 2018-03-01 02:48 - 000664472 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 10:14 - 2018-03-01 02:47 - 000749464 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 10:14 - 2018-03-01 02:47 - 000035224 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 10:14 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 10:14 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 10:14 - 2018-03-01 02:46 - 000609176 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 10:14 - 2018-03-01 02:46 - 000138144 ____N (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 10:14 - 2018-03-01 02:45 - 000070040 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 10:14 - 2018-03-01 02:40 - 000461720 ____N (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 10:14 - 2018-03-01 02:40 - 000273304 ____N (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 10:14 - 2018-03-01 02:30 - 000540064 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 10:14 - 2018-03-01 02:30 - 000264040 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 10:14 - 2018-03-01 02:27 - 001173576 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 10:14 - 2018-03-01 02:26 - 000170912 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 10:14 - 2018-03-01 02:25 - 000377752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 10:14 - 2018-03-01 02:19 - 000710768 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 10:14 - 2018-03-01 02:17 - 000519152 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 10:14 - 2018-03-01 02:14 - 007675784 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 10:14 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 10:14 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 10:14 - 2018-03-01 02:14 - 000356952 ____N (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 10:14 - 2018-03-01 02:14 - 000128928 ____N (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 10:14 - 2018-03-01 02:12 - 000677272 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 10:14 - 2018-03-01 02:12 - 000250264 ____N (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 10:14 - 2018-03-01 02:12 - 000189344 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 10:14 - 2018-03-01 02:10 - 001779936 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 10:14 - 2018-03-01 02:10 - 000022936 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 10:14 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 10:14 - 2018-03-01 01:51 - 000777904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 10:14 - 2018-03-01 01:39 - 000213400 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 10:14 - 2018-03-01 01:29 - 006092152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 10:14 - 2018-03-01 01:29 - 000574960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 10:14 - 2018-03-01 01:28 - 000115096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 10:14 - 2018-03-01 01:27 - 000284112 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 10:14 - 2018-03-01 01:27 - 000221592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 10:14 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 10:14 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 10:14 - 2018-03-01 01:01 - 000019456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 10:14 - 2018-03-01 01:00 - 000098304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 10:14 - 2018-03-01 00:59 - 000220672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 10:14 - 2018-03-01 00:58 - 000405504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 10:14 - 2018-03-01 00:58 - 000368128 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 10:14 - 2018-03-01 00:55 - 000346112 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 10:14 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 10:14 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 10:14 - 2018-03-01 00:54 - 000496128 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000863232 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000399872 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 10:14 - 2018-03-01 00:53 - 000246272 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 10:14 - 2018-03-01 00:53 - 000206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000107520 ____N (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000097792 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000092160 ____N (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000039424 ____N (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 10:14 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 10:14 - 2018-03-01 00:51 - 000201728 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 10:14 - 2018-03-01 00:51 - 000023552 ____N (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 10:14 - 2018-03-01 00:50 - 000526336 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 10:14 - 2018-03-01 00:50 - 000118272 ____N (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 10:14 - 2018-03-01 00:50 - 000075264 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 10:14 - 2018-03-01 00:49 - 000675328 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 10:14 - 2018-03-01 00:49 - 000301056 ____N (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 10:14 - 2018-03-01 00:49 - 000066048 ____N (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 10:14 - 2018-03-01 00:48 - 000543232 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 10:14 - 2018-03-01 00:47 - 000579584 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 10:14 - 2018-03-01 00:47 - 000484352 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 10:14 - 2018-03-01 00:46 - 004051968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 10:14 - 2018-03-01 00:46 - 000026624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 10:14 - 2018-03-01 00:45 - 000386560 ____N (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 10:14 - 2018-03-01 00:44 - 005195776 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 10:14 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 10:14 - 2018-03-01 00:39 - 002222592 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 10:14 - 2018-03-01 00:36 - 004050432 ____N (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 10:14 - 2018-03-01 00:36 - 000030208 ____N (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 10:14 - 2018-03-01 00:35 - 000568320 ____N (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 10:14 - 2018-03-01 00:35 - 000128000 ____N (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 10:14 - 2018-03-01 00:35 - 000050176 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 10:14 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 10:14 - 2018-02-21 21:23 - 000924648 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 10:14 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 10:14 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 10:14 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 10:14 - 2018-02-21 21:07 - 000194456 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 10:14 - 2018-02-21 21:03 - 000712600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 10:14 - 2018-02-21 20:59 - 021351624 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 10:14 - 2018-02-21 20:51 - 000097176 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 10:14 - 2018-02-21 20:50 - 000229272 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 10:14 - 2018-02-21 19:41 - 020286120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 10:14 - 2018-02-21 19:30 - 000043008 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 10:14 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 10:14 - 2018-02-21 19:25 - 000086528 ____N (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 10:14 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 10:14 - 2018-02-21 19:12 - 000076288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-01 16:35 - 2018-03-01 16:35 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2018-03-01 16:11 - 2018-03-01 16:11 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2018-03-01 16:11 - 2018-03-01 16:11 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2018-03-01 16:11 - 2018-03-01 16:11 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2018-03-01 15:58 - 2018-03-01 15:58 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2018-03-01 15:58 - 2018-03-01 15:58 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2018-03-01 15:58 - 2018-03-01 15:58 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2018-03-01 15:58 - 2018-03-01 15:58 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
 

PanaMax

TS Rookie
Part VI:


==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-20 21:01 - 2016-12-03 01:02 - 000000000 __SHD C:\Users\Office-PC\IntelGraphicsProfiles
2018-03-20 14:52 - 2017-02-15 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2018-03-20 14:52 - 2016-10-29 15:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-20 14:31 - 2016-11-26 02:01 - 000000000 ____D C:\Users\Office-PC\AppData\Local\NVIDIA Corporation
2018-03-17 20:33 - 2016-10-29 14:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-17 20:17 - 2016-11-27 02:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-03-17 19:33 - 2016-11-26 20:26 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-17 19:29 - 2016-10-29 15:09 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-17 19:26 - 2016-11-26 02:42 - 000000000 ____D C:\Users\Office-PC\AppData\Local\Deployment
2018-03-17 19:23 - 2018-02-05 04:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-17 19:21 - 2017-09-29 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-17 19:11 - 2017-10-20 23:53 - 000000000 ____D C:\temp
2018-03-17 19:11 - 2016-11-26 02:01 - 000000000 ____D C:\Users\Office-PC\AppData\Local\NVIDIA
2018-03-17 19:10 - 2016-10-29 15:03 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-17 18:55 - 2016-11-26 02:27 - 000000000 ____D C:\Users\Office-PC\AppData\Local\CyberLink
2018-03-17 18:53 - 2017-01-30 21:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-17 18:53 - 2016-11-26 19:35 - 000000000 ____D C:\Users\Office-PC\AppData\Local\Adobe
2018-03-17 18:41 - 2016-11-26 02:01 - 000000000 ____D C:\Users\Office-PC\AppData\Local\Packages
2018-03-17 18:40 - 2017-10-27 11:42 - 000000000 ___RD C:\Users\Office-PC\3D Objects
2018-03-17 18:40 - 2016-11-26 02:42 - 000000000 ____D C:\Users\Office-PC\AppData\Local\Apps\2.0
2018-03-17 18:40 - 2016-11-26 02:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-17 18:28 - 2018-01-31 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-03-17 18:28 - 2018-01-09 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2018-03-17 18:28 - 2017-12-22 21:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2018-03-17 18:28 - 2017-08-23 23:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-03-17 18:28 - 2017-03-16 22:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-17 18:28 - 2017-02-15 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2018-03-17 18:28 - 2016-12-25 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2018-03-17 18:28 - 2016-12-03 03:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chief Architect
2018-03-17 18:28 - 2016-11-26 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-03-17 16:24 - 2016-11-26 00:07 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-03-17 16:24 - 2016-10-29 15:01 - 000000000 ____D C:\ProgramData\McAfee
2018-03-17 16:24 - 2016-10-29 15:01 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-03-17 16:09 - 2016-10-29 15:04 - 000000000 ____D C:\ProgramData\CyberLink
2018-03-17 15:56 - 2016-11-27 00:20 - 000000000 ____D C:\Users\Office-PC\AppData\LocalLow\Adblock Plus for IE
2018-03-17 15:35 - 2016-11-26 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-03-17 15:35 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-03-17 15:32 - 2018-01-09 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2018-03-17 15:32 - 2016-12-01 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2018-03-17 15:32 - 2016-10-29 15:14 - 000000000 ____D C:\ProgramData\OneKey Recovery
2018-03-17 15:32 - 2016-10-29 15:12 - 000000000 ____D C:\ProgramData\Lenovo
2018-03-17 15:32 - 2016-10-29 15:11 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-03-17 15:32 - 2016-10-29 15:08 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-03-17 15:32 - 2016-10-29 15:07 - 000000000 ____D C:\ProgramData\Intel
2018-03-17 15:32 - 2016-10-29 15:04 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2018-03-17 15:32 - 2016-10-29 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stagelight
2018-03-17 15:32 - 2016-10-29 15:04 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2018-03-17 15:32 - 2016-10-29 15:03 - 000000000 ____D C:\ProgramData\Temp
2018-03-17 15:32 - 2016-10-29 15:03 - 000000000 ____D C:\ProgramData\install_clap
2018-03-17 15:32 - 2016-10-29 15:01 - 000000000 ____D C:\Users\Default\AppData\Local\Host App Service
2018-03-17 15:32 - 2016-10-29 15:01 - 000000000 ____D C:\Users\Default User\AppData\Local\Host App Service
2018-03-17 15:31 - 2016-10-29 15:11 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-03-17 15:31 - 2016-10-29 15:10 - 000000000 ____D C:\Program Files (x86)\Genesyslogic
2018-03-17 15:31 - 2016-10-29 15:04 - 000000000 ____D C:\Program Files\Stagelight
2018-03-17 15:31 - 2016-10-29 15:04 - 000000000 ____D C:\Program Files (x86)\CyberLink
2018-03-17 15:31 - 2016-10-29 15:01 - 000000000 ____D C:\Program Files\Lenovo
2018-03-17 15:31 - 2016-10-29 15:01 - 000000000 ____D C:\Program Files (x86)\Lenovo
2018-03-17 15:31 - 2016-10-29 14:54 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-03-14 10:15 - 2017-09-29 08:41 - 000140800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 10:15 - 2017-09-29 08:41 - 000106496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-14 10:15 - 2017-09-29 08:40 - 000067584 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2018-03-11 21:41 - 2018-02-07 15:49 - 000000000 _____ C:\Recovery.txt
2018-03-11 18:29 - 2018-01-09 19:36 - 000000828 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2018-03-11 18:29 - 2018-01-09 19:36 - 000000828 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk

Some files in TEMP:
====================
2018-03-17 19:10 - 2018-03-17 19:10 - 021728328 _____ (SweetLabs,Inc.) C:\Users\Office-PC\AppData\Local\Temp\oct15D6.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-17 15:29
 

PanaMax

TS Rookie
And the Addition.txt:

Part I:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Office-PC (20-03-2018 21:07:01)
Running from E:\Users\Office-PC\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2018-03-17 20:37:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1460132598-1632162819-4137796141-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1460132598-1632162819-4137796141-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1460132598-1632162819-4137796141-1000 - Limited - Disabled)
Guest (S-1-5-21-1460132598-1632162819-4137796141-501 - Limited - Disabled)
Office-PC (S-1-5-21-1460132598-1632162819-4137796141-1003 - Administrator - Enabled) => C:\Users\Office-PC
WDAGUtilityAccount (S-1-5-21-1460132598-1632162819-4137796141-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.2.202 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CCSDK Customer Engagement Service (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.3.0.3 - Lenovo)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.01 - NVIDIA Corporation) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{68B3293E-612B-48B4-BC0F-4CCFBF83AB96}) (Version: 0.8.2.76 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.33 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.5.3.31 - Dolby Laboratories, Inc.)
EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11201 - Realtek Semiconductor Corp.)
Epson Event Manager (HKLM-x32\...\{006C8256-3855-43BF-8BA5-4B4C40F41F71}) (Version: 3.10.0065 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.02.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.1.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4463 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{bc883058-299e-461f-8e52-4f1dbb355f86}) (Version: 19.0.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kodi (HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\Kodi) (Version: - XBMC-Foundation)
Lenovo App Explorer (HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\Host App Service) (Version: 0.273.2.540 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.5222.01 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.062.00 - Lenovo)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7724 - Realtek Semiconductor Corp.)
Stagelight (HKLM\...\Stagelight) (Version: 2.4.6.5857 - Open Labs, LLC.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.18.0 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncApi64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-17] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-17] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2502b44bc436c53a\igfxDTCM.dll [2016-10-13] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-02-23] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-1460132598-1632162819-4137796141-1003: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers4_S-1-5-21-1460132598-1632162819-4137796141-1003: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers5_S-1-5-21-1460132598-1632162819-4137796141-1003: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
 

PanaMax

TS Rookie
Part II:


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15621EDA-D51F-4CA1-9E68-4C48C3C59634} - System32\Tasks\EPSON WF-3620 Series Update {33D7BEA6-1458-4CC9-817B-94359EA493F8} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {1AE53DE8-D5F7-4DB9-AA79-D5950A39A175} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-17] (AVAST Software)
Task: {2CE6577A-248A-40CF-AEFD-E4E1443B5BC0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation)
Task: {32C0DBDE-66CD-4B3F-AC50-71C4F887410E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {3674FEB5-F2A5-4C47-9A03-DC13C025C6E1} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {3C49FB90-E0BB-4D2B-B30E-481A6CA5CBDD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {3E1F8DA4-7B37-42E4-A344-9C73A7DFFCAB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {4111421B-349A-44FC-994D-02B1BB585AC7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation)
Task: {42C9871F-3CD2-4D20-8859-752F1FC7583C} - System32\Tasks\App Explorer => C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2018-01-11] (SweetLabs, Inc) <==== ATTENTION
Task: {4E0952F2-4A60-42C7-A957-DA25C1399461} - System32\Tasks\EPSON WF-3620 Series Invitation {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {4F45DAEE-845F-468E-87E7-78D9C28DCC79} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe [2018-03-17] (AVAST Software)
Task: {5C9138FE-9671-492B-848E-22DB5D464460} - System32\Tasks\Nvbackend => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {69DAC28A-8CB1-4DF1-BAE9-89D7DEA32985} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-04-22] (CyberLink Corp.)
Task: {6A5F2AD9-BC96-4B77-A8D4-E0CF2218E495} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-17] (Google Inc.)
Task: {6CABF2B8-2B80-4F42-A9F4-5FFE09797C79} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation)
Task: {6F1D14CD-221E-431D-AE69-AC15D93E1641} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-17] (Google Inc.)
Task: {6FDCEAC2-847A-4507-9AE0-5922F9806F2D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-17] (Microsoft Corporation)
Task: {7E7A262D-42FB-407D-A605-15E82A9D6BAC} - System32\Tasks\EPSON WF-3620 Series Update {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {AA5852BE-D37A-4FF4-A7A9-C2C96EBF3EDB} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe control iMControllerService 128
Task: {AD8545C6-977D-4389-B8E9-53E9A655001D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {ADC6B61A-0137-4BEA-82BB-816AD000B1B7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation)
Task: {BDA7EA88-E960-4374-9143-75BDBF21B0CE} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {C1064BFF-A2EC-42D8-8E49-212AF303CB86} - System32\Tasks\EPSON WF-3620 Series Invitation {33D7BEA6-1458-4CC9-817B-94359EA493F8} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {DF041948-048F-4B40-BAFE-BACE1B53D293} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1460132598-1632162819-4137796141-500 => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E1A1F336-8F0E-43C4-B429-B964BD9C20BB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {EA19BD20-31D5-44EE-8BE5-A882784F22D9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {F2DB682D-6ECA-4446-A418-536160057FCA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-17] (Microsoft Corporation)
Task: {FD0376F9-0DDF-41C0-8E97-2B357E1B6DC0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {33D7BEA6-1458-4CC9-817B-94359EA493F8}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {33D7BEA6-1458-4CC9-817B-94359EA493F8}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{33D7BEA6-1458-4CC9-817B-94359EA493F8} /F:UpdateWORKGROUP\LAPTOP-EJHII4NS$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438} /F:UpdateWORKGROUP\LAPTOP-EJHII4NS$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-17 19:11 - 2018-02-23 23:36 - 000543248 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2015-05-19 11:11 - 2015-05-19 11:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2018-03-14 10:14 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 10:14 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-11-13 20:51 - 2015-11-13 20:51 - 000629248 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-10-29 15:01 - 2016-10-29 15:01 - 000791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2016-10-29 15:01 - 2016-10-29 15:01 - 000097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2018-03-17 16:32 - 2018-03-17 16:32 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-17 16:32 - 2018-03-17 16:32 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-17 16:32 - 2018-03-17 16:32 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2016-10-29 15:01 - 2015-02-12 18:02 - 000224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2015-07-11 01:37 - 2015-07-11 01:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\Control Panel\Desktop\\Wallpaper -> E:\Users\Office-PC\Pictures\family1.jpg
DNS Servers: 4.2.2.2 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5811D62D-ADC9-4412-BE9C-057A938D18E2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{AD695FB8-31C6-4384-A8DF-9377F34D1936}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{43BAC8FB-F9BA-469D-BF48-9EB1CCA33C7F}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{596ACC43-0BF5-41CD-A5C3-8E948FB92DE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{30AD8126-4675-4919-BC91-B6397941D4FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3D96D2A3-6443-46A9-AA14-DC9DAB34CAF9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{97EDB29C-26A2-4F7D-9A93-1FC4C1A083A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3525B9B3-D1BE-447C-B80A-35BF77EF1D81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{EB2202F6-25EE-4109-BC5B-077C138E51C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{76B68E2C-AE45-4A1A-8D9F-D052257332C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B557DEDD-DAC3-40B8-A86B-8243A6A4C033}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{82DE186D-2449-4492-BBF6-05FC5EFE94CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{2DA3E1F3-696F-4FA1-B7EB-12F56638D7E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [TCP Query User{AC72CE39-4810-4505-B36C-E55EF38B01ED}E:\program files (x86)\kodi\kodi.exe] => (Allow) E:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{FF9D64C5-FFD3-47B2-AF1D-5916B1F12035}E:\program files (x86)\kodi\kodi.exe] => (Allow) E:\program files (x86)\kodi\kodi.exe
FirewallRules: [{C85533B8-F6A2-4096-8471-768B58BCC0A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3F86628C-CF76-4168-86E7-0A1BE7DFA94A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6B50F5A2-009C-4AB6-BE77-53BC27D1CB5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5F9FEABC-09E8-4ED5-A5D3-6C0195398414}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0C7C5D73-DCCB-44DA-8253-734D2F954F1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{605AF92C-EAC3-4314-B106-2E955C7EE522}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{10190A1A-7A63-41FA-9DB9-7FAA3C07A31D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0B66442D-DD25-4889-AB42-9AE4997729AB}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{8BF886F1-8D4F-469A-B52D-684D9A32D950}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{EC7462F2-C41A-43DE-941E-F8EF16FB2FCC}] => (Allow) C:\Users\Office-PC\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{2FAE8696-2A49-49AE-92C2-139FCD05612B}] => (Allow) C:\Users\Office-PC\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{2B49E3CF-AA56-4212-A827-AAAE0047FCAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 

PanaMax

TS Rookie
Part III:


==================== Restore Points =========================

17-03-2018 19:10:18 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
20-03-2018 14:52:05 Installed FAX Utility

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2018 07:51:14 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP-EJHII4NS)
Description: Application or service 'Microsoft Windows Search Protocol Host' could not be shut down.

