Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: file on temp folder that i delete and keeps coming back there. need help please

  1. #1
    Junior Member
    Join Date
    Dec 2018
    Posts
    9

    Default file on temp folder that i delete and keeps coming back there. need help please

    Hi, so a few days ago i saw on my temp folder this file "sa.9PGGJ4LF6SPV_0__.Public.InstallAgent" + another one "AM_Delta_Patch_1.281.1476.0"
    but the first one keeps coming back every hour or so after i delete it. i run all sorts of rootkit remover- antivirus programs but still it persists on coming.
    i could really use your knowledge guys!
    thanks in advance have a great day!
    i will post the logs below. ( as mentioned above i run all sort of antivirus-antispyware etc. programs before these logs were captured.)

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
    Ran by mrizo (administrator) on DESKTOP-F843553 (06-12-2018 23:17:52)
    Running from C:\Users\mrizo\Desktop
    Loaded Profiles: mrizo (Available Profiles: mrizo)
    Platform: Windows 10 Home Version 1803 17134.441 (X64) Language: English (United Kingdom)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
    () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\LeagueClient.exe
    () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\LeagueClientUx.exe
    () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\LeagueClientUxRender.exe
    () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\LeagueClientUxRender.exe
    (Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AxCrypt AB) C:\Program Files\AxCrypt\AxCrypt\AxCrypt.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18389440 2018-08-14] (Realtek Semiconductor)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
    HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-11-18]
    ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software)
    GroupPolicy: Restriction ? <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{a0287988-f6f9-4b8c-a3e0-aa61ee26466a}: [NameServer] 192.71.245.208,193.183.98.154,192.168.1.1
    Tcpip\..\Interfaces\{a0287988-f6f9-4b8c-a3e0-aa61ee26466a}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

    FireFox:
    ========
    FF DefaultProfile: xye4umdg.default-1539041698779
    FF ProfilePath: C:\Users\mrizo\AppData\Roaming\Mozilla\Firefox\Profiles\xye4umdg.default-1539041698779 [2018-12-06]
    FF NetworkProxy: Mozilla\Firefox\Profiles\xye4umdg.default-1539041698779 -> type", 0
    FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\mrizo\AppData\Roaming\Mozilla\Firefox\Profiles\xye4umdg.default-1539041698779\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-12-06]
    FF Extension: (Adblock Plus) - C:\Users\mrizo\AppData\Roaming\Mozilla\Firefox\Profiles\xye4umdg.default-1539041698779\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-04]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_148.dll [2018-11-19] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_148.dll [2018-11-19] ()
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-11] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-11] (NVIDIA Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
    FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
    FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9121248 2018-10-24] (AVAST Software)
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
    S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-24] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-24] (Microsoft Corporation)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-18] (Apple Inc.)
    S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-09-05] (The OpenVPN Project)
    R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-02-06] (REALiX(tm))
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a5e9eb9bc021c27a\nvlddmkm.sys [20337080 2018-10-12] (NVIDIA Corporation)
    S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1118648 2018-10-25] (Realtek )
    S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [213216 2018-11-08] (Oracle Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-10-24] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-10-24] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-24] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-12-06 23:17 - 2018-12-06 23:18 - 000009953 _____ C:\Users\mrizo\Desktop\FRST.txt
    2018-12-06 23:17 - 2018-12-06 23:17 - 000036705 _____ C:\Users\mrizo\Documents\Addition.txt
    2018-12-06 23:16 - 2018-12-06 23:17 - 000054210 _____ C:\Users\mrizo\Documents\FRST.txt
    2018-12-06 23:15 - 2018-12-06 23:15 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-F843553-Windows-10-Home-(64-bit).dat
    2018-12-06 23:15 - 2018-12-06 23:15 - 000000000 ____D C:\RegBackup
    2018-12-06 23:14 - 2018-12-06 23:14 - 005766144 _____ (Tweaking.com) C:\Users\mrizo\Desktop\tweaking.com_registry_backup_setup.exe
    2018-12-06 23:14 - 2018-12-06 23:14 - 000018111 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2018-12-06 23:14 - 2018-12-06 23:14 - 000002328 _____ C:\Users\mrizo\Desktop\Tweaking.com - Registry Backup.lnk
    2018-12-06 23:14 - 2018-12-06 23:14 - 000000000 ____D C:\Users\mrizo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2018-12-06 23:14 - 2018-12-06 23:14 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2018-12-06 22:42 - 2018-12-06 22:42 - 000000000 ____D C:\Users\mrizo\Documents\My AxCrypt
    2018-12-06 22:38 - 2018-12-06 22:42 - 000000000 ____D C:\Users\mrizo\AppData\Local\AxCrypt
    2018-12-06 22:38 - 2018-12-06 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AxCrypt
    2018-12-06 22:38 - 2018-12-06 22:38 - 000000000 ____D C:\Program Files\AxCrypt
    2018-12-06 21:01 - 2018-12-06 21:01 - 000005614 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
    2018-12-06 20:35 - 2018-12-06 20:35 - 000650652 _____ C:\WINDOWS\Minidump\120618-7500-01.dmp
    2018-12-06 20:35 - 2018-12-06 20:35 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-12-06 20:35 - 2018-12-06 20:35 - 000000000 ____D C:\WINDOWS\Minidump
    2018-12-06 20:30 - 2018-12-06 20:30 - 000000000 ____D C:\Program Files (x86)\trend micro
    2018-12-06 19:12 - 2018-12-06 19:12 - 000004052 _____ C:\Users\mrizo\Documents\Fixlog.txt
    2018-12-06 19:11 - 2018-12-06 19:11 - 000000000 ____D C:\Users\mrizo\AppData\Local\D3DSCache
    2018-12-06 19:09 - 2018-12-06 23:16 - 000000000 ____D C:\FRST
    2018-12-06 19:08 - 2018-12-06 19:08 - 002417152 _____ (Farbar) C:\Users\mrizo\Desktop\FRST64.exe
    2018-12-06 18:58 - 2018-12-06 18:58 - 000000000 ____D C:\Users\mrizo\AppData\Roaming\AVAST Software
    2018-12-06 18:43 - 2018-12-06 20:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-12-06 18:42 - 2018-12-06 18:42 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2018-12-06 18:42 - 2018-12-06 18:42 - 000000000 ____D C:\Users\mrizo\AppData\Local\mbamtray
    2018-12-06 18:42 - 2018-12-06 18:42 - 000000000 ____D C:\Users\mrizo\AppData\Local\DBG
    2018-12-06 18:37 - 2018-12-06 18:37 - 000000000 ____D C:\Users\mrizo\AppData\Local\mbam
    2018-12-06 18:24 - 2018-12-06 06:52 - 000454504 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
    2018-12-06 18:04 - 2018-12-06 18:04 - 000000000 ____D C:\ProgramData\Emsisoft
    2018-12-06 18:00 - 2018-12-06 20:23 - 000000000 ____D C:\EEK
    2018-12-06 17:34 - 2018-12-06 18:03 - 000000000 ____D C:\ProgramData\RogueKiller
    2018-12-06 17:34 - 2018-12-06 17:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2018-12-06 17:34 - 2018-12-06 17:34 - 000000000 ____D C:\Program Files\RogueKiller
    2018-12-06 10:56 - 2018-12-06 10:56 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-12-06 10:56 - 2018-12-06 10:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-12-06 10:56 - 2018-12-06 10:56 - 000000000 ____D C:\ProgramData\Malwarebytes
    2018-12-06 10:56 - 2018-12-06 10:56 - 000000000 ____D C:\Program Files\Malwarebytes
    2018-12-06 10:56 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2018-12-06 09:44 - 2018-12-01 06:01 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-12-06 09:44 - 2018-12-01 06:01 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-12-06 04:05 - 2018-12-06 04:05 - 000001071 _____ C:\Users\mrizo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LeagueClient.lnk
    2018-12-03 20:02 - 2018-12-03 20:02 - 000000258 __RSH C:\ProgramData\ntuser.pol
    2018-12-03 18:22 - 2018-12-03 18:27 - 000000000 ____D C:\Users\mrizo\Desktop\Stuff
    2018-12-03 17:39 - 2018-11-09 03:46 - 000407274 __RSH C:\bootmgr
    2018-12-03 17:39 - 2018-04-12 01:34 - 000000001 ___SH C:\BOOTNXT
    2018-12-03 16:29 - 2018-11-09 08:00 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
    2018-12-03 16:29 - 2018-11-09 07:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2018-12-03 16:29 - 2018-11-09 07:18 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-12-03 16:29 - 2018-11-09 04:48 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-12-03 16:29 - 2018-11-09 04:47 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2018-12-03 16:29 - 2018-11-09 04:47 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2018-12-03 16:29 - 2018-11-09 04:21 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2018-12-03 16:29 - 2018-11-09 04:21 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2018-12-03 16:29 - 2018-11-09 04:20 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
    2018-12-03 16:29 - 2018-11-09 04:19 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2018-12-03 16:29 - 2018-11-09 04:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2018-12-03 16:29 - 2018-11-09 04:18 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2018-12-03 16:29 - 2018-11-09 04:18 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2018-12-03 16:29 - 2018-11-09 04:18 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
    2018-12-03 16:29 - 2018-11-09 04:16 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
    2018-12-03 16:29 - 2018-11-09 04:15 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2018-12-03 16:29 - 2018-11-09 04:07 - 002417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2018-12-03 16:29 - 2018-11-09 04:07 - 001299704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
    2018-12-03 16:29 - 2018-11-09 03:46 - 002253184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-12-03 16:29 - 2018-11-09 03:46 - 000129288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2018-12-03 16:29 - 2018-11-09 03:31 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2018-12-03 16:29 - 2018-11-09 03:29 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-12-03 16:29 - 2018-11-09 03:29 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-12-03 16:29 - 2018-11-09 03:27 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2018-12-03 16:29 - 2018-11-09 03:25 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2018-12-03 16:28 - 2018-11-09 08:19 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2018-12-03 16:28 - 2018-11-09 08:19 - 000549736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
    2018-12-03 16:28 - 2018-11-09 08:15 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-12-03 16:28 - 2018-11-09 08:15 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2018-12-03 16:28 - 2018-11-09 08:14 - 001617120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2018-12-03 16:28 - 2018-11-09 08:01 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2018-12-03 16:28 - 2018-11-09 08:00 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2018-12-03 16:28 - 2018-11-09 08:00 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2018-12-03 16:28 - 2018-11-09 07:59 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-12-03 16:28 - 2018-11-09 07:59 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2018-12-03 16:28 - 2018-11-09 07:58 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
    2018-12-03 16:28 - 2018-11-09 07:57 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2018-12-03 16:28 - 2018-11-09 07:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
    2018-12-03 16:28 - 2018-11-09 07:56 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-12-03 16:28 - 2018-11-09 07:56 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
    2018-12-03 16:28 - 2018-11-09 07:56 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
    2018-12-03 16:28 - 2018-11-09 07:56 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-12-03 16:28 - 2018-11-09 07:56 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
    2018-12-03 16:28 - 2018-11-09 07:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
    2018-12-03 16:28 - 2018-11-09 07:55 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2018-12-03 16:28 - 2018-11-09 07:55 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2018-12-03 16:28 - 2018-11-09 07:55 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2018-12-03 16:28 - 2018-11-09 07:54 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
    2018-12-03 16:28 - 2018-11-09 07:35 - 000443864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
    2018-12-03 16:28 - 2018-11-09 07:32 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-12-03 16:28 - 2018-11-09 07:23 - 005657600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2018-12-03 16:28 - 2018-11-09 07:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
    2018-12-03 16:28 - 2018-11-09 07:21 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-12-03 16:28 - 2018-11-09 07:20 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2018-12-03 16:28 - 2018-11-09 07:19 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
    2018-12-03 16:28 - 2018-11-09 07:18 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
    2018-12-03 16:28 - 2018-11-09 07:17 - 002892800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-12-03 16:28 - 2018-11-09 07:17 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2018-12-03 16:28 - 2018-11-09 04:56 - 001213472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2018-12-03 16:28 - 2018-11-09 04:56 - 001040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2018-12-03 16:28 - 2018-11-09 04:56 - 000272408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
    2018-12-03 16:28 - 2018-11-09 04:56 - 000269320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