Error: (03/17/2018 07:22:00 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/17/2018 06:56:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.16299.15, time stamp: 0x091f43e7
Faulting module name: ntdll.dll, version: 10.0.16299.248, time stamp: 0x3a21d961
Exception code: 0xc0000005
Fault offset: 0x00061bf4
Faulting process id: 0x3e74
Faulting application start time: 0x01d3be4b05a1fa21
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c8c6c905-5c71-46ee-936c-fc50790e6305
Faulting package full name:
Faulting package-relative application ID:

Error: (03/17/2018 04:32:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/17/2018 04:19:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcplui.exe, version: 8.1.940.0, time stamp: 0x5a9068b6
Faulting module name: NVCPL.DLL, version: 8.17.13.9101, time stamp: 0x5a90659f
Exception code: 0xc0000005
Fault offset: 0x000000000006f8af
Faulting process id: 0x2cc0
Faulting application start time: 0x01d3be35a662441c
Faulting application path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
Faulting module path: C:\WINDOWS\SYSTEM32\NVCPL.DLL
Report Id: 257ec189-2142-4ab7-8878-e56472b278c3
Faulting package full name:
Faulting package-relative application ID:

Error: (03/17/2018 04:19:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcplui.exe, version: 8.1.940.0, time stamp: 0x5a9068b6
Faulting module name: NVCPL.DLL, version: 8.17.13.9101, time stamp: 0x5a90659f
Exception code: 0xc0000005
Fault offset: 0x000000000006f8af
Faulting process id: 0x1504
Faulting application start time: 0x01d3be35a3c99b5f
Faulting application path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
Faulting module path: C:\WINDOWS\SYSTEM32\NVCPL.DLL
Report Id: 332ee15d-ab0c-4f5a-9a28-c68ff3e02645
Faulting package full name:
Faulting package-relative application ID:

Error: (03/17/2018 04:19:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcplui.exe, version: 8.1.940.0, time stamp: 0x5a9068b6
Faulting module name: NVCPL.DLL, version: 8.17.13.9101, time stamp: 0x5a90659f
Exception code: 0xc0000005
Fault offset: 0x000000000006f8af
Faulting process id: 0xf70
Faulting application start time: 0x01d3be35a28c5c09
Faulting application path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
Faulting module path: C:\WINDOWS\SYSTEM32\NVCPL.DLL
Report Id: 5de0b42b-32b9-4f20-9de4-b8a875106454
Faulting package full name:
Faulting package-relative application ID:

Error: (03/17/2018 04:19:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcplui.exe, version: 8.1.940.0, time stamp: 0x5a9068b6
Faulting module name: NVCPL.DLL, version: 8.17.13.9101, time stamp: 0x5a90659f
Exception code: 0xc0000005
Fault offset: 0x000000000006f8af
Faulting process id: 0xefc
Faulting application start time: 0x01d3be359eeb3cbf
Faulting application path: C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
Faulting module path: C:\WINDOWS\SYSTEM32\NVCPL.DLL
Report Id: 6b0767f0-cf8a-41d9-b89d-2681e80ee331
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (03/20/2018 09:01:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 09:01:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 09:01:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 09:01:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 09:01:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 09:01:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 09:01:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ImControllerInstallerService service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/20/2018 09:01:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ImControllerService service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================

Date: 2018-03-20 20:50:55.714
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-20 20:50:55.702
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-20 20:50:55.621
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-20 20:50:55.608
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-18 11:11:42.737
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-18 11:11:42.725
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-18 11:11:42.670
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-18 11:11:42.657
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 17%
Total physical RAM: 16178.86 MB
Available physical RAM: 13374.99 MB
Total Virtual: 19122.86 MB
Available Virtual: 16308.15 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:198.36 GB) (Free:132.66 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:24.98 GB) (Free:6.91 GB) NTFS
Drive e: (DATA) (Fixed) (Total:931.39 GB) (Free:270.08 GB) NTFS

\\?\Volume{ed978276-3d45-450b-a8d9-ae9d612502d5}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{32e5ed24-e21f-4d01-a4b8-d3d1d90f64f5}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.52 GB) NTFS
\\?\Volume{295fd687-c8f8-4835-88a8-cadecb015446}\ (LENOVO_PART) (Fixed) (Total:12.92 GB) (Free:0.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6F982EE4)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: DC2798CC)

Partition: GPT.

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================

So far I don't see much there...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

PanaMax

TS Rookie
RogueKiller V12.12.9.0 (x64) [Mar 19 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Office-PC [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/20/2018 21:59:01 (Duration : 00:15:01)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Host App Service -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Host App Service -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Host App Service -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Host App Service -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5f4d51a6-e1a8-44c1-9875-156cefaa9102} | DhcpNameServer : 172.168.123.2 ([United States]) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EC7462F2-C41A-43DE-941E-F8EF16FB2FCC} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Office-PC\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FAE8696-2A49-49AE-92C2-139FCD05612B} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Office-PC\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 5 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Host App Service -> Deleted
[PUP.Gen1][File] E:\Users\Office-PC\AppData\Roaming\microsoft\Windows\start menu\Programs\Lenovo App Explorer.lnk [LNK@] C:\Users\OFFICE~1\AppData\Local\HOSTAP~1\Engine\HOSTAP~1.EXE /OPEN"defd46ddcae7ce35ae9673132f9cf2200f2f1563" -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service -> Removed at reboot [91]
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\.defaultRegistry -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\analytics.db -> Removed at reboot [20]
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Apps\48f805ed6f2dfa6c212a004a4f1ad09fa37acf90.pokki -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Apps\installed_apps.db -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\Apps -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppService.exe -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppService.VisualElementsManifest.xml -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppServiceInterface.exe -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppServiceUpdateManager.exe -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe -> Removed at reboot [5]
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\Lenovo.Account.SSO.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\LenovoIdSSO.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\LenovoIdSSOWrapper.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\MahApps.Metro.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\Newtonsoft.Json.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\NLog.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\SLTool.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\SLToolWrapper.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\startmenu\TileLogo_150.png -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\startmenu\TileLogo_70.png -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\startmenu -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\System.Windows.Interactivity.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\vcruntime140.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\WebAppHelper.exe -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\Engine -> Removed at reboot [91]
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\engine_update.db -> Removed at reboot [20]
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\IconCache\persistent\App Explorer.ico -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\IconCache\persistent\Lenovo App Explorer.ico -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\IconCache\persistent -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\IconCache -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\Setup -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Uninstall.exe -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Host App Service -> ERROR [3]
[PUP.Gen1][File] E:\Users\Office-PC\AppData\Roaming\microsoft\Windows\start menu\Programs\Lenovo App Explorer.lnk [LNK@] C:\Users\OFFICE~1\AppData\Local\HOSTAP~1\Engine\HOSTAP~1.EXE /OPEN"defd46ddcae7ce35ae9673132f9cf2200f2f1563" -> Removed at reboot [2]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZVLW256HEHP-000L2 +++++
--- User ---
[MBR] d169abe244e5263dc30485b844090e57
[BSP] ce396416122fa714082da69d115e30dc : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 203117 MB
3 - Basic data partition | Offset (sectors): 416550912 | Size: 25575 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 468928512 | Size: 1000 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 470976512 | Size: 13229 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 498069504 | Size: 1000 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: WDC WD10SPCX-24HWST1 +++++
--- User ---
[MBR] 0260806bf592c79354058e6751a63907
[BSP] b2606f7b16bd7857f40d76421806b17f : Empty|VT.Unknown MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
User = LL1 ... OK
User = LL2 ... OK
 

PanaMax

TS Rookie
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/20/18
Scan Time: 10:18 PM
Log File: 8f181576-2cb6-11e8-92bd-54ee75b5f710.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4430
License: Trial

-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: LAPTOP-EJHII4NS\Office-PC

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316909
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 0 min, 37 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 

PanaMax

TS Rookie
RogueKiller V12.12.9.0 (x64) [Mar 19 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Office-PC [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/20/2018 21:59:01 (Duration : 00:15:01)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Host App Service -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Host App Service -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Host App Service -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Host App Service -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\RK_Office-PC_ON_E_1629\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo17win10.msn.com/?pc=LCTE -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5f4d51a6-e1a8-44c1-9875-156cefaa9102} | DhcpNameServer : 172.168.123.2 ([United States]) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EC7462F2-C41A-43DE-941E-F8EF16FB2FCC} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Office-PC\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2FAE8696-2A49-49AE-92C2-139FCD05612B} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Office-PC\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 5 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\Host App Service -> Deleted
[PUP.Gen1][File] E:\Users\Office-PC\AppData\Roaming\microsoft\Windows\start menu\Programs\Lenovo App Explorer.lnk [LNK@] C:\Users\OFFICE~1\AppData\Local\HOSTAP~1\Engine\HOSTAP~1.EXE /OPEN"defd46ddcae7ce35ae9673132f9cf2200f2f1563" -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service -> Removed at reboot [91]
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\.defaultRegistry -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\analytics.db -> Removed at reboot [20]
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Apps\48f805ed6f2dfa6c212a004a4f1ad09fa37acf90.pokki -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Apps\installed_apps.db -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\Apps -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppService.exe -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppService.VisualElementsManifest.xml -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppServiceInterface.exe -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppServiceUpdateManager.exe -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe -> Removed at reboot [5]
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\Lenovo.Account.SSO.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\LenovoIdSSO.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\LenovoIdSSOWrapper.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\MahApps.Metro.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\Newtonsoft.Json.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\NLog.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\SLTool.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\SLToolWrapper.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\startmenu\TileLogo_150.png -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\startmenu\TileLogo_70.png -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\startmenu -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\System.Windows.Interactivity.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\vcruntime140.dll -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Engine\WebAppHelper.exe -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\Engine -> Removed at reboot [91]
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\engine_update.db -> Removed at reboot [20]
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\IconCache\persistent\App Explorer.ico -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\IconCache\persistent\Lenovo App Explorer.ico -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\IconCache\persistent -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\IconCache -> Deleted
[PUP.Gen1][Folder] C:\Users\Office-PC\AppData\Local\Host App Service\Setup -> Deleted
[PUP.Gen1][File] C:\Users\Office-PC\AppData\Local\Host App Service\Uninstall.exe -> Deleted
[PUP.Gen1][Folder] C:\ProgramData\Host App Service -> ERROR [3]
[PUP.Gen1][File] E:\Users\Office-PC\AppData\Roaming\microsoft\Windows\start menu\Programs\Lenovo App Explorer.lnk [LNK@] C:\Users\OFFICE~1\AppData\Local\HOSTAP~1\Engine\HOSTAP~1.EXE /OPEN"defd46ddcae7ce35ae9673132f9cf2200f2f1563" -> Removed at reboot [2]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZVLW256HEHP-000L2 +++++
--- User ---
[MBR] d169abe244e5263dc30485b844090e57
[BSP] ce396416122fa714082da69d115e30dc : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 203117 MB
3 - Basic data partition | Offset (sectors): 416550912 | Size: 25575 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 468928512 | Size: 1000 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 470976512 | Size: 13229 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 498069504 | Size: 1000 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: WDC WD10SPCX-24HWST1 +++++
--- User ---
[MBR] 0260806bf592c79354058e6751a63907
[BSP] b2606f7b16bd7857f40d76421806b17f : Empty|VT.Unknown MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
User = LL1 ... OK
User = LL2 ... OK
 