    2018-12-03 16:28 - 2018-11-09 04:50 - 005624648 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2018-12-03 16:28 - 2018-11-09 04:49 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-12-03 16:28 - 2018-11-09 04:49 - 001062712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2018-12-03 16:28 - 2018-11-09 04:49 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-12-03 16:28 - 2018-11-09 04:49 - 000723416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2018-12-03 16:28 - 2018-11-09 04:49 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2018-12-03 16:28 - 2018-11-09 04:49 - 000565048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2018-12-03 16:28 - 2018-11-09 04:49 - 000491208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2018-12-03 16:28 - 2018-11-09 04:49 - 000368656 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2018-12-03 16:28 - 2018-11-09 04:49 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-12-03 16:28 - 2018-11-09 04:49 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2018-12-03 16:28 - 2018-11-09 04:48 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-12-03 16:28 - 2018-11-09 04:48 - 003179760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2018-12-03 16:28 - 2018-11-09 04:48 - 002719736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-12-03 16:28 - 2018-11-09 04:48 - 001613288 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2018-12-03 16:28 - 2018-11-09 04:48 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2018-12-03 16:28 - 2018-11-09 04:48 - 000899920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2018-12-03 16:28 - 2018-11-09 04:48 - 000766704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2018-12-03 16:28 - 2018-11-09 04:48 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2018-12-03 16:28 - 2018-11-09 04:48 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2018-12-03 16:28 - 2018-11-09 04:47 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-12-03 16:28 - 2018-11-09 04:47 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2018-12-03 16:28 - 2018-11-09 04:47 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2018-12-03 16:28 - 2018-11-09 04:47 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-12-03 16:28 - 2018-11-09 04:47 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2018-12-03 16:28 - 2018-11-09 04:47 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2018-12-03 16:28 - 2018-11-09 04:47 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2018-12-03 16:28 - 2018-11-09 04:47 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2018-12-03 16:28 - 2018-11-09 04:47 - 001456520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-12-03 16:28 - 2018-11-09 04:47 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2018-12-03 16:28 - 2018-11-09 04:47 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-12-03 16:28 - 2018-11-09 04:47 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-12-03 16:28 - 2018-11-09 04:47 - 000982400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-12-03 16:28 - 2018-11-09 04:47 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2018-12-03 16:28 - 2018-11-09 04:47 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-12-03 16:28 - 2018-11-09 04:47 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2018-12-03 16:28 - 2018-11-09 04:47 - 000594032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2018-12-03 16:28 - 2018-11-09 04:47 - 000537912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2018-12-03 16:28 - 2018-11-09 04:47 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2018-12-03 16:28 - 2018-11-09 04:47 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2018-12-03 16:28 - 2018-11-09 04:47 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2018-12-03 16:28 - 2018-11-09 04:31 - 025856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-12-03 16:28 - 2018-11-09 04:24 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-12-03 16:28 - 2018-11-09 04:23 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2018-12-03 16:28 - 2018-11-09 04:22 - 007056896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2018-12-03 16:28 - 2018-11-09 04:22 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
    2018-12-03 16:28 - 2018-11-09 04:22 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2018-12-03 16:28 - 2018-11-09 04:21 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-12-03 16:28 - 2018-11-09 04:21 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2018-12-03 16:28 - 2018-11-09 04:21 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-12-03 16:28 - 2018-11-09 04:21 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2018-12-03 16:28 - 2018-11-09 04:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2018-12-03 16:28 - 2018-11-09 04:21 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
    2018-12-03 16:28 - 2018-11-09 04:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2018-12-03 16:28 - 2018-11-09 04:20 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2018-12-03 16:28 - 2018-11-09 04:20 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2018-12-03 16:28 - 2018-11-09 04:20 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2018-12-03 16:28 - 2018-11-09 04:20 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
    2018-12-03 16:28 - 2018-11-09 04:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
    2018-12-03 16:28 - 2018-11-09 04:20 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-12-03 16:28 - 2018-11-09 04:20 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2018-12-03 16:28 - 2018-11-09 04:19 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-12-03 16:28 - 2018-11-09 04:19 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2018-12-03 16:28 - 2018-11-09 04:19 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2018-12-03 16:28 - 2018-11-09 04:19 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-12-03 16:28 - 2018-11-09 04:19 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-12-03 16:28 - 2018-11-09 04:19 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2018-12-03 16:28 - 2018-11-09 04:19 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
    2018-12-03 16:28 - 2018-11-09 04:18 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2018-12-03 16:28 - 2018-11-09 04:18 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-12-03 16:28 - 2018-11-09 04:18 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2018-12-03 16:28 - 2018-11-09 04:18 - 000573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
    2018-12-03 16:28 - 2018-11-09 04:18 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2018-12-03 16:28 - 2018-11-09 04:17 - 002584576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2018-12-03 16:28 - 2018-11-09 04:17 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
    2018-12-03 16:28 - 2018-11-09 04:17 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2018-12-03 16:28 - 2018-11-09 04:17 - 001069568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2018-12-03 16:28 - 2018-11-09 04:17 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2018-12-03 16:28 - 2018-11-09 04:16 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-12-03 16:28 - 2018-11-09 04:16 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2018-12-03 16:28 - 2018-11-09 04:16 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2018-12-03 16:28 - 2018-11-09 04:16 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2018-12-03 16:28 - 2018-11-09 04:16 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-12-03 16:28 - 2018-11-09 04:16 - 001457152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2018-12-03 16:28 - 2018-11-09 04:16 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
    2018-12-03 16:28 - 2018-11-09 04:16 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2018-12-03 16:28 - 2018-11-09 04:16 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2018-12-03 16:28 - 2018-11-09 04:16 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2018-12-03 16:28 - 2018-11-09 04:15 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2018-12-03 16:28 - 2018-11-09 04:15 - 000933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2018-12-03 16:28 - 2018-11-09 04:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2018-12-03 16:28 - 2018-11-09 04:15 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2018-12-03 16:28 - 2018-11-09 04:15 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2018-12-03 16:28 - 2018-11-09 04:15 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-12-03 16:28 - 2018-11-09 04:15 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2018-12-03 16:28 - 2018-11-09 04:15 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2018-12-03 16:28 - 2018-11-09 03:48 - 000550728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2018-12-03 16:28 - 2018-11-09 03:47 - 000295224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2018-12-03 16:28 - 2018-11-09 03:46 - 006571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-12-03 16:28 - 2018-11-09 03:46 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-12-03 16:28 - 2018-11-09 03:46 - 004789952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2018-12-03 16:28 - 2018-11-09 03:46 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2018-12-03 16:28 - 2018-11-09 03:46 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2018-12-03 16:28 - 2018-11-09 03:46 - 001980776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2018-12-03 16:28 - 2018-11-09 03:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2018-12-03 16:28 - 2018-11-09 03:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2018-12-03 16:28 - 2018-11-09 03:46 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2018-12-03 16:28 - 2018-11-09 03:46 - 000721024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2018-12-03 16:28 - 2018-11-09 03:46 - 000573504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2018-12-03 16:28 - 2018-11-09 03:46 - 000567048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-12-03 16:28 - 2018-11-09 03:38 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-12-03 16:28 - 2018-11-09 03:35 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-12-03 16:28 - 2018-11-09 03:31 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2018-12-03 16:28 - 2018-11-09 03:31 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2018-12-03 16:28 - 2018-11-09 03:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2018-12-03 16:28 - 2018-11-09 03:30 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
    2018-12-03 16:28 - 2018-11-09 03:30 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2018-12-03 16:28 - 2018-11-09 03:29 - 005883392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2018-12-03 16:28 - 2018-11-09 03:29 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2018-12-03 16:28 - 2018-11-09 03:29 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2018-12-03 16:28 - 2018-11-09 03:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-12-03 16:28 - 2018-11-09 03:29 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
    2018-12-03 16:28 - 2018-11-09 03:28 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-12-03 16:28 - 2018-11-09 03:28 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2018-12-03 16:28 - 2018-11-09 03:28 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2018-12-03 16:28 - 2018-11-09 03:28 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
    2018-12-03 16:28 - 2018-11-09 03:28 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2018-12-03 16:28 - 2018-11-09 03:28 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2018-12-03 16:28 - 2018-11-09 03:27 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2018-12-03 16:28 - 2018-11-09 03:27 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2018-12-03 16:28 - 2018-11-09 03:27 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-12-03 16:28 - 2018-11-09 03:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
    2018-12-03 16:28 - 2018-11-09 03:26 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-12-03 16:28 - 2018-11-09 03:26 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
    2018-12-03 16:28 - 2018-11-09 03:26 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2018-12-03 16:28 - 2018-11-09 03:26 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
    2018-12-03 16:28 - 2018-11-09 03:26 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2018-12-03 16:28 - 2018-11-09 03:26 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2018-12-03 16:28 - 2018-11-09 03:26 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-12-03 16:28 - 2018-11-09 03:25 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2018-12-03 16:28 - 2018-11-09 03:25 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2018-12-03 16:28 - 2018-11-09 03:25 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2018-12-03 16:28 - 2018-11-09 03:25 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2018-12-03 16:28 - 2018-11-09 03:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
    2018-12-03 16:28 - 2018-11-09 03:01 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2018-12-03 02:03 - 2018-12-06 17:54 - 000000070 _____ C:\Users\mrizo\Desktop\New Text Document (2).txt
    2018-12-03 01:58 - 2018-12-03 01:59 - 001832768 _____ (Epic Privacy Browser) C:\Users\mrizo\Documents\epicsetup.exe
    2018-11-30 02:05 - 2018-12-06 20:27 - 000000000 ____D C:\Users\mrizo\AppData\Local\CrashDumps