PanaMax

TS Rookie
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/20/18
Scan Time: 10:18 PM
Log File: 8f181576-2cb6-11e8-92bd-54ee75b5f710.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4430
License: Trial

-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: LAPTOP-EJHII4NS\Office-PC

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316909
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 0 min, 37 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 

PanaMax

TS Rookie
# AdwCleaner 7.0.8.0 - Logfile created on Wed Mar 21 03:24:21 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Administrator\AppData\Local\Host App Service
Deleted: C:\Users\Default\AppData\Local\Host App Service
Deleted: C:\Users\Default User\AppData\Local\Host App Service
Deleted: C:\Users\Office-PC\AppData\Local\Host App Service
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: App Explorer


***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d1o5u7ifbz3swt.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\land.pckeeper.software
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pckeeper.software
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\winamp.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dns-jumper.en.softonic.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Deleted: [Key] - HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Host App Service
Deleted: [Key] - HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted: [Key] - HKCU\Software\Host App Service
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2368 B] - [2018/3/21 3:23:24]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

PanaMax

TS Rookie
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Office-PC (administrator) on LAPTOP-EJHII4NS (20-03-2018 22:49:40)
Running from E:\Users\Office-PC\Desktop\B.S.O.D
Loaded Profiles: Office-PC (Available Profiles: Office-PC & Administrator)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2502b44bc436c53a\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
(Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2502b44bc436c53a\igfxEM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18368504 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485304 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485304 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485304 2017-04-13] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [629248 2015-11-13] ()
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-10-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4180056 2017-05-08] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [245608 2018-03-17] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-02-16] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-02-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\Run: [GUDelayStartup] => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\RunOnce: [Uninstall C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64"
HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\RunOnce: [Uninstall C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 4.2.2.2 8.8.8.8 208.67.222.222
Tcpip\..\Interfaces\{5f4d51a6-e1a8-44c1-9875-156cefaa9102}: [DhcpNameServer] 172.168.123.2
Tcpip\..\Interfaces\{89bc9e5d-b31d-4220-961b-e4ef8ee4820a}: [DhcpNameServer] 4.2.2.2 8.8.8.8 208.67.222.222

Internet Explorer:
==================
HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003 -> DefaultScope {3F6E2D0C-6E41-4D63-8AF1-652A7ECE420E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003 -> {3E92244C-4811-414A-9125-6430DFC961CB} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003 -> {3F6E2D0C-6E41-4D63-8AF1-652A7ECE420E} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003 -> {E9527294-7732-4F9C-A66E-36B41BE5E442} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-17] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-17] (Microsoft Corporation)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1232202.dll [2018-03-09] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-17] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default [2018-03-20]
CHR Extension: (Docs) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-18]
CHR Extension: (Google Drive) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-27]
CHR Extension: (YouTube) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-27]
CHR Extension: (Google Docs Offline) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-18]
CHR Extension: (Gmail) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\Office-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7556704 2018-03-17] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [303728 2018-03-17] (AVAST Software)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [666608 2016-03-22] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [194048 2017-04-10] (Dolby Laboratories, Inc.)
R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (Seiko Epson Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1210352 2016-03-22] (Lenovo)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] ()
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519240 2018-01-10] (NVIDIA Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258648 2017-05-08] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel® Corporation)
S2 ImControllerInstallerService; "X:\windows\System32\ImController.InfInstaller.exe" [X]
S2 ImControllerService; "X:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" [X]
S4 McProxy; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196648 2018-03-17] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-17] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-17] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-17] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-17] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-03-17] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146656 2018-03-17] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-03-17] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-03-17] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-03-17] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-03-17] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-03-17] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380528 2018-03-17] (AVAST Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [115704 2015-07-15] (GenesysLogic)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-20] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-20] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-20] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-20] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-20] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_172f5564dac9e735\nvlddmkm.sys [17524720 2018-02-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30280 2018-01-10] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [26696 2018-01-10] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57928 2018-01-10] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-08-19] (Realtek )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3119872 2016-06-07] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [60504 2017-05-08] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [64088 2017-05-08] (Synaptics Incorporated)
S3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [48296 2015-07-23] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 

PanaMax

TS Rookie
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-20 22:22 - 2018-03-20 22:24 - 000000000 ____D C:\AdwCleaner
2018-03-20 22:18 - 2018-03-20 22:18 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-20 22:18 - 2018-03-20 22:18 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-20 22:18 - 2018-03-20 22:18 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-20 22:18 - 2018-03-20 22:18 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-20 22:18 - 2018-03-20 22:18 - 000045960 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-20 21:59 - 2018-03-20 21:59 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-20 21:58 - 2018-03-20 22:17 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-20 21:58 - 2018-03-20 21:58 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-03-20 21:58 - 2018-03-20 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-03-20 21:57 - 2018-03-20 21:58 - 000000000 ____D C:\Program Files\RogueKiller
2018-03-20 21:06 - 2018-03-20 22:49 - 000000000 ____D C:\FRST
2018-03-20 14:56 - 2018-03-20 14:56 - 000000000 _____ C:\WINDOWS\eeventmanager.INI
2018-03-20 14:53 - 2018-03-20 14:56 - 000000951 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}.job
2018-03-20 14:53 - 2018-03-20 14:56 - 000000765 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}.job
2018-03-20 14:53 - 2018-03-20 14:53 - 000004150 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Update {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}
2018-03-20 14:53 - 2018-03-20 14:53 - 000003972 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Invitation {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}
2018-03-20 14:51 - 2018-03-20 14:52 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2018-03-20 14:51 - 2018-03-20 14:51 - 000000000 ____D C:\Program Files\EpsonNet
2018-03-20 14:50 - 2018-03-20 14:51 - 000001014 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2018-03-20 14:50 - 2018-03-20 14:51 - 000000000 ____D C:\Program Files (x86)\epson
2018-03-20 14:50 - 2012-07-24 00:00 - 000466432 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esxw2ud.dll
2018-03-20 14:50 - 2012-05-17 00:00 - 000144560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc64.exe
2018-03-20 14:50 - 2010-11-22 13:27 - 000147472 _____ (TWAIN Working Group) C:\WINDOWS\SysWOW64\twaindsm.dll
2018-03-20 14:32 - 2018-03-20 14:56 - 000000951 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {33D7BEA6-1458-4CC9-817B-94359EA493F8}.job
2018-03-20 14:32 - 2018-03-20 14:56 - 000000765 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {33D7BEA6-1458-4CC9-817B-94359EA493F8}.job
2018-03-20 14:32 - 2018-03-20 14:54 - 000000000 ____D C:\ProgramData\EPSON
2018-03-20 14:32 - 2018-03-20 14:32 - 000004150 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Update {33D7BEA6-1458-4CC9-817B-94359EA493F8}
2018-03-20 14:32 - 2018-03-20 14:32 - 000003972 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Invitation {33D7BEA6-1458-4CC9-817B-94359EA493F8}
2018-03-20 14:32 - 2018-03-20 14:32 - 000000000 ____D C:\Program Files\Common Files\EPSON
2018-03-17 19:27 - 2018-03-20 20:40 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-17 19:27 - 2018-03-20 20:40 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-17 19:26 - 2018-03-17 19:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-17 19:26 - 2018-03-17 19:26 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-03-17 19:26 - 2018-03-17 19:26 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-03-17 19:23 - 2018-03-17 19:23 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-17 19:23 - 2018-03-17 19:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-17 19:23 - 2018-03-17 19:23 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-17 19:23 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-17 19:21 - 2018-03-17 19:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-17 19:21 - 2018-03-17 19:21 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-17 19:21 - 2018-03-17 19:21 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-17 19:21 - 2018-03-17 19:21 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-03-17 19:21 - 2018-03-17 19:21 - 000002878 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-03-17 19:21 - 2018-03-17 19:21 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-17 19:21 - 2018-03-17 19:21 - 000000000 ____D C:\Program Files\CCleaner
2018-03-17 19:11 - 2018-03-17 19:11 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-17 19:11 - 2018-03-17 19:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-03-17 19:11 - 2018-03-17 19:11 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-03-17 19:11 - 2018-02-23 14:28 - 000136536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-03-17 19:11 - 2018-02-23 14:22 - 005953096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 002587992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 001768008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 000633984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 000451144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 000147904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 000122896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-03-17 19:11 - 2018-02-23 14:22 - 000081752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-03-17 19:11 - 2018-02-16 09:48 - 008083703 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-03-17 19:11 - 2018-01-10 09:29 - 002424904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-03-17 19:11 - 2018-01-10 09:29 - 002090056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-03-17 19:11 - 2018-01-10 09:28 - 001309256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-03-17 19:11 - 2018-01-10 04:41 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-03-17 19:11 - 2017-12-13 14:25 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-03-17 19:11 - 2017-12-08 17:25 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-03-17 19:11 - 2017-12-08 17:25 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-03-17 19:11 - 2017-12-08 17:24 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-03-17 19:11 - 2017-12-08 17:24 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-03-17 19:05 - 2018-03-17 19:05 - 000000000 ____D C:\NVIDIA
2018-03-17 18:56 - 2018-03-17 18:56 - 000000000 ____D C:\Users\Office-PC\AppData\Local\DBG
2018-03-17 18:55 - 2018-03-17 18:55 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2018-03-17 18:54 - 2018-03-17 19:27 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-17 18:54 - 2018-03-17 19:26 - 000000000 ____D C:\ProgramData\Adobe
2018-03-17 18:54 - 2018-03-17 18:54 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-17 18:53 - 2018-03-17 18:54 - 000000000 ____D C:\ProgramData\Oracle
2018-03-17 18:53 - 2018-03-17 18:53 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-03-17 18:53 - 2018-03-17 18:53 - 000000000 ____D C:\Program Files (x86)\Java
2018-03-17 18:40 - 2018-03-17 18:40 - 000000020 ___SH C:\Users\Office-PC\ntuser.ini
2018-03-17 18:28 - 2018-03-19 18:32 - 000000000 ____D C:\Windows.old
2018-03-17 18:28 - 2018-03-17 18:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-03-17 18:28 - 2018-03-17 18:28 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-03-17 18:28 - 2018-03-17 15:37 - 000000000 ____D C:\WINDOWS\Panther
2018-03-17 18:28 - 2015-04-28 13:06 - 000043256 _____ C:\WINDOWS\system32\oemlogo.bmp
2018-03-17 18:27 - 2018-03-17 18:27 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-03-17 18:26 - 2018-03-17 18:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2018-03-17 18:26 - 2018-03-17 18:26 - 000000000 ____D C:\Program Files\Synaptics
2018-03-17 18:25 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\Setup
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-03-17 18:24 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ___RD C:\WINDOWS\WebManagement
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
 