    2018-11-28 16:51 - 2018-11-28 16:52 - 007321808 _____ (Malwarebytes) C:\Users\mrizo\Documents\adwcleaner_7.2.1.exe
    2018-11-28 16:03 - 2018-12-06 18:43 - 000000000 ____D C:\Users\mrizo\AppData\Local\ConnectedDevicesPlatform
    2018-11-28 05:38 - 2018-11-28 05:38 - 000000000 ____D C:\Users\mrizo\AppData\Local\Comms
    2018-11-28 01:34 - 2018-11-28 01:34 - 000000000 ____D C:\Users\mrizo\AppData\Local\CEF
    2018-11-27 00:09 - 2018-11-27 00:09 - 000000000 ____D C:\ProgramData\Epic Privacy Browser
    2018-11-23 19:26 - 2018-11-29 21:31 - 000000081 _____ C:\Users\mrizo\Desktop\honor.txt
    2018-11-19 05:06 - 2018-09-05 22:01 - 000053904 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\aswTap.sys
    2018-11-19 00:29 - 2018-11-24 17:03 - 000003808 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2018-11-19 00:29 - 2018-11-24 17:03 - 000003506 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2018-11-18 21:16 - 2018-11-18 21:16 - 000004012 _____ C:\WINDOWS\System32\Tasks\Avast Cleanup Update
    2018-11-18 21:16 - 2018-11-18 21:16 - 000001298 _____ C:\Users\Public\Desktop\Avast Cleanup Premium.lnk
    2018-11-18 21:16 - 2018-11-18 21:16 - 000000000 ____D C:\Program Files (x86)\AVAST Software
    2018-11-18 20:53 - 2018-12-06 19:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
    2018-11-18 20:52 - 2018-11-18 20:52 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
    2018-11-18 20:43 - 2018-12-05 02:08 - 000000000 ____D C:\Program Files\AVAST Software
    2018-11-18 20:42 - 2018-12-05 02:08 - 000000000 ____D C:\ProgramData\AVAST Software
    2018-11-17 21:34 - 2018-11-01 03:09 - 000454638 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20181117-213445.backup
    2018-11-17 21:08 - 2018-12-05 02:03 - 000002234 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2018-11-17 21:08 - 2018-11-24 17:03 - 000003048 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2018-11-17 21:08 - 2018-11-17 21:08 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2018-11-17 21:08 - 2018-11-17 21:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2018-11-17 21:06 - 2018-11-17 21:06 - 000532480 _____ (Trend Micro Incorporated) C:\Users\mrizo\Desktop\cwshredder.exe
    2018-11-13 21:25 - 2018-11-01 13:49 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2018-11-13 21:25 - 2018-11-01 13:45 - 001376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2018-11-13 21:25 - 2018-11-01 13:27 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2018-11-13 21:25 - 2018-11-01 12:09 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2018-11-13 21:25 - 2018-11-01 11:53 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2018-11-13 21:25 - 2018-11-01 09:26 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2018-11-13 21:25 - 2018-11-01 09:25 - 001784680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2018-11-13 21:25 - 2018-11-01 09:25 - 000375824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
    2018-11-13 21:25 - 2018-11-01 08:59 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2018-11-13 21:25 - 2018-11-01 08:57 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-11-13 21:25 - 2018-11-01 08:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2018-11-13 21:25 - 2018-11-01 08:54 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2018-11-13 21:25 - 2018-11-01 08:53 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2018-11-13 21:25 - 2018-11-01 06:50 - 000861712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2018-11-13 21:25 - 2018-11-01 06:50 - 000786288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-11-13 21:25 - 2018-11-01 06:48 - 002478872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2018-11-13 21:25 - 2018-11-01 06:48 - 000880248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2018-11-13 21:25 - 2018-11-01 06:47 - 001379792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2018-11-13 21:25 - 2018-11-01 06:47 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2018-11-13 21:25 - 2018-11-01 06:33 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-11-13 21:25 - 2018-11-01 06:30 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2018-11-13 21:25 - 2018-11-01 06:28 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2018-11-13 21:25 - 2018-11-01 06:27 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-11-13 21:25 - 2018-11-01 06:27 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2018-11-13 21:25 - 2018-11-01 06:27 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-11-13 21:24 - 2018-11-01 13:46 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
    2018-11-13 21:24 - 2018-11-01 13:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2018-11-13 21:24 - 2018-11-01 13:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
    2018-11-13 21:24 - 2018-11-01 13:29 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2018-11-13 21:24 - 2018-11-01 13:28 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
    2018-11-13 21:24 - 2018-11-01 11:56 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
    2018-11-13 21:24 - 2018-11-01 11:56 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
    2018-11-13 21:24 - 2018-11-01 11:15 - 023861760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2018-11-13 21:24 - 2018-11-01 11:13 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2018-11-13 21:24 - 2018-11-01 09:27 - 001017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2018-11-13 21:24 - 2018-11-01 09:26 - 003291640 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2018-11-13 21:24 - 2018-11-01 09:25 - 001288920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2018-11-13 21:24 - 2018-11-01 09:25 - 001190248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-11-13 21:24 - 2018-11-01 09:25 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2018-11-13 21:24 - 2018-11-01 09:25 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
    2018-11-13 21:24 - 2018-11-01 09:25 - 000268088 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2018-11-13 21:24 - 2018-11-01 09:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
    2018-11-13 21:24 - 2018-11-01 09:02 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
    2018-11-13 21:24 - 2018-11-01 09:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
    2018-11-13 21:24 - 2018-11-01 09:00 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-11-13 21:24 - 2018-11-01 09:00 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2018-11-13 21:24 - 2018-11-01 08:59 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2018-11-13 21:24 - 2018-11-01 08:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2018-11-13 21:24 - 2018-11-01 08:59 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
    2018-11-13 21:24 - 2018-11-01 08:59 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
    2018-11-13 21:24 - 2018-11-01 08:58 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2018-11-13 21:24 - 2018-11-01 08:58 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2018-11-13 21:24 - 2018-11-01 08:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2018-11-13 21:24 - 2018-11-01 08:57 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2018-11-13 21:24 - 2018-11-01 08:57 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
    2018-11-13 21:24 - 2018-11-01 08:57 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2018-11-13 21:24 - 2018-11-01 08:57 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2018-11-13 21:24 - 2018-11-01 08:56 - 002929664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
    2018-11-13 21:24 - 2018-11-01 08:56 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2018-11-13 21:24 - 2018-11-01 08:54 - 001679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2018-11-13 21:24 - 2018-11-01 08:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2018-11-13 21:24 - 2018-11-01 08:54 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2018-11-13 21:24 - 2018-11-01 08:53 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2018-11-13 21:24 - 2018-11-01 08:53 - 001373696 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2018-11-13 21:24 - 2018-11-01 08:53 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2018-11-13 21:24 - 2018-11-01 08:53 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-11-13 21:24 - 2018-11-01 06:48 - 000384520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
    2018-11-13 21:24 - 2018-11-01 06:47 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2018-11-13 21:24 - 2018-11-01 06:29 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
    2018-11-13 21:24 - 2018-11-01 06:29 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2018-11-13 21:24 - 2018-11-01 06:29 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
    2018-11-08 16:40 - 2018-11-08 16:40 - 000223000 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
    2018-11-08 16:40 - 2018-11-08 16:40 - 000213216 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-12-06 23:11 - 2018-08-12 13:48 - 000000000 ____D C:\Users\mrizo\AppData\LocalLow\Mozilla
    2018-12-06 22:56 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-12-06 22:50 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-12-06 22:43 - 2018-08-03 11:14 - 000000000 ____D C:\Users\mrizo\AppData\Local\PlaceholderTileLogoFolder
    2018-12-06 22:43 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-12-06 22:38 - 2018-02-06 14:36 - 000000000 ____D C:\ProgramData\Package Cache
    2018-12-06 21:01 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
    2018-12-06 20:43 - 2018-10-13 02:37 - 000000000 ____D C:\Users\mrizo
    2018-12-06 20:35 - 2018-10-13 02:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-12-06 20:35 - 2018-10-11 12:06 - 577350351 _____ C:\WINDOWS\MEMORY.DMP
    2018-12-06 20:35 - 2018-04-19 22:52 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2018-12-06 20:35 - 2018-02-06 01:21 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-12-06 20:09 - 2018-05-04 18:54 - 000000000 ____D C:\ProgramData\SecTaskMan
    2018-12-06 19:13 - 2018-04-11 23:04 - 000131072 _____ C:\WINDOWS\system32\config\BBI
    2018-12-06 18:42 - 2018-02-27 23:52 - 000000000 ____D C:\WINDOWS\pss
    2018-12-05 02:09 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SystemApps
    2018-12-04 19:47 - 2018-04-24 10:52 - 000001864 _____ C:\Users\mrizo\Desktop\New Text Document.txt
    2018-12-04 06:44 - 2018-10-10 13:44 - 000000000 ____D C:\Users\mrizo\AppData\Roaming\vlc
    2018-12-03 18:19 - 2018-02-26 16:48 - 000000000 ___RD C:\Users\mrizo\3D Objects
    2018-12-03 18:19 - 2018-02-05 23:27 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-12-03 17:37 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-12-03 17:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
    2018-12-03 17:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
    2018-12-03 17:37 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-11-29 20:16 - 2018-08-12 15:28 - 000000420 _____ C:\Users\mrizo\Desktop\This PC.lnk
    2018-11-28 01:42 - 2018-08-12 14:28 - 000000000 ____D C:\EFSTMPWP
    2018-11-26 02:30 - 2018-04-22 03:31 - 000000000 ____D C:\ProgramData\TEMP
    2018-11-26 02:27 - 2018-02-26 16:43 - 000000000 ____D C:\Users\mrizo\AppData\Local\Packages
    2018-11-24 19:59 - 2018-07-02 16:00 - 000000000 ____D C:\Users\mrizo\Documents\Autoruns
    2018-11-22 09:01 - 2018-10-09 01:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2018-11-22 09:01 - 2018-10-09 01:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-11-21 01:15 - 2018-10-09 01:34 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-11-19 21:00 - 2018-04-12 18:16 - 000000000 ____D C:\WINDOWS\OCR
    2018-11-19 03:31 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
    2018-11-19 00:29 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-11-19 00:29 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-11-18 20:52 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2018-11-17 21:08 - 2018-08-03 13:49 - 000000000 ____D C:\Program Files\CCleaner
    2018-11-17 20:58 - 2018-10-25 14:39 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
    2018-11-17 20:57 - 2018-10-25 21:15 - 000000000 ____D C:\Program Files (x86)\Intel
    2018-11-17 20:56 - 2018-02-06 01:21 - 000000000 ____D C:\Intel
    2018-11-17 00:00 - 2018-02-14 22:49 - 000000000 ____D C:\Program Files\rempl
    2018-11-14 00:56 - 2018-07-01 06:18 - 000000000 ____D C:\Program Files (x86)\Java
    2018-11-13 21:34 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2018-11-13 21:34 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\F12
    2018-11-13 21:34 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
    2018-11-13 21:34 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-11-13 21:30 - 2018-02-25 21:07 - 000000000 ____D C:\WINDOWS\system32\MRT

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-10-13 02:35

    ==================== End of FRST.txt ============================



    and i got this one as an addition.txt on dekstop
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
    Ran by mrizo (06-12-2018 23:18:18)
    Running from C:\Users\mrizo\Desktop
    Windows 10 Home Version 1803 17134.441 (X64) (2018-10-13 00:42:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-274154173-2780070492-278442082-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-274154173-2780070492-278442082-503 - Limited - Disabled)
    Guest (S-1-5-21-274154173-2780070492-278442082-501 - Limited - Enabled)
    mrizo (S-1-5-21-274154173-2780070492-278442082-1001 - Administrator - Enabled) => C:\Users\mrizo
    WDAGUtilityAccount (S-1-5-21-274154173-2780070492-278442082-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
    Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.148 - Adobe Systems Incorporated)
    Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.2.5964 - AVAST Software)
    AxCrypt 2.1.1573.0 (HKLM\...\{902A739B-1DAE-6E68-81B1-674E343E1CF1}) (Version: 2.1.1573.0 - AxCrypt AB) Hidden
    AxCrypt 2.1.1573.0 (HKLM-x32\...\{4802bd28-932d-4070-99e2-068ea74d872d}) (Version: 2.1.1573.0 - AxCrypt AB)
    CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
    DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 416.34 - NVIDIA Corporation) Hidden
    League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
    Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
    NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 416.34 - NVIDIA Corporation)
    NVIDIA Graphics Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 416.34 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.37.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.5 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8395 - Realtek Semiconductor Corp.)
    RogueKiller version 13.0.15.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.0.15.0 - Adlice Software)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
    UpdateAssistant (HKLM-x32\...\{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}) (Version: 1.11.0.0 - Microsoft Corporation) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
    ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\AxCrypt\AxCrypt\ShellExt.dll [2018-11-07] (AxCrypt AB)
    ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
    ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-10-11] (NVIDIA Corporation)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
    ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\AxCrypt\AxCrypt\ShellExt.dll [2018-11-07] (AxCrypt AB)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {07165C06-7AB0-40BD-A766-3484B7E6AC2F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-19] (Adobe Systems Incorporated)
    Task: {1CBCAFD5-2209-4533-8D57-E1F094F14CDE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)
    Task: {3E005D0F-A2E4-4485-A667-1964EC09279E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe [2018-11-19] (Adobe Systems Incorporated)
    Task: {61FF6E75-411C-4BB7-BC7A-867DB3D7B5E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)
    Task: {77DC960C-4098-4842-8850-3A896A17C4B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
    Task: {94A6AC57-0371-45A8-A4BE-17ACAB769E85} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
    Task: {A12F5A1F-35CB-455E-9556-3A8AC00E42B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
    Task: {D7806F3B-6911-4C8A-8AAC-CC2F85CEC824} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
    Task: {DD1678C2-BD0E-43FB-B264-E8251BBBB3C6} - System32\Tasks\Avast Cleanup Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [2018-10-24] (AVAST Software)
    Task: {E3789F75-7E95-490C-9C1A-3A98E0451F44} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)
    Task: {FAE908CB-6713-4852-A8AB-5862634C24F5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-24] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-02-06 01:21 - 2018-10-11 01:10 - 000154152 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-12-03 16:28 - 2018-11-09 04:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-12-03 16:28 - 2018-11-09 04:17 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-12-06 20:15 - 2018-12-06 20:15 - 005055104 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\LeagueClient.exe
    2018-12-06 20:15 - 2018-12-06 20:15 - 001704408 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\LeagueClientUx.exe
    2018-12-06 20:15 - 2018-12-06 20:15 - 000895448 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\LeagueClientUxRender.exe
    2018-11-18 21:16 - 2016-09-12 14:53 - 048936448 _____ () C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll
    2018-12-06 20:15 - 2018-12-06 20:15 - 000128640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\yaml.dll
    2018-12-06 20:15 - 2018-12-06 20:15 - 000113792 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\zlib.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 002201216 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-patch\rcp-be-lol-patch.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 001346008 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000584152 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000960472 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000450176 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000530904 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-riot-messaging-service\rcp-be-riot-messaging-service.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000717952 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000500696 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000432768 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000584152 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000459736 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000564184 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000512472 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000432768 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-game-session\rcp-be-lol-game-session.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000779736 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000404440 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-pre-end-of-game\rcp-be-lol-pre-end-of-game.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000743552 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000375936 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000475264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000460760 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000423552 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000749696 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000622720 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-champions\rcp-be-lol-champions.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000421848 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000666584 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000611800 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-inventory\rcp-be-lol-inventory.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000903640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000538584 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000727000 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000543872 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000629376 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll
    2018-12-06 20:15 - 2018-12-06 20:15 - 000849536 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-ranked\rcp-be-lol-ranked.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000616064 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000440792 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-spectator\rcp-be-lol-spectator.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 001549440 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 001672664 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000562304 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-loadouts\rcp-be-lol-loadouts.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000420480 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000445400 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000895960 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000407168 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-kickout\rcp-be-lol-kickout.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000412120 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000403928 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000413656 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000446080 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000516056 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000569472 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000456152 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000451544 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000475776 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000536024 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000605656 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000686720 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000446936 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000493696 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000425600 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000409728 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000466392 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000456664 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-purchase-widget\rcp-be-lol-purchase-widget.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000515544 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-personalized-offers\rcp-be-lol-personalized-offers.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000591320 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-recommendations\rcp-be-lol-recommendations.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000394880 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-user-experience\rcp-be-lol-user-experience.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000464856 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-simple-dialog-messages\rcp-be-lol-simple-dialog-messages.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000539608 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-highlights\rcp-be-lol-highlights.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000595928 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-honor-v2\rcp-be-lol-honor-v2.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000433112 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000464512 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-entitlements\rcp-be-entitlements.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000610264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-missions\rcp-be-lol-missions.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000512472 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-item-sets\rcp-be-lol-item-sets.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000472536 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-email-verification\rcp-be-lol-email-verification.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000450688 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-geoinfo\rcp-be-lol-geoinfo.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000475264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-content-targeting\rcp-be-lol-content-targeting.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 001283200 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-clash\rcp-be-lol-clash.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000635352 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000733824 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-voice-chat\rcp-be-voice-chat.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000648152 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-gcloud-voice-chat\rcp-be-gcloud-voice-chat.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000609752 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-premade-voice\rcp-be-lol-premade-voice.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000500864 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-featured-modes\rcp-be-lol-featured-modes.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000458200 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-npe-rewards\rcp-be-lol-npe-rewards.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000578688 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-npe-tutorial-path\rcp-be-lol-npe-tutorial-path.dll
    2018-12-06 19:55 - 2018-10-10 12:42 - 000482264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-catalog\rcp-be-lol-catalog.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000565208 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-regalia\rcp-be-lol-regalia.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000428160 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-payments\rcp-be-payments.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000536192 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-banners\rcp-be-lol-banners.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000454104 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-trophies\rcp-be-lol-trophies.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000751576 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-perks\rcp-be-lol-perks.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000432088 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-discord-rp\rcp-be-lol-discord-rp.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000502232 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-account-verification\rcp-be-lol-account-verification.dll
    2018-12-06 19:55 - 2018-12-05 17:15 - 000554456 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-career-stats\rcp-be-lol-career-stats.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000435840 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-worlds-token-card\rcp-be-lol-worlds-token-card.dll
    2018-12-06 19:55 - 2018-12-05 17:26 - 000402048 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\Plugins\rcp-be-lol-mode-progression\rcp-be-lol-mode-progression.dll
    2018-12-06 20:15 - 2018-12-06 20:15 - 055045760 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\libcef.dll
    2018-12-06 20:15 - 2018-12-06 20:15 - 000832640 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\ffmpeg.dll
    2018-12-06 20:15 - 2018-12-06 20:15 - 001801344 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\libglesv2.dll
    2018-12-06 20:15 - 2018-12-06 20:15 - 000022144 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.177\deploy\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7865 more sites.

    IE trusted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\localhost -> localhost
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0411dd.com -> 0411dd.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0511zfhl.com -> 0511zfhl.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0632qyw.com -> 0632qyw.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\1-2005-search.com -> www.1-2005-search.com

    There are 12682 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-02-06 01:16 - 2018-12-06 18:24 - 000453966 _____ C:\WINDOWS\system32\Drivers\etc\hosts

    0.0.0.0 choice.microsoft.com
    0.0.0.0 choice.microsoft.com.nstac.net
    0.0.0.0 df.telemetry.microsoft.com
    0.0.0.0 oca.telemetry.microsoft.com
    0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
    0.0.0.0 redir.metaservices.microsoft.com
    0.0.0.0 reports.wes.df.telemetry.microsoft.com
    0.0.0.0 services.wes.df.telemetry.microsoft.com
    0.0.0.0 settings-sandbox.data.microsoft.com
    0.0.0.0 settings-win.data.microsoft.com
    0.0.0.0 sqm.df.telemetry.microsoft.com
    0.0.0.0 sqm.telemetry.microsoft.com
    0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
    0.0.0.0 telecommand.telemetry.microsoft.com
    0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
    0.0.0.0 telemetry.appex.bing.net
    0.0.0.0 telemetry.microsoft.com
    0.0.0.0 telemetry.urs.microsoft.com
    0.0.0.0 vortex-sandbox.data.microsoft.com
    0.0.0.0 vortex-win.data.microsoft.com
    0.0.0.0 vortex.data.microsoft.com
    0.0.0.0 watson.telemetry.microsoft.com
    0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
    0.0.0.0 watson.ppe.telemetry.microsoft.com
    0.0.0.0 wes.df.telemetry.microsoft.com
    0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
    0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
    0.0.0.0 watson.live.com
    0.0.0.0 watson.microsoft.com
    0.0.0.0 feedback.search.microsoft.com