PanaMax

TS Rookie
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\OCR
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\Program Files\MSBuild
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-03-17 18:24 - 2018-03-17 18:24 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\0409
2018-03-17 18:23 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-03-17 18:22 - 2018-03-02 16:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-17 18:22 - 2018-03-02 16:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-17 18:21 - 2018-03-20 22:13 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-03-17 18:21 - 2018-03-20 14:51 - 000000000 ___RD C:\Program Files (x86)
2018-03-17 18:21 - 2018-03-19 16:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-17 18:21 - 2018-03-18 15:19 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-17 18:21 - 2018-03-18 15:18 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-17 18:21 - 2018-03-18 04:37 - 000000000 ____D C:\WINDOWS\appcompat
2018-03-17 18:21 - 2018-03-17 19:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-17 18:21 - 2018-03-17 19:35 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-03-17 18:21 - 2018-03-17 19:11 - 000000000 ____D C:\WINDOWS\Help
2018-03-17 18:21 - 2018-03-17 18:55 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-03-17 18:21 - 2018-03-17 18:28 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-03-17 18:21 - 2018-03-17 18:28 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\Provisioning
2018-03-17 18:21 - 2018-03-17 18:25 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-03-17 18:21 - 2018-03-17 18:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\setup
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\system32\com
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\IME
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\Program Files\Common Files\system
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-03-17 18:21 - 2018-03-17 18:23 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 __RSD C:\WINDOWS\media
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Web
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Vss
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\tracing
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\TAPI
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SystemResources
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SystemApps
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\ras
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\IME
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\ias
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\System
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SKB
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\security
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\schemas
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\SchCache
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Resources
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\rescache
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\PLA
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Performance
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\InputMethod
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Globalization
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Cursors
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\Branding
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\addins
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files\Windows Security
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files\windows nt
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files\Common Files\Services
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-03-17 18:21 - 2018-03-17 18:21 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-03-17 18:21 - 2018-03-17 18:20 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-03-17 18:21 - 2018-03-17 18:20 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-03-17 18:21 - 2018-03-17 18:20 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-03-17 18:21 - 2018-03-17 18:20 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-03-17 18:21 - 2018-03-17 18:20 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-03-17 18:21 - 2018-03-17 18:20 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2018-03-17 18:21 - 2018-03-17 18:20 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-03-17 18:21 - 2018-03-17 18:20 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-03-17 18:21 - 2018-03-17 18:20 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-03-17 18:21 - 2018-03-17 18:20 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-03-17 18:21 - 2018-03-17 15:39 - 000000000 ____D C:\ProgramData\USOPrivate
2018-03-17 18:21 - 2018-03-17 15:37 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-17 18:21 - 2018-03-17 15:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-03-17 18:21 - 2018-03-17 15:36 - 000000000 ____D C:\WINDOWS\Registration
2018-03-17 18:21 - 2018-03-17 15:35 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-17 18:21 - 2018-03-17 15:35 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-03-17 18:21 - 2018-03-17 15:32 - 000000000 ____D C:\WINDOWS\system32\spool
2018-03-17 18:21 - 2018-03-17 15:31 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-03-17 18:21 - 2018-03-17 15:30 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-03-17 18:21 - 2018-03-17 15:30 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-03-17 18:21 - 2018-03-17 15:29 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-03-17 18:20 - 2018-03-20 14:51 - 000000000 ____D C:\WINDOWS\INF
2018-03-17 18:17 - 2018-03-20 22:24 - 096993280 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-03-17 18:17 - 2018-03-20 22:24 - 064749568 _____ C:\WINDOWS\system32\config\SYSTEM
2018-03-17 18:17 - 2018-03-20 22:24 - 001835008 _____ C:\WINDOWS\system32\config\DEFAULT
2018-03-17 18:17 - 2018-03-20 22:24 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-17 18:17 - 2018-03-20 22:24 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY
2018-03-17 18:17 - 2018-03-17 18:28 - 000028672 _____ C:\WINDOWS\system32\config\SAM
2018-03-17 18:17 - 2018-03-17 18:23 - 000000000 ____D C:\WINDOWS\servicing
2018-03-17 18:17 - 2018-03-17 18:21 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-03-17 18:17 - 2018-03-17 16:21 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-17 18:17 - 2018-03-17 16:09 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-17 18:16 - 2018-03-17 18:28 - 000000000 ___HD C:\$SysReset
2018-03-17 17:11 - 2018-03-17 17:11 - 000001122 _____ C:\Users\Administrator\Desktop\Kodi.lnk
2018-03-17 17:06 - 2018-03-17 17:06 - 000943806 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-03-17 17:04 - 2018-03-17 17:05 - 000002047 _____ C:\Users\Administrator\Desktop\Pictures.lnk
2018-03-17 17:03 - 2018-03-17 17:03 - 000001200 _____ C:\Users\Administrator\Desktop\Downloads.lnk
2018-03-17 17:02 - 2018-03-17 17:03 - 000002054 _____ C:\Users\Administrator\Desktop\Documents.lnk
2018-03-17 17:01 - 2018-03-17 17:01 - 000001252 _____ C:\Users\Administrator\Desktop\DnsJumper.lnk
2018-03-17 17:00 - 2018-03-17 17:00 - 000001113 _____ C:\Users\Administrator\Desktop\Games.lnk
2018-03-17 16:32 - 2018-03-17 16:32 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-03-17 16:32 - 2018-03-17 16:32 - 000380528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000196648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000146656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-03-17 16:32 - 2018-03-17 16:32 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-03-17 16:32 - 2018-03-17 16:32 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-03-17 16:32 - 2018-03-17 16:32 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
 