    There are 15553 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-274154173-2780070492-278442082-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
    DNS Servers: 192.71.245.208 - 193.183.98.154
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    MSCONFIG\Services: XboxGipSvc => 3
    HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine.lnk"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run: => "SecurityHealth"
    HKLM\...\StartupApproved\Run: => "RtHDVCpl"
    HKLM\...\StartupApproved\Run: => "IgfxTray"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "WindowsDefender"
    HKLM\...\StartupApproved\Run32: => "SDTray"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "Epic Privacy Browser Installer"
    HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "Discord"
    HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "wtfast Tray"
    HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "Skype for Desktop"
    HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
    HKU\S-1-5-21-274154173-2780070492-278442082-1001\...\StartupApproved\Run: => "OneDriveSetup"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe
    FirewallRules: [{8DE5F8DB-C0A3-4DF8-B78B-3CDA4F6CBC7D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{6565C0E1-D568-4BE2-B461-654DE8DAA088}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{CB982792-9BFF-4ACC-9760-4332A1DD8C8E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{31636902-7609-4783-AAC4-9B29A05A48FC}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{9A722529-C883-47A8-B023-7A9A3A185639}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
    FirewallRules: [{82AD804B-85D6-40F5-8829-3AD28B5F6D22}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
    FirewallRules: [{A5565CEB-97E6-4E45-928B-5EE00563162C}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
    FirewallRules: [{95F5F9E6-4C58-4D4B-9B56-0017F12D1F8D}] => (Allow) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe
    FirewallRules: [TCP Query User{FB6C2678-DBD6-43F9-B74D-3C6FC0E8CD88}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe
    FirewallRules: [UDP Query User{B5C87A7A-2F30-4FCF-9D0D-59C231F17508}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe
    FirewallRules: [{E8F70BD1-6DE8-4788-B586-503B901E101F}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe
    FirewallRules: [{41D67CB6-2262-4D6F-A127-07113C2615B2}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe
    FirewallRules: [TCP Query User{1DC9277F-F193-4DD4-9AB6-B8113F34EC62}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe
    FirewallRules: [UDP Query User{1D1AF3E2-A7C4-4D36-AA1B-BDBA27DA0F0E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe
    FirewallRules: [{90AA63D9-9A3A-41CC-BF7B-E9884EACD7DF}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe
    FirewallRules: [{DAE588BA-B57E-499B-9088-E952650ADFA4}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.175\deploy\leagueclient.exe
    FirewallRules: [TCP Query User{41C02A6A-4865-4DB6-82BC-E8FFEDAEA36D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe
    FirewallRules: [UDP Query User{C77B83D8-B9A7-41C6-9CFB-51DB0B027C52}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe
    FirewallRules: [{C8E6602B-342F-4EFB-A7B0-E8DB7410418F}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe
    FirewallRules: [{659C96D3-B773-4471-ADCF-829AC91A7F4F}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.176\deploy\leagueclient.exe
    FirewallRules: [TCP Query User{7F9D4007-2B58-4547-AD5F-D95442F77927}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe
    FirewallRules: [UDP Query User{95CB8694-010C-45B8-8078-FFBD00B30EAA}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe
    FirewallRules: [{33E12845-272E-46BC-AC19-4E78C15B7E59}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe
    FirewallRules: [{BD14B7C2-50E8-43A5-81A2-DE46BC942A83}] => (Block) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe

    ==================== Restore Points =========================

    03-12-2018 16:28:02 Windows Update
    06-12-2018 02:52:33 Windows Modules Installer

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/06/2018 11:17:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 1.12.2018.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 13f8

    Start Time: 01d48da8f0094a3b

    Termination Time: 4294967295

    Application Path: C:\Users\mrizo\Desktop\FRST64.exe

    Report Id: 21ac59c1-0ec3-41f7-8242-9d0d880ec39c

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (12/06/2018 08:27:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: gmer.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
    Faulting module name: gmer.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
    Exception code: 0xc0000005
    Fault offset: 0x0008de57
    Faulting process ID: 0x1dc0
    Faulting application start time: 0x01d48d914b1f1fab
    Faulting application path: C:\Users\mrizo\Documents\gmer\gmer.exe
    Faulting module path: C:\Users\mrizo\Documents\gmer\gmer.exe
    Report ID: 5e7f8a25-abe0-4bf9-96ac-c1aa09b14a49
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/06/2018 07:12:33 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (12/06/2018 07:12:23 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {f1265da7-a1cf-47f1-96de-5cebb57fd012}

    Error: (12/06/2018 07:12:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 1.12.2018.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 1944

    Start Time: 01d48d8674b2dfad

    Termination Time: 4294967295

    Application Path: C:\Users\mrizo\Documents\FRST64.exe

    Report Id: 4d1c83ff-8dc0-4743-8b1b-aa13ab8aef81

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (12/06/2018 07:04:13 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Users\mrizo\Documents\Autoruns\Autoruns.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_42ebd1ee44e52429.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_fb3e9b173068fb23.manifest.

    Error: (12/06/2018 07:03:52 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Users\mrizo\Documents\Autoruns\autorunsc.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_42ebd1ee44e52429.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_fb3e9b173068fb23.manifest.

    Error: (12/06/2018 07:03:52 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Users\mrizo\Documents\Autoruns\Autoruns.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_42ebd1ee44e52429.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.441_none_fb3e9b173068fb23.manifest.


    System errors:
    =============
    Error: (12/06/2018 10:58:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

    Error: (12/06/2018 08:35:14 PM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffff8600aaf65010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80630ea8bc8). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: bbace290-db95-4a84-b493-9512736b0cde.

    Error: (12/06/2018 08:35:05 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 20:33:31 on ‎06/‎12/‎2018 was unexpected.

    Error: (12/06/2018 07:12:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (12/06/2018 07:12:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (12/06/2018 07:12:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Avast Cleanup Premium service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (12/06/2018 07:12:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (12/06/2018 07:12:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.


    Windows Defender:
    ===================================
    Date: 2018-11-15 05:17:05.436
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {2F5C04BE-6A31-40B9-831D-E0C8B40D8CC2}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-11-15 02:47:47.676
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {14CB794D-8A80-4DF7-AE62-9DE42E1A52E3}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-11-13 17:20:35.847
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {C3C0F4F9-B748-48FE-914E-46C1116C21E9}
    Scan Type: Antimalware
    Scan Parameters: Full Scan

    Date: 2018-11-02 00:59:00.761
    Description:
    C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Application\epic.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
    Detection time: 2018-11-01T22:59:00.760Z
    Path: %desktopdirectory%\
    Process Name: C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Application\epic.exe
    Signature Version: 1.279.891.0
    Engine Version: 1.1.15400.4
    Product Version: 4.18.1810.5

    Date: 2018-11-01 05:00:23.224
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {F96A344E-2351-46D5-8153-E1827A6F6807}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-12-06 18:42:09.644
    Description:
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Date: 2018-12-06 18:31:23.994
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.281.1479.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15400.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Date: 2018-12-06 18:21:22.498
    Description:
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x8007043c
    Error description: This service cannot be started in Safe Mode
    Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

    Date: 2018-12-06 09:28:58.162
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.281.354.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15400.5
    Error code: 0x80070422
    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Date: 2018-12-05 16:52:33.691
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.281.354.0
    Update Source: Microsoft Malware Protection Center
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15400.5
    Error code: 0x80072ee7
    Error description: The server name or address could not be resolved

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
    Percentage of memory in use: 44%
    Total physical RAM: 8109.18 MB
    Available physical RAM: 4524.97 MB
    Total Virtual: 9389.18 MB
    Available Virtual: 3881.75 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.43 GB) (Free:178.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    \\?\Volume{045d200f-0000-0000-0000-601b3a000000}\ () (Fixed) (Total:0.46 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 045D200F)
    Partition 1: (Active) - (Size=232.4 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=467 MB) - (Type=27)

    ==================== End of Addition.txt ============================


    and that's the log backup

    [12/6/2018 - 11:15:24 PM] System Variables
    [12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------
    [12/6/2018 - 11:15:24 PM] Use Fallback Backup Method: 1 (0 = No, 1 = Yes)
    [12/6/2018 - 11:15:24 PM] VSS exe To Use: vss_7_8_2008_2012_64.exe
    [12/6/2018 - 11:15:24 PM] Windows Drive: C:
    [12/6/2018 - 11:15:24 PM] Windows Folder: WINDOWS
    [12/6/2018 - 11:15:24 PM] Windows Path: C:\WINDOWS
    [12/6/2018 - 11:15:24 PM] Registry File Location: C:\WINDOWS\System32\Config
    [12/6/2018 - 11:15:24 PM] Current Profile: C:\Users\mrizo
    [12/6/2018 - 11:15:24 PM] Current Profile SID: S-1-5-21-274154173-2780070492-278442082-1001
    [12/6/2018 - 11:15:24 PM] Current Profile Classes: S-1-5-21-274154173-2780070492-278442082-1001_Classes
    [12/6/2018 - 11:15:24 PM] Profiles Location: C:\Users
    [12/6/2018 - 11:15:24 PM] Profiles Location 2: C:\WINDOWS\ServiceProfiles
    [12/6/2018 - 11:15:24 PM] Local Settings AppData: AppData\Local
    [12/6/2018 - 11:15:24 PM] Computer Name: DESKTOP-F843553
    [12/6/2018 - 11:15:24 PM] OS: Windows 10 Home (64-bit)
    [12/6/2018 - 11:15:24 PM] OS Architecture: 64-bit
    [12/6/2018 - 11:15:24 PM] OS Version: 10.0.17134
    [12/6/2018 - 11:15:24 PM] OS Service Pack:
    [12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------

    [12/6/2018 - 11:15:24 PM] Backup Location: C:\RegBackup\

    [12/6/2018 - 11:15:24 PM] Auto Delete Old Backups Enabled, Working...
    [12/6/2018 - 11:15:24 PM] Delete backups 7 Days or older. Keep at least 5 Backups.
    [12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------
    [12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------

    [12/6/2018 - 11:15:24 PM] Starting Backup...

    [12/6/2018 - 11:15:24 PM] Files To Backup:
    [12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------
    [12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\components
    [12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\drivers
    [12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\default
    [12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\sam
    [12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\security
    [12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\software
    [12/6/2018 - 11:15:24 PM] C:\WINDOWS\System32\Config\system
    [12/6/2018 - 11:15:24 PM] C:\Users\mrizo\ntuser.dat
    [12/6/2018 - 11:15:24 PM] C:\Users\mrizo\AppData\Local\Microsoft\Windows\UsrClass.dat
    [12/6/2018 - 11:15:24 PM] C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat
    [12/6/2018 - 11:15:24 PM] C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat
    [12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------

    [12/6/2018 - 11:15:24 PM] Backing Up Registry Files Security Descriptors (SDDL):
    [12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------
    [12/6/2018 - 11:15:24 PM] "\\?\C:\Users\mrizo\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-274154173-2780070492-278442082-1001)"
    "\\?\C:\Users\mrizo\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-274154173-2780070492-278442082-1001)"
    "\\?\C:\Users\mrizo\ntuser.dat",1,"O:S-1-5-21-274154173-2780070492-278442082-1001G:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-274154173-2780070492-278442082-1001)"
    "\\?\C:\Users\mrizo\ntuser.dat.old",1,"O:S-1-5-21-274154173-2780070492-278442082-1001G:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-274154173-2780070492-278442082-1001)"
    "\\?\C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
    "\\?\C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
    "\\?\C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
    "\\?\C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
    "\\?\C:\WINDOWS\System32\Config\components",1,"O:BAG:BAD:AR(A;;FA;;;BA)(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1200a9;;;BU)"
    "\\?\C:\WINDOWS\System32\Config\components.old",1,"O:BAG:BAD:AR(A;;FA;;;BA)(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1200a9;;;BU)"
    "\\?\C:\WINDOWS\System32\Config\default",1,"O:BAG:BAD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
    "\\?\C:\WINDOWS\System32\Config\default.old",1,"O:BAG:BAD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
    "\\?\C:\WINDOWS\System32\Config\drivers",1,"O:BAG:BAD:AR(A;;FA;;;BA)(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1200a9;;;BU)"
    "\\?\C:\WINDOWS\System32\Config\drivers.old",1,"O:BAG:BAD:AR(A;;FA;;;BA)(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1200a9;;;BU)"
    "\\?\C:\WINDOWS\System32\Config\sam",1,"O:BAG:BAD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
    "\\?\C:\WINDOWS\System32\Config\sam.old",1,"O:BAG:BAD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
    "\\?\C:\WINDOWS\System32\Config\security",1,"O:BAG:BAD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
    "\\?\C:\WINDOWS\System32\Config\security.old",1,"O:BAG:BAD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
    "\\?\C:\WINDOWS\System32\Config\software",1,"O:BAG:BAD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
    "\\?\C:\WINDOWS\System32\Config\software.old",1,"O:BAG:BAD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
    "\\?\C:\WINDOWS\System32\Config\system",1,"O:BAG:BAD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
    "\\?\C:\WINDOWS\System32\Config\system.old",1,"O:BAG:BAD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"

    [12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------

    [12/6/2018 - 11:15:24 PM] Backing Up Files:
    [12/6/2018 - 11:15:24 PM] --------------------------------------------------------------------------------
    [12/6/2018 - 11:15:24 PM] Using Fallback Backup Method.

    [12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\components
    [12/6/2018 - 11:15:24 PM] Result: Successful (41.81 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\components

    [12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\drivers
    [12/6/2018 - 11:15:24 PM] Result: Successful (6.18 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\drivers

    [12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\default
    [12/6/2018 - 11:15:24 PM] Result: Successful (4.92 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\default

    [12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\sam
    [12/6/2018 - 11:15:24 PM] Result: Successful (36.00 KB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\sam

    [12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\security
    [12/6/2018 - 11:15:24 PM] Result: Successful (32.00 KB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\security

    [12/6/2018 - 11:15:24 PM] Backing Up File: C:\WINDOWS\System32\Config\software
    [12/6/2018 - 11:15:25 PM] Result: Successful (85.40 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\software

    [12/6/2018 - 11:15:25 PM] Backing Up File: C:\WINDOWS\System32\Config\system
    [12/6/2018 - 11:15:25 PM] Result: Successful (17.75 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\System32\Config\system

    [12/6/2018 - 11:15:25 PM] Backing Up File: C:\Users\mrizo\ntuser.dat
    [12/6/2018 - 11:15:26 PM] Result: Successful (7.73 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\Users\mrizo\ntuser.dat

    [12/6/2018 - 11:15:26 PM] Backing Up File: C:\Users\mrizo\AppData\Local\Microsoft\Windows\UsrClass.dat
    [12/6/2018 - 11:15:26 PM] Result: Successful (4.47 MB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\Users\mrizo\AppData\Local\Microsoft\Windows\UsrClass.dat

    [12/6/2018 - 11:15:26 PM] Backing Up File: C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat
    [12/6/2018 - 11:15:26 PM] Result: Successful (196.00 KB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\ServiceProfiles\LocalService\ntuser.dat

    [12/6/2018 - 11:15:26 PM] Backing Up File: C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat
    [12/6/2018 - 11:15:26 PM] Result: Successful (168.00 KB) - C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\C\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat

    [12/6/2018 - 11:15:26 PM] Total Size: 168.69 MB

    [12/6/2018 - 11:15:26 PM] --------------------------------------------------------------------------------

    [12/6/2018 - 11:15:26 PM] Creating DOS restore bat file for use in the Windows Recovery Console:
    [12/6/2018 - 11:15:26 PM] --------------------------------------------------------------------------------
    [12/6/2018 - 11:15:26 PM] Created: C:\WINDOWS\tweaking.com-regbackup-DESKTOP-F843553-Windows-10-Home-(64-bit).dat for use in the dos_restore.cmd file
    [12/6/2018 - 11:15:26 PM] Done: C:\RegBackup\DESKTOP-F843553\12.6.2018_11.15.24-PM\dos_restore.cmd
    [12/6/2018 - 11:15:26 PM] --------------------------------------------------------------------------------

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy: Restriction ? <==== ATTENTION
    FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
    FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
    ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
    ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
    C:\Windows\Temp\*.*
    Emptytemp:
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Some of the tools I request below may have already been used, please delete those and download updated versions.