PanaMax

TS Rookie
2018-03-17 16:32 - 2018-03-17 16:32 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-03-17 16:32 - 2018-03-17 16:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF
2018-03-17 16:32 - 2018-03-17 16:32 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-03-17 16:26 - 2018-03-17 16:26 - 000000000 ____D C:\Program Files\AVAST Software
2018-03-17 16:25 - 2018-03-17 17:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2018-03-17 16:22 - 2018-03-17 16:32 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-17 16:19 - 2018-03-17 16:19 - 000000000 ____D C:\Users\Administrator\AppData\Local\DBG
2018-03-17 16:09 - 2018-03-17 16:09 - 000000000 ____D C:\Users\Administrator\AppData\Local\CyberLink
2018-03-17 15:43 - 2018-03-17 15:43 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2018-03-17 15:40 - 2018-03-20 22:30 - 001161074 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-17 15:40 - 2018-03-17 15:40 - 000003392 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1460132598-1632162819-4137796141-500
2018-03-17 15:39 - 2018-03-17 15:40 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-03-17 15:39 - 2018-03-17 15:39 - 000000000 ____D C:\ProgramData\USOShared
2018-03-17 15:39 - 2018-03-17 15:39 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-03-17 15:38 - 2018-03-17 15:38 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2018-03-17 15:38 - 2018-03-17 15:38 - 000000000 ____D C:\Users\Public\Lenovo App Explorer
2018-03-17 15:38 - 2018-03-17 15:38 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2018-03-17 15:37 - 2018-03-17 16:39 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-03-17 15:37 - 2018-03-17 16:35 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-03-17 15:37 - 2018-03-17 15:37 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-03-17 15:37 - 2018-03-17 15:37 - 000000000 _SHDL C:\Users\Default User
2018-03-17 15:37 - 2018-03-17 15:37 - 000000000 _SHDL C:\Users\All Users
2018-03-17 15:37 - 2018-03-17 15:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-03-17 15:36 - 2018-03-20 22:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-17 15:36 - 2018-03-17 15:36 - 000002206 _____ C:\WINDOWS\System32\Tasks\Nvbackend
2018-03-17 15:36 - 2018-03-17 15:36 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2018-03-17 15:36 - 2018-03-17 15:36 - 000000000 ____D C:\WINDOWS\System32\Tasks\CyberLink
2018-03-17 15:35 - 2018-03-17 15:35 - 000025542 _____ C:\Users\Office-PC\Desktop\Removed Apps.html
2018-03-17 15:35 - 2018-03-17 15:35 - 000024304 _____ C:\Users\Administrator\Desktop\Removed Apps.html
2018-03-17 15:35 - 2018-03-17 15:35 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-03-17 15:34 - 2018-03-19 22:31 - 000000000 ____D C:\Users\Office-PC
2018-03-17 15:34 - 2018-03-17 16:36 - 000000000 ____D C:\Users\Administrator
2018-03-17 15:33 - 2018-03-17 15:33 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-17 15:31 - 2018-03-17 15:31 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-03-17 15:30 - 2018-03-20 22:25 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-17 15:30 - 2018-03-17 19:11 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-03-17 15:30 - 2018-03-17 19:11 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-17 15:30 - 2018-03-17 15:31 - 000000000 ____D C:\Program Files\Intel
2018-03-17 15:30 - 2018-03-17 15:31 - 000000000 ____D C:\Program Files (x86)\Intel
2018-03-17 15:30 - 2018-03-17 15:30 - 000000102 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2018-03-17 15:30 - 2018-03-17 15:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-03-17 15:30 - 2018-03-17 15:30 - 000000000 ____D C:\ProgramData\Dolby
2018-03-17 15:30 - 2018-03-17 15:30 - 000000000 ____D C:\Program Files\Dolby
2018-03-17 15:30 - 2018-03-17 15:30 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-03-17 15:30 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-03-17 15:30 - 2016-10-13 10:34 - 000113688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-03-17 15:30 - 2016-10-13 10:34 - 000104472 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-03-17 15:29 - 2018-03-20 21:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-17 15:29 - 2018-03-17 15:34 - 000222608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-17 15:29 - 2018-03-17 15:32 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-03-17 15:29 - 2018-03-17 15:32 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-03-17 15:29 - 2018-03-17 15:29 - 000292344 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-03-17 15:29 - 2018-03-17 15:29 - 000000000 ____D C:\Program Files\Realtek
2018-03-17 14:46 - 2018-02-25 22:46 - 000997736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-03-17 14:46 - 2018-02-25 22:46 - 000949280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-03-17 14:46 - 2018-02-25 22:46 - 000625696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-03-17 14:46 - 2018-02-25 22:46 - 000516128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 019854816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 016496072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 013571008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 011131688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 004317160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 003717432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 001985384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439101.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 001684000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439101.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 001136944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-03-17 14:46 - 2018-02-25 22:44 - 001065880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 040277488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 035188640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 001345944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 001153752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 000902280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 000811992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-03-17 14:46 - 2018-02-25 22:43 - 000650424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-03-17 14:46 - 2018-02-25 22:42 - 012966216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-03-17 14:46 - 2018-02-25 22:42 - 011000480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-03-17 14:46 - 2018-02-25 22:42 - 004630848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-03-17 14:46 - 2018-02-25 22:42 - 003938208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-03-17 14:46 - 2018-02-25 22:42 - 001061352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-03-17 14:46 - 2018-02-23 23:36 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2018-03-17 14:46 - 2018-01-10 09:31 - 001730120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2018-03-17 14:46 - 2018-01-10 09:31 - 000026696 ____N (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\nvswcfilter.sys
2018-03-17 14:46 - 2018-01-10 09:25 - 000057928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-03-17 14:46 - 2017-12-14 21:03 - 000059240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-03-17 14:06 - 2018-03-17 14:06 - 000000000 ___HD C:\Users\Office-PC\MicrosoftEdgeBackups
2018-03-16 22:19 - 2018-03-02 08:40 - 000425200 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2018-03-16 22:19 - 2018-03-02 08:40 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-03-16 22:19 - 2018-03-02 08:40 - 000053488 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-03-14 10:15 - 2018-03-01 02:40 - 002514936 ____N (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-14 10:15 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 10:15 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 10:15 - 2018-03-01 02:29 - 000733592 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-14 10:15 - 2018-03-01 02:23 - 000749976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-14 10:15 - 2018-03-01 02:17 - 002710736 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-14 10:15 - 2018-03-01 02:17 - 000408984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-14 10:15 - 2018-03-01 02:15 - 002574232 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-14 10:15 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 10:15 - 2018-03-01 02:14 - 000147872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-14 10:15 - 2018-03-01 02:11 - 000093600 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-14 10:15 - 2018-03-01 02:10 - 000075168 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 10:15 - 2018-03-01 01:48 - 001930736 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-14 10:15 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-14 10:15 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 10:15 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-14 10:15 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-14 10:15 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-14 10:15 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-14 10:15 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-14 10:15 - 2018-03-01 01:03 - 000471552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-14 10:15 - 2018-03-01 01:03 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-14 10:15 - 2018-03-01 01:03 - 000162304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-14 10:15 - 2018-03-01 01:03 - 000065536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-14 10:15 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-14 10:15 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-14 10:15 - 2018-03-01 01:01 - 000155648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-14 10:15 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-14 10:15 - 2018-03-01 00:58 - 000459776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-14 10:15 - 2018-03-01 00:57 - 000369152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-14 10:15 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-14 10:15 - 2018-03-01 00:56 - 000559104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-14 10:15 - 2018-03-01 00:54 - 003664384 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-14 10:15 - 2018-03-01 00:54 - 000665088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-14 10:15 - 2018-03-01 00:54 - 000463360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-14 10:15 - 2018-03-01 00:53 - 000536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-14 10:15 - 2018-03-01 00:53 - 000056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 10:15 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-14 10:15 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-14 10:15 - 2018-03-01 00:51 - 000034816 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-14 10:15 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-14 10:15 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-14 10:15 - 2018-03-01 00:49 - 000529408 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-14 10:15 - 2018-03-01 00:48 - 000431616 ____N (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-14 10:15 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-14 10:15 - 2018-03-01 00:46 - 000770048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-14 10:15 - 2018-03-01 00:45 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 10:15 - 2018-03-01 00:45 - 000594944 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-14 10:15 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 10:15 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-14 10:15 - 2018-03-01 00:42 - 002084352 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-14 10:15 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-14 10:15 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-14 10:15 - 2018-03-01 00:41 - 003334144 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-14 10:15 - 2018-03-01 00:41 - 001548288 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-14 10:15 - 2018-03-01 00:41 - 000812032 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-14 10:15 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-14 10:15 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 10:15 - 2018-03-01 00:39 - 000899584 ____N (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-14 10:15 - 2018-03-01 00:39 - 000666624 ____N (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-14 10:15 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-14 10:15 - 2018-03-01 00:38 - 000726016 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-14 10:15 - 2018-02-21 21:13 - 000279456 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-14 10:15 - 2018-02-21 21:13 - 000077216 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-14 10:15 - 2018-02-21 21:11 - 000109984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-14 10:15 - 2018-02-21 21:10 - 000285080 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-14 10:15 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-14 10:15 - 2018-02-21 21:08 - 000571288 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-14 10:15 - 2018-02-21 21:03 - 000082848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-14 10:15 - 2018-02-21 21:02 - 000149400 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-14 10:15 - 2018-02-21 21:00 - 000187296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-14 10:15 - 2018-02-21 20:54 - 000437144 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-14 10:15 - 2018-02-21 20:52 - 000103328 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-14 10:15 - 2018-02-21 20:51 - 000555424 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-14 10:15 - 2018-02-21 20:51 - 000045472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-14 10:15 - 2018-02-21 20:50 - 000362904 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-14 10:15 - 2018-02-21 19:31 - 000057344 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-14 10:15 - 2018-02-21 19:30 - 000192512 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-14 10:15 - 2018-02-21 19:30 - 000046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-14 10:15 - 2018-02-21 19:26 - 001015296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-03-14 10:14 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 10:14 - 2018-03-01 22:02 - 000037888 ____N C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 10:14 - 2018-03-01 22:01 - 000640000 ____N (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 10:14 - 2018-03-01 22:00 - 000329728 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 10:14 - 2018-03-01 22:00 - 000248320 ____N (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-14 10:14 - 2018-03-01 22:00 - 000230912 ____N (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 10:14 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-14 10:14 - 2018-03-01 21:56 - 000267776 ____N (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2018-03-14 10:14 - 2018-03-01 15:28 - 000181760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-14 10:14 - 2018-03-01 02:50 - 000270744 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-14 10:14 - 2018-03-01 02:49 - 000389536 ____N (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-14 10:14 - 2018-03-01 02:48 - 000664472 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-14 10:14 - 2018-03-01 02:47 - 000749464 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-14 10:14 - 2018-03-01 02:47 - 000035224 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 10:14 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-14 10:14 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-14 10:14 - 2018-03-01 02:46 - 000609176 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-14 10:14 - 2018-03-01 02:46 - 000138144 ____N (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 10:14 - 2018-03-01 02:45 - 000070040 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 10:14 - 2018-03-01 02:40 - 000461720 ____N (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-14 10:14 - 2018-03-01 02:40 - 000273304 ____N (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-14 10:14 - 2018-03-01 02:30 - 000540064 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-14 10:14 - 2018-03-01 02:30 - 000264040 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 10:14 - 2018-03-01 02:27 - 001173576 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 10:14 - 2018-03-01 02:26 - 000170912 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-14 10:14 - 2018-03-01 02:25 - 000377752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-14 10:14 - 2018-03-01 02:19 - 000710768 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 10:14 - 2018-03-01 02:17 - 000519152 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 10:14 - 2018-03-01 02:14 - 007675784 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-14 10:14 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 10:14 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-14 10:14 - 2018-03-01 02:14 - 000356952 ____N (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-14 10:14 - 2018-03-01 02:14 - 000128928 ____N (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 10:14 - 2018-03-01 02:12 - 000677272 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-14 10:14 - 2018-03-01 02:12 - 000250264 ____N (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-14 10:14 - 2018-03-01 02:12 - 000189344 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 10:14 - 2018-03-01 02:10 - 001779936 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-14 10:14 - 2018-03-01 02:10 - 000022936 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-14 10:14 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-14 10:14 - 2018-03-01 01:51 - 000777904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-14 10:14 - 2018-03-01 01:39 - 000213400 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-14 10:14 - 2018-03-01 01:29 - 006092152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-14 10:14 - 2018-03-01 01:29 - 000574960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-14 10:14 - 2018-03-01 01:28 - 000115096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-14 10:14 - 2018-03-01 01:27 - 000284112 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-14 10:14 - 2018-03-01 01:27 - 000221592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-14 10:14 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-14 10:14 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-14 10:14 - 2018-03-01 01:01 - 000019456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-14 10:14 - 2018-03-01 01:00 - 000098304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-14 10:14 - 2018-03-01 00:59 - 000220672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 10:14 - 2018-03-01 00:58 - 000405504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-14 10:14 - 2018-03-01 00:58 - 000368128 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-14 10:14 - 2018-03-01 00:55 - 000346112 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-14 10:14 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-14 10:14 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-14 10:14 - 2018-03-01 00:54 - 000496128 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000863232 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000399872 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-14 10:14 - 2018-03-01 00:53 - 000246272 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
 

PanaMax

TS Rookie
2018-03-14 10:14 - 2018-03-01 00:53 - 000206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000107520 ____N (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000097792 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000092160 ____N (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-14 10:14 - 2018-03-01 00:53 - 000039424 ____N (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-14 10:14 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-14 10:14 - 2018-03-01 00:51 - 000201728 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 10:14 - 2018-03-01 00:51 - 000023552 ____N (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-14 10:14 - 2018-03-01 00:50 - 000526336 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-14 10:14 - 2018-03-01 00:50 - 000118272 ____N (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-14 10:14 - 2018-03-01 00:50 - 000075264 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-14 10:14 - 2018-03-01 00:49 - 000675328 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 10:14 - 2018-03-01 00:49 - 000301056 ____N (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 10:14 - 2018-03-01 00:49 - 000066048 ____N (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-14 10:14 - 2018-03-01 00:48 - 000543232 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 10:14 - 2018-03-01 00:47 - 000579584 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 10:14 - 2018-03-01 00:47 - 000484352 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 10:14 - 2018-03-01 00:46 - 004051968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-14 10:14 - 2018-03-01 00:46 - 000026624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-14 10:14 - 2018-03-01 00:45 - 000386560 ____N (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-14 10:14 - 2018-03-01 00:44 - 005195776 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-14 10:14 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 10:14 - 2018-03-01 00:39 - 002222592 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 10:14 - 2018-03-01 00:36 - 004050432 ____N (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-14 10:14 - 2018-03-01 00:36 - 000030208 ____N (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-14 10:14 - 2018-03-01 00:35 - 000568320 ____N (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-14 10:14 - 2018-03-01 00:35 - 000128000 ____N (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-14 10:14 - 2018-03-01 00:35 - 000050176 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-14 10:14 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-14 10:14 - 2018-02-21 21:23 - 000924648 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-14 10:14 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-14 10:14 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-14 10:14 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-14 10:14 - 2018-02-21 21:07 - 000194456 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-14 10:14 - 2018-02-21 21:03 - 000712600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-14 10:14 - 2018-02-21 20:59 - 021351624 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-14 10:14 - 2018-02-21 20:51 - 000097176 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-14 10:14 - 2018-02-21 20:50 - 000229272 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-14 10:14 - 2018-02-21 19:41 - 020286120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-14 10:14 - 2018-02-21 19:30 - 000043008 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-14 10:14 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 10:14 - 2018-02-21 19:25 - 000086528 ____N (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-14 10:14 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-14 10:14 - 2018-02-21 19:12 - 000076288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-01 16:35 - 2018-03-01 16:35 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2018-03-01 16:11 - 2018-03-01 16:11 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2018-03-01 16:11 - 2018-03-01 16:11 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2018-03-01 16:11 - 2018-03-01 16:11 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2018-03-01 15:58 - 2018-03-01 15:58 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2018-03-01 15:58 - 2018-03-01 15:58 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2018-03-01 15:58 - 2018-03-01 15:58 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2018-03-01 15:58 - 2018-03-01 15:58 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-20 22:25 - 2016-12-03 01:02 - 000000000 __SHD C:\Users\Office-PC\IntelGraphicsProfiles
2018-03-20 22:24 - 2017-08-23 23:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-03-20 22:24 - 2016-07-16 06:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-03-20 14:52 - 2017-02-15 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2018-03-20 14:52 - 2016-10-29 15:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-20 14:31 - 2016-11-26 02:01 - 000000000 ____D C:\Users\Office-PC\AppData\Local\NVIDIA Corporation
2018-03-17 20:33 - 2016-10-29 14:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-17 20:17 - 2016-11-27 02:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-03-17 19:33 - 2016-11-26 20:26 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-17 19:29 - 2016-10-29 15:09 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-17 19:26 - 2016-11-26 02:42 - 000000000 ____D C:\Users\Office-PC\AppData\Local\Deployment
2018-03-17 19:23 - 2018-02-05 04:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-17 19:21 - 2017-09-29 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-03-17 19:11 - 2017-10-20 23:53 - 000000000 ____D C:\temp
2018-03-17 19:11 - 2016-11-26 02:01 - 000000000 ____D C:\Users\Office-PC\AppData\Local\NVIDIA
2018-03-17 19:10 - 2016-10-29 15:03 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-17 18:55 - 2016-11-26 02:27 - 000000000 ____D C:\Users\Office-PC\AppData\Local\CyberLink
2018-03-17 18:53 - 2017-01-30 21:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-17 18:53 - 2016-11-26 19:35 - 000000000 ____D C:\Users\Office-PC\AppData\Local\Adobe
2018-03-17 18:41 - 2016-11-26 02:01 - 000000000 ____D C:\Users\Office-PC\AppData\Local\Packages
2018-03-17 18:40 - 2017-10-27 11:42 - 000000000 ___RD C:\Users\Office-PC\3D Objects
2018-03-17 18:40 - 2016-11-26 02:42 - 000000000 ____D C:\Users\Office-PC\AppData\Local\Apps\2.0
2018-03-17 18:40 - 2016-11-26 02:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-17 18:28 - 2018-01-31 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-03-17 18:28 - 2018-01-09 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2018-03-17 18:28 - 2017-12-22 21:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2018-03-17 18:28 - 2017-03-16 22:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-17 18:28 - 2017-02-15 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2018-03-17 18:28 - 2016-12-25 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2018-03-17 18:28 - 2016-12-03 03:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chief Architect
2018-03-17 18:28 - 2016-11-26 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-03-17 16:24 - 2016-11-26 00:07 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-03-17 16:24 - 2016-10-29 15:01 - 000000000 ____D C:\ProgramData\McAfee
2018-03-17 16:24 - 2016-10-29 15:01 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-03-17 16:09 - 2016-10-29 15:04 - 000000000 ____D C:\ProgramData\CyberLink
2018-03-17 15:56 - 2016-11-27 00:20 - 000000000 ____D C:\Users\Office-PC\AppData\LocalLow\Adblock Plus for IE
2018-03-17 15:35 - 2016-11-26 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-03-17 15:32 - 2018-01-09 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2018-03-17 15:32 - 2016-12-01 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2018-03-17 15:32 - 2016-10-29 15:14 - 000000000 ____D C:\ProgramData\OneKey Recovery
2018-03-17 15:32 - 2016-10-29 15:12 - 000000000 ____D C:\ProgramData\Lenovo
2018-03-17 15:32 - 2016-10-29 15:11 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-03-17 15:32 - 2016-10-29 15:08 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-03-17 15:32 - 2016-10-29 15:07 - 000000000 ____D C:\ProgramData\Intel
2018-03-17 15:32 - 2016-10-29 15:04 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2018-03-17 15:32 - 2016-10-29 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stagelight
2018-03-17 15:32 - 2016-10-29 15:04 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2018-03-17 15:32 - 2016-10-29 15:03 - 000000000 ____D C:\ProgramData\Temp
2018-03-17 15:32 - 2016-10-29 15:03 - 000000000 ____D C:\ProgramData\install_clap
2018-03-17 15:31 - 2016-10-29 15:11 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-03-17 15:31 - 2016-10-29 15:10 - 000000000 ____D C:\Program Files (x86)\Genesyslogic
2018-03-17 15:31 - 2016-10-29 15:04 - 000000000 ____D C:\Program Files\Stagelight
2018-03-17 15:31 - 2016-10-29 15:04 - 000000000 ____D C:\Program Files (x86)\CyberLink
2018-03-17 15:31 - 2016-10-29 15:01 - 000000000 ____D C:\Program Files\Lenovo
2018-03-17 15:31 - 2016-10-29 15:01 - 000000000 ____D C:\Program Files (x86)\Lenovo
2018-03-17 15:31 - 2016-10-29 14:54 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-03-14 10:15 - 2017-09-29 08:41 - 000140800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 10:15 - 2017-09-29 08:41 - 000106496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-14 10:15 - 2017-09-29 08:40 - 000067584 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2018-03-11 21:41 - 2018-02-07 15:49 - 000000000 _____ C:\Recovery.txt
2018-03-11 18:29 - 2018-01-09 19:36 - 000000828 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2018-03-11 18:29 - 2018-01-09 19:36 - 000000828 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk

Some files in TEMP:
====================
2018-03-20 21:58 - 2018-02-10 01:15 - 001954048 _____ (Microsoft Corporation) C:\Users\Office-PC\AppData\Local\Temp\dllnt_dump.dll
2018-03-17 19:10 - 2018-03-17 19:10 - 021728328 _____ (SweetLabs,Inc.) C:\Users\Office-PC\AppData\Local\Temp\oct15D6.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-17 15:29

==================== End of FRST.txt ============================
 

PanaMax

TS Rookie
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Office-PC (20-03-2018 22:50:06)
Running from E:\Users\Office-PC\Desktop\B.S.O.D
Windows 10 Home Version 1709 16299.309 (X64) (2018-03-17 20:37:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1460132598-1632162819-4137796141-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1460132598-1632162819-4137796141-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1460132598-1632162819-4137796141-1000 - Limited - Disabled)
Guest (S-1-5-21-1460132598-1632162819-4137796141-501 - Limited - Disabled)
Office-PC (S-1-5-21-1460132598-1632162819-4137796141-1003 - Administrator - Enabled) => C:\Users\Office-PC
WDAGUtilityAccount (S-1-5-21-1460132598-1632162819-4137796141-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.2.202 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CCSDK Customer Engagement Service (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.3.0.3 - Lenovo)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.01 - NVIDIA Corporation) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{68B3293E-612B-48B4-BC0F-4CCFBF83AB96}) (Version: 0.8.2.76 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.33 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.5.3.31 - Dolby Laboratories, Inc.)
EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11201 - Realtek Semiconductor Corp.)
Epson Event Manager (HKLM-x32\...\{006C8256-3855-43BF-8BA5-4B4C40F41F71}) (Version: 3.10.0065 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.02.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.1.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4463 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{bc883058-299e-461f-8e52-4f1dbb355f86}) (Version: 19.0.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kodi (HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\Kodi) (Version: - XBMC-Foundation)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.5222.01 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.062.00 - Lenovo)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.01 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7724 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.9.0 - Adlice Software)
Stagelight (HKLM\...\Stagelight) (Version: 2.4.6.5857 - Open Labs, LLC.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.18.0 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1460132598-1632162819-4137796141-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncApi64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-17] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-17] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-17] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2502b44bc436c53a\igfxDTCM.dll [2016-10-13] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-02-23] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-17] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-1460132598-1632162819-4137796141-1003: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers4_S-1-5-21-1460132598-1632162819-4137796141-1003: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers5_S-1-5-21-1460132598-1632162819-4137796141-1003: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll -> No File
 

PanaMax

TS Rookie
==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15621EDA-D51F-4CA1-9E68-4C48C3C59634} - System32\Tasks\EPSON WF-3620 Series Update {33D7BEA6-1458-4CC9-817B-94359EA493F8} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {1AE53DE8-D5F7-4DB9-AA79-D5950A39A175} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-17] (AVAST Software)
Task: {2CE6577A-248A-40CF-AEFD-E4E1443B5BC0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation)
Task: {32C0DBDE-66CD-4B3F-AC50-71C4F887410E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {3674FEB5-F2A5-4C47-9A03-DC13C025C6E1} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {3C49FB90-E0BB-4D2B-B30E-481A6CA5CBDD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {3E1F8DA4-7B37-42E4-A344-9C73A7DFFCAB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {4111421B-349A-44FC-994D-02B1BB585AC7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation)
Task: {4E0952F2-4A60-42C7-A957-DA25C1399461} - System32\Tasks\EPSON WF-3620 Series Invitation {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {4F45DAEE-845F-468E-87E7-78D9C28DCC79} - System32\Tasks\Avast Software\Overseer => C:\Program Files\AVAST Software\Avast\setup\overseer.exe [2018-03-17] (AVAST Software)
Task: {5C9138FE-9671-492B-848E-22DB5D464460} - System32\Tasks\Nvbackend => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {69DAC28A-8CB1-4DF1-BAE9-89D7DEA32985} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-04-22] (CyberLink Corp.)
Task: {6A5F2AD9-BC96-4B77-A8D4-E0CF2218E495} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-17] (Google Inc.)
Task: {6CABF2B8-2B80-4F42-A9F4-5FFE09797C79} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation)
Task: {6F1D14CD-221E-431D-AE69-AC15D93E1641} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-17] (Google Inc.)
Task: {6FDCEAC2-847A-4507-9AE0-5922F9806F2D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-17] (Microsoft Corporation)
Task: {7E7A262D-42FB-407D-A605-15E82A9D6BAC} - System32\Tasks\EPSON WF-3620 Series Update {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {AA5852BE-D37A-4FF4-A7A9-C2C96EBF3EDB} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe control iMControllerService 128
Task: {AD8545C6-977D-4389-B8E9-53E9A655001D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {ADC6B61A-0137-4BEA-82BB-816AD000B1B7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation)
Task: {BDA7EA88-E960-4374-9143-75BDBF21B0CE} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {C1064BFF-A2EC-42D8-8E49-212AF303CB86} - System32\Tasks\EPSON WF-3620 Series Invitation {33D7BEA6-1458-4CC9-817B-94359EA493F8} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {DF041948-048F-4B40-BAFE-BACE1B53D293} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1460132598-1632162819-4137796141-500 => C:\Users\Office-PC\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E1A1F336-8F0E-43C4-B429-B964BD9C20BB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {EA19BD20-31D5-44EE-8BE5-A882784F22D9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {F2DB682D-6ECA-4446-A418-536160057FCA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-17] (Microsoft Corporation)
Task: {FD0376F9-0DDF-41C0-8E97-2B357E1B6DC0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {33D7BEA6-1458-4CC9-817B-94359EA493F8}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {33D7BEA6-1458-4CC9-817B-94359EA493F8}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{33D7BEA6-1458-4CC9-817B-94359EA493F8} /F:UpdateWORKGROUP\LAPTOP-EJHII4NS$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{4F3FACAE-74D4-4EA8-BBA4-F4CC47BA5438} /F:UpdateWORKGROUP\LAPTOP-EJHII4NS$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-17 19:11 - 2018-02-23 23:36 - 000543248 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2015-05-19 11:11 - 2015-05-19 11:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2018-03-14 10:14 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 10:14 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-11-13 20:51 - 2015-11-13 20:51 - 000629248 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-10-29 15:01 - 2016-10-29 15:01 - 000791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2016-10-29 15:01 - 2016-10-29 15:01 - 000097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2018-03-17 16:32 - 2018-03-17 16:32 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-17 16:32 - 2018-03-17 16:32 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-17 16:32 - 2018-03-17 16:32 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2016-10-29 15:01 - 2015-02-12 18:02 - 000224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2015-07-11 01:37 - 2015-07-11 01:37 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-02-22 11:57 - 2018-02-22 11:57 - 024028656 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2018-02-02 14:08 - 2018-02-02 14:08 - 000392688 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2018-02-02 14:08 - 2018-02-02 14:08 - 072940016 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1460132598-1632162819-4137796141-1003\Control Panel\Desktop\\Wallpaper -> E:\Users\Office-PC\Pictures\family1.jpg
DNS Servers: 4.2.2.2 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5811D62D-ADC9-4412-BE9C-057A938D18E2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{AD695FB8-31C6-4384-A8DF-9377F34D1936}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{43BAC8FB-F9BA-469D-BF48-9EB1CCA33C7F}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{596ACC43-0BF5-41CD-A5C3-8E948FB92DE9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{30AD8126-4675-4919-BC91-B6397941D4FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3D96D2A3-6443-46A9-AA14-DC9DAB34CAF9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{97EDB29C-26A2-4F7D-9A93-1FC4C1A083A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3525B9B3-D1BE-447C-B80A-35BF77EF1D81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{EB2202F6-25EE-4109-BC5B-077C138E51C6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{76B68E2C-AE45-4A1A-8D9F-D052257332C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B557DEDD-DAC3-40B8-A86B-8243A6A4C033}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{82DE186D-2449-4492-BBF6-05FC5EFE94CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{2DA3E1F3-696F-4FA1-B7EB-12F56638D7E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.75.483.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [TCP Query User{AC72CE39-4810-4505-B36C-E55EF38B01ED}E:\program files (x86)\kodi\kodi.exe] => (Allow) E:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{FF9D64C5-FFD3-47B2-AF1D-5916B1F12035}E:\program files (x86)\kodi\kodi.exe] => (Allow) E:\program files (x86)\kodi\kodi.exe
FirewallRules: [{C85533B8-F6A2-4096-8471-768B58BCC0A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3F86628C-CF76-4168-86E7-0A1BE7DFA94A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{6B50F5A2-009C-4AB6-BE77-53BC27D1CB5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5F9FEABC-09E8-4ED5-A5D3-6C0195398414}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{0C7C5D73-DCCB-44DA-8253-734D2F954F1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{605AF92C-EAC3-4314-B106-2E955C7EE522}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{10190A1A-7A63-41FA-9DB9-7FAA3C07A31D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0B66442D-DD25-4889-AB42-9AE4997729AB}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{8BF886F1-8D4F-469A-B52D-684D9A32D950}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{EC7462F2-C41A-43DE-941E-F8EF16FB2FCC}] => (Allow) C:\Users\Office-PC\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{2FAE8696-2A49-49AE-92C2-139FCD05612B}] => (Allow) C:\Users\Office-PC\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{2B49E3CF-AA56-4212-A827-AAAE0047FCAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 

PanaMax

TS Rookie
==================== Restore Points =========================

17-03-2018 19:10:18 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
20-03-2018 14:52:05 Installed FAX Utility

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2018 10:13:58 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (03/20/2018 10:13:58 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (03/20/2018 10:13:58 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/20/2018 10:13:58 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/20/2018 10:13:48 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/20/2018 10:13:48 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/17/2018 07:51:14 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP-EJHII4NS)
Description: Application or service 'Microsoft Windows Search Protocol Host' could not be shut down.

Error: (03/17/2018 07:22:00 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (03/20/2018 10:40:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 10:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 10:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 10:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 10:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 10:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 10:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/20/2018 10:25:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ImControllerService service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================

Date: 2018-03-20 20:50:55.714
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-20 20:50:55.702
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-20 20:50:55.621
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-20 20:50:55.608
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-18 11:11:42.737
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-18 11:11:42.725
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-18 11:11:42.670
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-18 11:11:42.657
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 19%
Total physical RAM: 16178.86 MB
Available physical RAM: 12944.01 MB
Total Virtual: 19122.86 MB
Available Virtual: 15798.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:198.36 GB) (Free:132.63 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:24.98 GB) (Free:6.91 GB) NTFS
Drive e: (DATA) (Fixed) (Total:931.39 GB) (Free:270.04 GB) NTFS

\\?\Volume{ed978276-3d45-450b-a8d9-ae9d612502d5}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{32e5ed24-e21f-4d01-a4b8-d3d1d90f64f5}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.52 GB) NTFS
\\?\Volume{295fd687-c8f8-4835-88a8-cadecb015446}\ (LENOVO_PART) (Fixed) (Total:12.92 GB) (Free:0.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 6F982EE4)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: DC2798CC)

Partition: GPT.

==================== End of Addition.txt ============================