    ~~

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



    ~~~~
    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply


    created by Aura


    Your next reply(ies) should therefore contain:
    • Copy/pasted Fixlog.txt
    • Copy/pasted AdwCleaner clean log
    • Copy/pasted RogueKiller clean log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  3. #3
    Junior Member
    Join Date
    Dec 2018
    Posts
    9

    Default

    Hi, thank you so much for taking the time to reply,i really appreciate it alot!
    Adwcleaner found 0 threats so there are no logs from that.
    Also roguekiller found 0 threats but i copy the logs too
    the logs from Roguekiller and Farbar are the following :

    Fix result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
    Ran by mrizo (07-12-2018 00:35:40) Run:2
    Running from C:\Users\mrizo\Desktop
    Loaded Profiles: mrizo (Available Profiles: mrizo)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy: Restriction ? <==== ATTENTION
    FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
    FF Plugin HKU\S-1-5-21-274154173-2780070492-278442082-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [No File]
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
    ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
    ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
    ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
    C:\Windows\Temp\*.*
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
    HKU\S-1-5-21-274154173-2780070492-278442082-1001\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 => removed successfully
    "C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll" => not found
    HKU\S-1-5-21-274154173-2780070492-278442082-1001\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 => removed successfully
    "C:\Users\mrizo\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll" => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
    HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
    HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
    HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
    HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
    HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
    HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
    HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
    HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
    HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
    HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
    HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
    HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
    C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    not found

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 9461760 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12694365 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 0 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 785245228 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 878 B
    LocalService => 0 B
    NetworkService => 2578 B
    NetworkService => 0 B
    mrizo => 495112 B

    RecycleBin => 4346666 B
    EmptyTemp: => 774.6 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 00:36:35 ====


    RogueKiller Anti-Malware V13.0.15.0 (x64) [Dec 3 2018] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.17134) 64 bits
    Started in : Normal mode
    User : mrizo [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Standard Scan, Scan -- Date : 2018/12/07 00:47:54 (Duration : 00:06:28)

    いいいいいいいいいいいい Processes いいいいいいいいいいいい

    いいいいいいいいいいいい Process Modules いいいいいいいいいいいい

    いいいいいいいいいいいい Services いいいいいいいいいいいい

    いいいいいいいいいいいい Tasks いいいいいいいいいいいい

    いいいいいいいいいいいい Registry いいいいいいいいいいいい

    いいいいいいいいいいいい WMI いいいいいいいいいいいい

    いいいいいいいいいいいい Hosts File いいいいいいいいいいいい
    Hosts file is too big

    いいいいいいいいいいいい Files いいいいいいいいいいいい

    いいいいいいいいいいいい Web browsers いいいいいいいいいいいい

  4. #4
    Junior Member
    Join Date
    Dec 2018
    Posts
    9

    Default -

    By the way i checked the "temp" folder and i still see this file but now its 2 times
    Attached Images Attached Images

  5. #5
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    A DAT file is a generic data file created by a specific application. DAT files are typically accessed only by the application that created them.

    What tools on your computer have run update checks since we ran FRST?
    Not saying thats whats happened but, it is possible.

    Whats the computer doing?

    ~~~~~

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  6. #6
    Junior Member
    Join Date
    Dec 2018
    Posts
    9

    Default -

    update checks by themselves were made by the MPCmdRun.log many times ( i mean without me actually checking for updates)
    (log file)
    3

    -------------------------------------------------------------------------------------
    MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe" -DisableService
    Start Time: ‎Fri ‎Dec ‎07 ‎2018 00:36:42

    MpEnsureProcessMitigationPolicy: hr = 0x1
    EnableService(0, 3)


    -------------------------------------------------------------------------------------
    MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe" SignatureUpdate -ScheduleJob -RestrictPrivileges
    Start Time: ‎Fri ‎Dec ‎07 ‎2018 00:47:18

    MpEnsureProcessMitigationPolicy: hr = 0x1
    Run as Network Service
    MpCmdRun: End Time: ‎Fri ‎Dec ‎07 ‎2018 00:47:18
    -------------------------------------------------------------------------------------


    -------------------------------------------------------------------------------------
    MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate
    Start Time: ‎Fri ‎Dec ‎07 ‎2018 03:53:15

    MpEnsureProcessMitigationPolicy: hr = 0x1
    Start: Signatures Update Service
    Update Started
    Search Started (MU/WU update) (Path: Default URL)...
    Update failed with hr: 0x80070422
    Update completed with hr: 0x80070422
    End: Signatures Update Service
    MpCmdRun: End Time: ‎Fri ‎Dec ‎07 ‎2018 03:53:15
    -------------------------------------------------------------------------------------


    -------------------------------------------------------------------------------------
    MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate
    Start Time: ‎Fri ‎Dec ‎07 ‎2018 03:54:22

    MpEnsureProcessMitigationPolicy: hr = 0x1
    Start: Signatures Update Service
    Update Started
    Search Started (MU/WU update) (Path: Default URL)...
    Update failed with hr: 0x80070422
    Update completed with hr: 0x80070422
    End: Signatures Update Service
    MpCmdRun: End Time: ‎Fri ‎Dec ‎07 ‎2018 03:54:22
    -------------------------------------------------------------------------------------


    -------------------------------------------------------------------------------------
    MpCmdRun: Command Line: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe" -DisableService
    Start Time: ‎Fri ‎Dec ‎07 ‎2018 03:55:49

    MpEnsureProcessMitigationPolicy: hr = 0x1
    EnableService(0, 3)
    Time Info - ‎Fri ‎Dec ‎07 ‎2018 03:56:01 EnableService(0, 3) - finished.
    MpCmdRun: End Time: ‎Fri ‎Dec ‎07 ‎2018 03:56:01
    -------------------------------------------------------------------------------------
    i updated manually sbot run some checks yesterday but still these files are in temp.
    computer is doing pretty good actually, i made some netstat (-b) (-ano) checks too didn't see anything unusual.
    only thing that got my attention was a kind of freeze that lasted about 5sec but everything was normal after that.
    i will run the tool and paste the logs.

  7. #7
    Junior Member
    Join Date
    Dec 2018
    Posts
    9

    Default -

    Emsisoft Emergency Kit - Version 2018.6
    Last update: 12/7/2018 1:50:56 PM
    User account: DESKTOP-F843553\mrizo
    Computer name: DESKTOP-F843553
    OS version: Windows 10x64

    Scan settings:

    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files

    Detect PUPs: On
    Scan archives: Off
    Scan mail archives: Off
    ADS Scan: On
    File extension filter: Off
    Direct disk access: Off

    Scan start: 12/7/2018 1:54:30 PM

    Scanned 74412
    Found 0

    Scan end: 12/7/2018 1:55:25 PM
    Scan time: 0:00:55

  8. #8
    Junior Member
    Join Date
    Dec 2018
    Posts
    9

    Default ---

    apologies i did it wrong,here is the right one.

    Emsisoft Emergency Kit 2018.6.0.8742 stable [en-us]
    OS: Windows 10 (Version 10.0, Build 17134, 64-bit Edition)

    Forensics log

    Date Component Action Details
    12/7/2018 2:00:30 PM Scanner Scan finished Scanned 74406 objects and found nothing.
    12/7/2018 1:59:32 PM User DESKTOP-F843553\mrizo Scan started Malware Scan
    12/7/2018 1:55:25 PM Scanner Scan finished Scanned 74412 objects and found nothing.
    12/7/2018 1:54:30 PM User DESKTOP-F843553\mrizo Scan started Malware Scan
    12/7/2018 1:50:56 PM User Update Downloaded and installed 1 file (2 kb) (20 sec.).
    12/7/2018 1:47:07 PM Scanner Scan finished Scanned 74958 objects and found nothing.
    12/7/2018 1:46:07 PM User DESKTOP-F843553\mrizo Scan started Malware Scan
    12/7/2018 1:41:51 PM User Update Downloaded and installed 73 files (11051 kb) (1 min. 53 sec.).
    12/6/2018 8:23:41 PM Scanner Scan finished Scanned 221485 objects and found nothing.
    12/6/2018 8:19:21 PM User DESKTOP-F843553\mrizo Scan started Custom Scan
    12/6/2018 6:10:19 PM Scanner Scan finished Scanned 76956 objects and found nothing.
    12/6/2018 6:08:22 PM User DESKTOP-F843553\mrizo Scan started Malware Scan
    12/6/2018 6:08:13 PM User DESKTOP-F843553\mrizo Setting modified "Detect PUPs" has been changed to "Enabled".
    12/6/2018 6:05:23 PM User Update Downloaded and installed 71 files (9792 kb) (52 sec.).
    12/6/2018 6:04:32 PM Core Notification "Recommended Reading:Beware: New wave of malware spreads via ISO file email attachments".
    12/6/2018 6:04:27 PM User Update Failed with error "Server returned error" (0 sec.).

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,674

    Default

    I dont think this is malware, and you can delete temp folders at any time.
    we can try to set the machine to delete temp files and see if that can find whats updating and creating the file

    Open Settings app. Navigate to System > Storage.
    In the Storage sense section, turn on the Storage sense feature by moving the slider to on position.
    Click Change how we free up space link. ...
    Turn on Delete temporary files that my apps aren't using option.

    If you can catch a legit too/application running in the background, check the temp folder and see if one is created.

    I think we can go on and delete tools and quarantine folders now.


    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    *******************
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
    Want to help others? Join the ClassRoom and learn how.

  10. #10
    Junior Member
    Join Date
    Dec 2018
    Posts
    9

    Default -

    ok! i did that,thank you so much for taking the time out of your day to assist me with my problem and provide all that info and solutions!
    is there somewhere i can donate as a "thank you " to you guys and your forum?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •