Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92290 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Am I Infected?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Rich0428

Rich0428

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 24 May 2019 - 10:35 AM

Computer is unpredictable and unstable.  Everything is very sluggish.  Shuts down often.

 

aswMBR.exe gets a blue screen while running.

 

Here is the log from FRST64

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
Ran by Craig (administrator) on CRAIG-HP (Hewlett-Packard HP ProDesk 400 G1 DM) (22-05-2019 17:26:23)
Running from C:\Users\Craig\Downloads
Loaded Profiles: Craig (Available Profiles: Craig & DefaultAppPool)
Platform: Windows 10 Pro Version 1809 17763.503 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19041.481.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(Bleeping Computer, LLC. -> Bleeping Computer, LLC) C:\Users\Craig\Downloads\rkill.exe
(Bleeping Computer, LLC. -> Bleeping Computer, LLC) C:\Users\Craig\Downloads\rkill64.exe
(DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\72.4.136\QtWebEngineProcess.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Touchpoint Manager\Discover HP Touchpoint Manager\LHBeacon.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP DesignJet Utility\DesignJet Utility\HPDesignJetUtility.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Services Manager -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit, Inc. -> Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.1019\SSScheduler.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Craig\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2312408 2014-06-26] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Discover HP Touchpoint Manager] => C:\Program Files (x86)\Hewlett-Packard\HP Touchpoint Manager\Discover HP Touchpoint Manager\LHBeacon.exe [421000 2014-09-15] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5537600 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RunPUMonitor] => C:\Program Files (x86)\HP\HP DesignJet Utility\DesignJet Utility\HPDesignJetUtility.exe [508928 2017-10-23] (HP Inc. -> HP Development Company, L.P.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2017-12-12] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKU\S-1-5-21-3336484662-4119272176-3804122616-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb] -> Internet Explorer (Enable DEP)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb [2011-12-19]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.157\Installer\chrmstp.exe [2019-05-14] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
HKLM\Software\...\Winlogon\GPExtensions: [{8D90E7E9-6F48-4e24-85E0-596C8E6C4639}] -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCmsGPOClient.dll [2015-02-26] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2018-05-04]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2019-05-19]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.1019\SSScheduler.exe (McAfee, Inc. -> McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2018-05-04]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2018-05-04]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {099D137B-9D65-4032-95E9-E88BDD0F695E} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-07-18] (Intel® Services Manager -> Intel Corporation)
Task: {100D17EA-4BD7-450E-B3F4-1E15F9325C7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-02] (Google Inc -> Google Inc.)
Task: {103ECC2C-B769-4C11-8333-E2961367A093} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1331F41C-EA7C-4C80-AD8D-FF3EAB8A45CE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {180F4E82-688E-499E-97F4-603642BEC859} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {1834AA6B-D98A-428C-A057-D12408817E27} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [257824 2013-07-18] (Intel® Services Manager -> Intel Corporation)
Task: {197BC284-F6F1-423A-99E3-8D6464931F73} - System32\Tasks\EPSON WF-7610 Series Invitation {06D0CD80-94AD-4DC8-BCA2-131898986018} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {1DA53F2B-94BD-44D9-AF73-C0CD310366FD} - System32\Tasks\EPSON WF-7610 Series Update {9058A499-1424-406C-A91A-7C3ABC97E11E} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {219F3096-A34E-4AC3-A673-08DDED7BB2E2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {27B57458-D4FE-46A4-931F-5E11173ECB41} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2EFD9C83-23A9-4769-BC8E-4EF38D989146} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {31BF19F1-E455-42AA-AB1E-85B55EC8EA65} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
Task: {35DB45E1-E9D9-470B-B9AC-99511D048522} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {38A438D5-7478-4B46-B244-0860165C4EF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-02] (Google Inc -> Google Inc.)
Task: {39C72344-527F-4774-AE2E-335DBF321A52} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {415C38D6-2847-49D4-9ED8-0008E3000CAE} - System32\Tasks\EPSON WF-7620 Series Invitation {B8C97CE9-DCA0-4491-B422-B2EF61B65BA8} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {482A6301-84C7-4233-BA0D-A5E8DDA67CF4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4FC092FD-40E5-407F-B8E5-EECF5F9A607B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5C67AB8A-2064-4873-A8AA-0694C4CDFB67} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5FE87118-83CF-471A-ABC7-CA6568D4308A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {63A50B4C-AD0E-493F-9ED2-9EB72C0F63C5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6AD4744C-7DA7-4C3B-A5CF-7281C82D74EC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {6D25906E-A62C-40DF-AB71-C52B82B99C8F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {74E8AECB-D3CB-492F-9662-16CD88EC1160} - System32\Tasks\EPSON WF-7610 Series Update {B386F2C0-4C2F-4FE5-831A-6B2C26127892} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {76B9C54B-8569-40E3-8171-4CD821BEBB9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {77121C82-C997-4F73-B7B5-53A46E701186} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {783F39BF-86D9-4AC2-90C5-1B2494AE3742} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7B3B4066-0950-4C4F-922B-377D37417CBB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [545080 2014-08-22] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {8DA6E151-2B4F-498C-9630-D0EBF793846B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9745AB66-C4B2-4EA9-9965-EB212A3696F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [545080 2014-08-22] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {9BF7AEE2-FF33-4370-ADD6-C41281D5C494} - System32\Tasks\EPSON WF-7610 Series Invitation {B386F2C0-4C2F-4FE5-831A-6B2C26127892} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {A3CCA2B1-44E2-45E4-9164-8DF2786CD052} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AF8E1D62-8094-4899-9560-3920F11024B5} - System32\Tasks\EPSON WF-7610 Series Invitation {9058A499-1424-406C-A91A-7C3ABC97E11E} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {B1B3E064-FAED-448B-9ACC-B134C4B58789} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B3E16941-25B7-4113-9215-5B234173CACD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B662BC9E-0144-4A5A-8CD3-945E3391C130} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B917C3EC-F77D-41F8-9556-21B40F974F92} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BA68362E-3539-4CF4-9E89-DFB8262B112C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C0E7776B-EB31-4617-9FBA-016A85A63166} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {C3AFC384-687F-4402-881B-5D2CB1669302} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
Task: {C6DCA586-E19B-4F92-B541-3A11237BCF20} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CB0FDA7A-57F9-4199-B175-570D7FD48013} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CE899445-5BEB-47FF-BBA5-C686F53AF19F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D969C07E-09D4-4325-9E3D-098148249376} - System32\Tasks\EPSON WF-7620 Series Update {B8C97CE9-DCA0-4491-B422-B2EF61B65BA8} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {DC648C5C-6761-42BF-BC40-A4AA4D42D41B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E25C48CB-95F4-4652-A0AD-F94D5D4FCF0F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {E2ACC2A3-DFD1-4656-989C-DB6F5ED67109} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E3457CA1-214A-42FD-99B4-2424798D4A0E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E4DC02DC-8678-469F-A206-D40C42FFB805} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E66C792C-D368-49E1-BBDB-E6DD0E4EE675} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
Task: {E8E8FD32-213B-4F32-A3B6-A441C92AF058} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E93ECF5A-2E3A-44D9-9A03-E8C8F52D5AD5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EA956834-7F5C-46A5-A959-4E063FB069FC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {ED6BD6D0-005D-4F0D-9831-C05DD33D6602} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584 2014-05-12] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {EDDA35DC-B7DA-4323-B86E-202A735E40F7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F4C2D23C-1DCF-4484-B594-871314808A13} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F877B755-4460-446D-B910-B53E9103363E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F9F968BB-F643-4540-AE10-28FBBEF38CA7} - System32\Tasks\EPSON WF-7610 Series Update {06D0CD80-94AD-4DC8-BCA2-131898986018} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {FEAF0A4F-4363-405A-A5C5-D6BAFCC38385} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FFB18CC3-3E76-4733-A13E-DB295597589E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {06D0CD80-94AD-4DC8-BCA2-131898986018}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {9058A499-1424-406C-A91A-7C3ABC97E11E}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {B386F2C0-4C2F-4FE5-831A-6B2C26127892}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {06D0CD80-94AD-4DC8-BCA2-131898986018}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE:/EXE:{06D0CD80-94AD-4DC8-BCA2-131898986018} /F:UpdateWORKGROUP\CRAIG-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {9058A499-1424-406C-A91A-7C3ABC97E11E}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE:/EXE:{9058A499-1424-406C-A91A-7C3ABC97E11E} /F:UpdateWORKGROUP\CRAIG-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-7610 Series Update {B386F2C0-4C2F-4FE5-831A-6B2C26127892}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKBE.EXE:/EXE:{B386F2C0-4C2F-4FE5-831A-6B2C26127892} /F:UpdateWORKGROUP\CRAIG-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-7620 Series Invitation {3D2080EC-927D-4738-94DF-918A0CA9E0A2}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7620 Series Invitation {B8C97CE9-DCA0-4491-B422-B2EF61B65BA8}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-7620 Series Update {3D2080EC-927D-4738-94DF-918A0CA9E0A2}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE:/EXE:{3D2080EC-927D-4738-94DF-918A0CA9E0A2} /F:UpdateWORKGROUP\CRAIG-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-7620 Series Update {B8C97CE9-DCA0-4491-B422-B2EF61B65BA8}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE:/EXE:{B8C97CE9-DCA0-4491-B422-B2EF61B65BA8} /F:UpdateWORKGROUP\CRAIG-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1cd42aaf-503c-4fb1-80f3-f917c9b9d46b}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8cf43380-a7b7-41c4-bf02-1d6360fd357b}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
HKU\S-1-5-21-3336484662-4119272176-3804122616-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com/
HKU\S-1-5-21-3336484662-4119272176-3804122616-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard Company -> Hewlett-Packard)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2014-06-26] (Hewlett-Packard Company -> Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard Company -> Hewlett-Packard)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKU\S-1-5-21-3336484662-4119272176-3804122616-1001 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2019-02-21] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2018-09-15] (Microsoft Windows -> Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2016-01-06] [Legacy] [not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] (Foxit Corporation -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] (Foxit Corporation -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-13] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-13] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2015-02-26] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default [2019-05-22]
CHR Extension: (Adobe Acrobat) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-05-15]
CHR Extension: (HP Client Security Manager) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2017-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Craig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-03]
CHR HKU\S-1-5-21-3336484662-4119272176-3804122616-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2015-02-26]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7126928 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2014-08-15] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-26] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-26] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2015-02-26] (DigitalPersona, Inc. -> DigitalPersona, Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [563000 2014-07-16] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2014-07-16] (Hewlett-Packard Company -> Hewlett-Packard Development Company)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373704 2017-12-22] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-08-13] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.1019\McCHSvc.exe [406424 2019-04-24] (McAfee, Inc. -> McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-02-07] (Intel® Wireless Connectivity Solutions -> )
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2017-12-12] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2017-12-12] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2019-02-12] (Microsoft Windows -> Microsoft Corporation)
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3851432 2018-02-07] (Intel® Wireless Connectivity Solutions -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-05-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279120 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167872 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225096 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385640 2019-05-22] (AVAST Software s.r.o. -> AVAST Software)
S3 DAMDrv; C:\WINDOWS\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 dbx; C:\WINDOWS\System32\DRIVERS\dbx.sys [47600 2019-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [125952 2014-08-13] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3530176 2018-03-06] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 Ser2pl; C:\WINDOWS\system32\drivers\ser2pl64.sys [170496 2014-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Intel Wireless Display -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-05-22 17:26 - 2013-04-25 20:20 - 000000076 _____ C:\Users\Craig\Desktop\JRT.exe
2019-05-22 17:23 - 2019-05-22 17:25 - 000001622 _____ C:\Users\Craig\Desktop\Rkill.txt
2019-05-22 17:22 - 2019-05-22 17:28 - 000041425 _____ C:\Users\Craig\Downloads\FRST.txt
2019-05-22 17:22 - 2019-05-22 17:22 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Craig\Downloads\rkill.exe
2019-05-22 17:21 - 2019-05-22 17:22 - 000000000 ____D C:\FRST
2019-05-22 17:21 - 2019-05-22 17:21 - 002435072 _____ (Farbar) C:\Users\Craig\Downloads\FRST64.exe
2019-05-22 17:19 - 2019-05-22 17:19 - 002950750 _____ (Thisisu) C:\Users\Craig\Downloads\JRT.exe
2019-05-22 17:18 - 2019-05-22 17:18 - 000050688 _____ (Atribune.org) C:\Users\Craig\Downloads\ATF_Cleaner.exe
2019-05-22 17:17 - 2019-05-22 17:17 - 000036864 _____ (Appleoddity) C:\Users\Craig\Downloads\JavaMSIFix.exe
2019-05-22 17:16 - 2019-05-22 17:16 - 005660510 _____ (Swearware) C:\Users\Craig\Downloads\ComboFix.exe
2019-05-22 17:03 - 2019-05-22 17:03 - 026807808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 023438848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 020814848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 019022336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 012844032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 012140032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 007879680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 006440960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 006309040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 006072320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 005436904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 004660736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 003905536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 003602944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 003551112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 003406848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 002205184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 001760768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 001467552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 001290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 001001472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2019-05-22 17:03 - 2019-05-22 17:03 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000649064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2019-05-22 17:03 - 2019-05-22 17:03 - 000553656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-22 17:03 - 2019-05-22 17:03 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000451080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-05-22 17:03 - 2019-05-22 17:03 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000317240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-22 17:03 - 2019-05-22 17:03 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-05-22 17:03 - 2019-05-22 17:03 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2019-05-22 17:03 - 2019-05-22 17:03 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-22 17:03 - 2019-05-22 17:03 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-22 17:03 - 2019-05-22 17:03 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000146744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqmigplugin.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000129848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000109568 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-22 17:03 - 2019-05-22 17:03 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-05-22 17:02 - 2019-05-22 17:03 - 001382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 007883776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 005498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 005296640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 003982848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 003557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 003384832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 003363856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 002995712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 002780000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 002708480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 002701512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 002073960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001860096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001699496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-22 17:02 - 2019-05-22 17:02 - 001674696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001671352 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001653760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001641616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 001395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001342608 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-22 17:02 - 2019-05-22 17:02 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001253904 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 001225728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 001219640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 001179680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 001048376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000895792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000807464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000806600 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-22 17:02 - 2019-05-22 17:02 - 000806600 _____ C:\WINDOWS\system32\locale.nls
2019-05-22 17:02 - 2019-05-22 17:02 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000780632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000725696 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000676256 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000660992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000638376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000586280 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000514632 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000508432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000454160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 000449376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000444944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000421392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000280592 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000254952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000202768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 000201016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000179728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000177976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000157200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000147736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000121656 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-05-22 17:02 - 2019-05-22 17:02 - 000090640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000086960 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000080184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-22 17:02 - 2019-05-22 17:02 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000066688 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000055792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-22 17:02 - 2019-05-22 17:02 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2019-05-22 17:02 - 2019-05-22 17:02 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-05-22 17:02 - 2019-05-22 17:02 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-05-22 17:02 - 2019-05-22 17:02 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-05-22 17:02 - 2019-05-22 17:02 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-05-22 17:02 - 2019-05-22 17:02 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-05-22 17:02 - 2019-05-22 17:02 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-05-22 17:02 - 2019-05-22 17:02 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-05-22 17:02 - 2019-05-22 17:02 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-05-22 16:50 - 2019-05-22 16:50 - 000000000 ____D C:\AdwCleaner
2019-05-22 16:48 - 2019-05-22 16:48 - 007025360 _____ (Malwarebytes) C:\Users\Craig\Downloads\adwcleaner_7.3.exe
2019-05-22 16:34 - 2019-05-22 16:34 - 857141513 _____ C:\WINDOWS\MEMORY.DMP
2019-05-22 16:34 - 2019-05-22 16:34 - 000000000 ____D C:\WINDOWS\Minidump
2019-05-22 16:34 - 2019-05-22 16:34 - 000000000 _____ C:\WINDOWS\Minidump\052219-37656-01.dmp
2019-05-22 16:18 - 2019-05-22 16:18 - 005198336 _____ (AVAST Software) C:\Users\Craig\Desktop\aswMBR.exe
2019-05-22 16:08 - 2019-05-22 16:08 - 000000000 _____ C:\WINDOWS\system32\last.dump
2019-05-22 16:02 - 2019-05-22 16:02 - 000002096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2019-05-22 16:02 - 2019-05-22 16:02 - 000002084 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-05-22 16:02 - 2019-05-22 16:02 - 000000000 ____D C:\Users\Craig\AppData\Roaming\AVAST Software
2019-05-22 16:02 - 2019-05-22 16:02 - 000000000 ____D C:\Users\Craig\AppData\Local\AVAST Software
2019-05-22 15:59 - 2019-05-22 15:59 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-05-22 15:59 - 2019-05-22 15:59 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-05-22 15:57 - 2019-05-22 15:57 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-05-22 15:57 - 2019-05-22 15:55 - 000477584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-05-22 15:57 - 2019-05-22 15:55 - 000385640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-05-22 15:57 - 2019-05-22 15:55 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-05-22 15:57 - 2019-05-22 15:55 - 000279120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-05-22 15:57 - 2019-05-22 15:55 - 000225096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-05-22 15:57 - 2019-05-22 15:55 - 000167872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-05-22 15:57 - 2019-05-22 15:55 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-05-22 15:57 - 2019-05-22 15:55 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-05-22 15:57 - 2019-05-22 15:55 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-05-22 15:57 - 2019-05-22 15:55 - 000015488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2019-05-22 15:57 - 2019-05-22 15:54 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-05-22 15:57 - 2019-05-22 15:54 - 000262496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-05-22 15:57 - 2019-05-22 15:54 - 000207448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-05-22 15:57 - 2019-05-22 15:54 - 000205848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-05-22 15:57 - 2019-05-22 15:54 - 000061472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-05-22 15:57 - 2019-05-22 15:54 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-05-22 15:53 - 2019-05-22 15:53 - 000000000 ____D C:\Program Files\AVAST Software
2019-05-22 15:52 - 2019-05-22 15:57 - 000000000 ____D C:\ProgramData\AVAST Software
2019-05-22 15:52 - 2019-05-22 15:52 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-22 15:52 - 2019-05-22 15:52 - 000002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-05-22 15:52 - 2019-05-22 15:52 - 000000871 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-05-22 15:52 - 2019-05-22 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-05-22 15:52 - 2019-05-22 15:52 - 000000000 ____D C:\Program Files\CCleaner
2019-05-22 15:35 - 2019-05-14 18:03 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-22 15:35 - 2019-05-14 18:03 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-22 15:21 - 2019-05-22 15:21 - 000000000 ____D C:\Users\Craig\AppData\Local\D3DSCache
2019-05-19 13:46 - 2019-05-19 13:47 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2019-05-19 13:46 - 2019-05-19 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2019-05-08 16:58 - 2019-05-08 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-05-07 15:51 - 2019-05-07 15:51 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx.sys
2019-05-01 12:42 - 2019-05-01 12:42 - 014163458 _____ C:\Users\Craig\Downloads\AUNTIE ANNE'S CUT SHEETS VV.pdf
2019-04-29 18:08 - 2019-04-29 18:08 - 008898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 007919104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 004527624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 003690496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2019-04-29 18:08 - 2019-04-29 18:08 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 003421696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2019-04-29 18:08 - 2019-04-29 18:08 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 002127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 001521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 001459080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 001370624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 001297120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 001294520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 001259320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-04-29 18:08 - 2019-04-29 18:08 - 001072424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 001019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000964096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000828728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-04-29 18:08 - 2019-04-29 18:08 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000762880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessManager.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2019-04-29 18:08 - 2019-04-29 18:08 - 000454144 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2019-04-29 18:08 - 2019-04-29 18:08 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2019-04-29 18:08 - 2019-04-29 18:08 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-04-29 18:08 - 2019-04-29 18:08 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssecuser.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2019-04-29 18:08 - 2019-04-29 18:08 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2019-04-29 18:08 - 2019-04-29 18:08 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-04-29 18:08 - 2019-04-29 18:08 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscapi.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfts.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfts.dll
2019-04-29 18:08 - 2019-04-29 18:08 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscdll.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 017513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 015223296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 006925824 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 005765120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AI.MachineLearning.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 004704272 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 004304896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 003496448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AI.MachineLearning.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 003334496 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 002925880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 002842624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 002689024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 002627384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 002592816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 002438368 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 002346496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 002042368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 002022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001969464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 001918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001856000 ____R (The ICU Project) C:\WINDOWS\system32\icuin.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001844448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001671680 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001647632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001615872 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuin.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001590064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001567232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001496576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001478968 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001458056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001360184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 001311232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001259320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001249280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001221944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001213752 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001191728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001155072 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-04-29 18:07 - 2019-04-29 18:07 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 001053192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 001035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001022616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000998712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000984888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000982880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000981816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000974352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000909840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000882176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-04-29 18:07 - 2019-04-29 18:07 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000871792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000865784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000855040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000821048 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000809784 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000799568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000793832 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000761280 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000730936 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000675096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000653040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000620560 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000598544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000553784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000552448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-04-29 18:07 - 2019-04-29 18:07 - 000540448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000513040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000508208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000506168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000485192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000474928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-04-29 18:07 - 2019-04-29 18:07 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000463672 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-04-29 18:07 - 2019-04-29 18:07 - 000408528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000407504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000404792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000386872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000386360 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000384312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000343984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000312632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000283032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000257696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000255128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmBroker.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.CredentialProvider.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000169784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000159272 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000159112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000157496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000147496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000143880 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000134456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000115360 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000098664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000097808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscapi.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WppRecorder.sys
2019-04-29 18:07 - 2019-04-29 18:07 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscdll.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-29 18:07 - 2019-04-29 18:07 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-29 18:07 - 2019-04-29 18:07 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-29 18:06 - 2019-04-29 18:06 - 002017792 _____ C:\WINDOWS\system32\rdpnano.dll
2019-04-29 18:06 - 2019-04-29 18:06 - 001672704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-29 18:06 - 2019-04-29 18:06 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-29 18:06 - 2019-04-29 18:06 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-04-29 18:06 - 2019-04-29 18:06 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-29 18:06 - 2019-04-29 18:06 - 000306488 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-04-29 18:06 - 2019-04-29 18:06 - 000234808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2019-04-29 18:06 - 2019-04-29 18:06 - 000195896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-29 18:06 - 2019-04-29 18:06 - 000131384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-04-29 18:06 - 2019-04-29 18:06 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-25 14:15 - 2019-04-25 14:15 - 000025283 _____ C:\Users\Craig\Downloads\WEC Informed Consent and Release of Liability.pdf
2019-04-24 14:29 - 2019-04-24 14:29 - 000012425 _____ C:\Users\Craig\Desktop\Permiss.html
2019-04-24 14:23 - 2019-04-24 14:23 - 000757695 _____ C:\Users\Craig\Downloads\4089
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-05-22 17:15 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-05-22 17:14 - 2019-02-12 19:54 - 000972156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-22 17:14 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2019-05-22 17:10 - 2016-05-02 09:52 - 000000000 __SHD C:\Users\Craig\IntelGraphicsProfiles
2019-05-22 17:09 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-22 17:09 - 2017-08-01 15:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-05-22 17:07 - 2019-02-12 19:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-22 17:07 - 2019-02-12 19:34 - 000457064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-22 17:06 - 2018-09-15 02:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-05-22 17:05 - 2018-09-15 03:33 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-22 17:05 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-22 17:05 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-22 17:05 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-05-22 17:05 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-22 17:05 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-22 16:51 - 2019-02-12 19:42 - 000000000 ____D C:\Users\Craig
2019-05-22 16:50 - 2019-02-12 19:42 - 000000000 ____D C:\Users\DefaultAppPool
2019-05-22 16:34 - 2019-02-12 19:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-22 16:16 - 2019-02-12 19:59 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{18833ABF-2840-4621-9B7C-613DBF760B9A}
2019-05-22 15:57 - 2019-01-28 10:21 - 000000000 ___DC C:\WINDOWS\Panther
2019-05-22 15:57 - 2018-09-15 03:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-22 15:57 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-05-22 15:47 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-22 15:47 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-22 15:34 - 2016-05-04 13:54 - 000000000 ____D C:\Program Files (x86)\McAfee
2019-05-22 15:31 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-05-22 15:30 - 2018-09-15 05:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-05-22 15:30 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-05-22 15:30 - 2018-09-15 02:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-05-21 15:13 - 2016-05-02 11:09 - 000000000 ____D C:\EAll
2019-05-19 13:46 - 2019-04-21 13:46 - 000002026 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2019-05-19 13:46 - 2016-05-10 10:09 - 000000000 ____D C:\Program Files\McAfee Security Scan
2019-05-19 13:46 - 2016-05-04 13:45 - 000000000 ____D C:\ProgramData\McAfee
2019-05-16 17:00 - 2016-05-04 13:45 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-16 10:22 - 2019-02-12 19:59 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3336484662-4119272176-3804122616-1001
2019-05-16 10:22 - 2019-02-12 19:42 - 000002413 _____ C:\Users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-16 10:22 - 2016-05-02 09:57 - 000000000 ___RD C:\Users\Craig\OneDrive
2019-05-15 07:47 - 2016-04-28 09:36 - 000000000 ___RD C:\Users\Craig\Dropbox (EFSS, LLC)
2019-05-15 00:26 - 2019-02-12 19:59 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 00:26 - 2019-02-12 19:59 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-14 18:02 - 2016-05-03 15:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 17:59 - 2016-05-03 15:02 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 14:27 - 2016-05-02 10:40 - 000002309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-14 14:27 - 2016-05-02 10:40 - 000002268 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-08 16:59 - 2016-04-26 13:45 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-04-30 17:48 - 2018-01-15 19:42 - 000000000 ____D C:\Users\Craig\AppData\Local\Packages
2019-04-29 23:43 - 2019-02-12 19:59 - 000003710 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2019-04-29 22:45 - 2016-05-04 13:54 - 000001201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2019-04-29 22:45 - 2016-05-04 13:54 - 000001187 _____ C:\Users\Public\Desktop\True Key.lnk
2019-04-29 11:46 - 2018-01-15 20:00 - 000000000 ___RD C:\Users\Craig\3D Objects
2019-04-29 11:46 - 2016-02-13 09:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-04-29 11:11 - 2018-09-15 03:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-29 11:11 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-04-23 17:54 - 2018-02-19 11:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================

    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,317 posts
  • Interests:Boo!....
  • MVP

Posted 25 May 2019 - 06:28 AM

I can see entries for avast! Antivirus, and you run McAfee security suite too?, or a free tool you run for a sepcific security feature?

~~~~~~~~~~~~~~~~~

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

 

Start::
CloseProcesses:
CreateRestorePoint:
shortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {219F3096-A34E-4AC3-A673-08DDED7BB2E2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2EFD9C83-23A9-4769-BC8E-4EF38D989146} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {35DB45E1-E9D9-470B-B9AC-99511D048522} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {63A50B4C-AD0E-493F-9ED2-9EB72C0F63C5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {76B9C54B-8569-40E3-8171-4CD821BEBB9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {77121C82-C997-4F73-B7B5-53A46E701186} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B1B3E064-FAED-448B-9ACC-B134C4B58789} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B917C3EC-F77D-41F8-9556-21B40F974F92} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BA68362E-3539-4CF4-9E89-DFB8262B112C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E3457CA1-214A-42FD-99B4-2424798D4A0E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E93ECF5A-2E3A-44D9-9A03-E8C8F52D5AD5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F4C2D23C-1DCF-4484-B594-871314808A13} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F877B755-4460-446D-B910-B53E9103363E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FEAF0A4F-4363-405A-A5C5-D6BAFCC38385} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
U3 idsvc; no ImagePath
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
please post these logs when finished.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 Rich0428

Rich0428

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 25 May 2019 - 11:47 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019

Ran by Craig (25-05-2019 12:50:06) Run:1

Running from C:\Users\Craig\Downloads

Loaded Profiles: Craig (Available Profiles: Craig & DefaultAppPool)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

CloseProcesses:

CreateRestorePoint:

shortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)

GroupPolicy: Restriction ? <==== ATTENTION

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

Task: {219F3096-A34E-4AC3-A673-08DDED7BB2E2} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

Task: {2EFD9C83-23A9-4769-BC8E-4EF38D989146} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

Task: {35DB45E1-E9D9-470B-B9AC-99511D048522} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {63A50B4C-AD0E-493F-9ED2-9EB72C0F63C5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {76B9C54B-8569-40E3-8171-4CD821BEBB9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {77121C82-C997-4F73-B7B5-53A46E701186} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

Task: {B1B3E064-FAED-448B-9ACC-B134C4B58789} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {B917C3EC-F77D-41F8-9556-21B40F974F92} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {BA68362E-3539-4CF4-9E89-DFB8262B112C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {E3457CA1-214A-42FD-99B4-2424798D4A0E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {E93ECF5A-2E3A-44D9-9A03-E8C8F52D5AD5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {F4C2D23C-1DCF-4484-B594-871314808A13} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {F877B755-4460-446D-B910-B53E9103363E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

Task: {FEAF0A4F-4363-405A-A5C5-D6BAFCC38385} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

U3 idsvc; no ImagePath

C:\Windows\Temp\*.*

 

*****************

 

Processes closed successfully.

Restore point was successfully created.

C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE => moved successfully

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

HKLM\SOFTWARE\Policies\Mozilla => removed successfully

HKLM\SOFTWARE\Policies\Google => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{219F3096-A34E-4AC3-A673-08DDED7BB2E2}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{219F3096-A34E-4AC3-A673-08DDED7BB2E2}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EFD9C83-23A9-4769-BC8E-4EF38D989146}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EFD9C83-23A9-4769-BC8E-4EF38D989146}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35DB45E1-E9D9-470B-B9AC-99511D048522}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35DB45E1-E9D9-470B-B9AC-99511D048522}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63A50B4C-AD0E-493F-9ED2-9EB72C0F63C5}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63A50B4C-AD0E-493F-9ED2-9EB72C0F63C5}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76B9C54B-8569-40E3-8171-4CD821BEBB9B}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76B9C54B-8569-40E3-8171-4CD821BEBB9B}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77121C82-C997-4F73-B7B5-53A46E701186}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77121C82-C997-4F73-B7B5-53A46E701186}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1B3E064-FAED-448B-9ACC-B134C4B58789}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1B3E064-FAED-448B-9ACC-B134C4B58789}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B917C3EC-F77D-41F8-9556-21B40F974F92}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B917C3EC-F77D-41F8-9556-21B40F974F92}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA68362E-3539-4CF4-9E89-DFB8262B112C}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA68362E-3539-4CF4-9E89-DFB8262B112C}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3457CA1-214A-42FD-99B4-2424798D4A0E}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3457CA1-214A-42FD-99B4-2424798D4A0E}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E93ECF5A-2E3A-44D9-9A03-E8C8F52D5AD5}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E93ECF5A-2E3A-44D9-9A03-E8C8F52D5AD5}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4C2D23C-1DCF-4484-B594-871314808A13}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4C2D23C-1DCF-4484-B594-871314808A13}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F877B755-4460-446D-B910-B53E9103363E}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F877B755-4460-446D-B910-B53E9103363E}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEAF0A4F-4363-405A-A5C5-D6BAFCC38385}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEAF0A4F-4363-405A-A5C5-D6BAFCC38385}" => removed successfully

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully

HKLM\System\CurrentControlSet\Services\idsvc => removed successfully

idsvc => service removed successfully

 

=========== "C:\Windows\Temp\*.*" ==========

 

C:\Windows\Temp\74663620.vdf => moved successfully

C:\Windows\Temp\88418847.vdf => moved successfully

C:\Windows\Temp\Intel_PROSet_Wireless_Software_20190524115803.log => moved successfully

C:\Windows\Temp\Intel_PROSet_Wireless_Software_20190524115803_001_Driver.log => moved successfully

C:\Windows\Temp\Intel_PROSet_Wireless_Software_20190524115803_002_WiFi.log => moved successfully

C:\Windows\Temp\Intel®_PROSet_Wireless_Software_20190524120531.log => moved successfully

C:\Windows\Temp\MpCmdRun.log => moved successfully

C:\Windows\Temp\MpSigStub.log => moved successfully

C:\Windows\Temp\PanDhcpDnsInstall.txt => moved successfully

 

========= End -> "C:\Windows\Temp\*.*" ========

 

 

 

The system needed a reboot.

 

==== End of Fixlog 12:50:50 ====

 

 

# -------------------------------

# Malwarebytes AdwCleaner 7.3.0.0

# -------------------------------

# Build:    04-04-2019

# Database: 2019-04-29.1 (Cloud)

# Support:  https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Clean

# -------------------------------

# Start:    05-25-2019

# Duration: 00:00:02

# OS:       Windows 10 Pro

# Cleaned:  0

# Failed:   0

 

 

***** [ Services ] *****

 

No malicious services cleaned.

 

***** [ Folders ] *****

 

No malicious folders cleaned.

 

***** [ Files ] *****

 

No malicious files cleaned.

 

***** [ DLL ] *****

 

No malicious DLLs cleaned.

 

***** [ WMI ] *****

 

No malicious WMI cleaned.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts cleaned.

 

***** [ Tasks ] *****

 

No malicious tasks cleaned.

 

***** [ Registry ] *****

 

No malicious registry entries cleaned.

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries cleaned.

 

***** [ Chromium URLs ] *****

 

No malicious Chromium URLs cleaned.

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries cleaned.

 

***** [ Firefox URLs ] *****

 

No malicious Firefox URLs cleaned.

 

 

*************************

 

[+] Delete Tracing Keys

[+] Reset Winsock

 

*************************

 

AdwCleaner[S00].txt - [1364 octets] - [22/05/2019 16:50:40]

AdwCleaner[C00].txt - [1510 octets] - [22/05/2019 16:51:01]

AdwCleaner[S01].txt - [1371 octets] - [25/05/2019 12:58:12]

AdwCleaner[S02].txt - [1432 octets] - [25/05/2019 13:03:03]

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

 

RogueKiller Anti-Malware V13.2.1.0 (x64) [May 22 2019] (Free) by Adlice Software

mail : https://adlice.com/contact/

Website : https://adlice.com/d...ad/roguekiller/

Operating System : Windows 10 (10.0.17763) 64 bits

Started in : Normal mode

User : Craig [Administrator]

Started from : C:\Program Files\RogueKiller\RogueKiller64.exe

Signatures : 20190523_102638, Driver : Loaded

Mode : Standard Scan, Delete -- Date : 2019/05/25 13:43:51 (Duration : 00:17:56)

 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin --  -> Replaced (2)



#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,317 posts
  • Interests:Boo!....
  • MVP

Posted 25 May 2019 - 06:44 PM

Let's check for remnants

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

OR from this location Here
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
  • After the installation IS complete let it update if it asks.
  • Under SETTINGS.....APPLICATIONS leave everything at default
  • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
  • Then go to the Dashboard and click on SCAN NOW
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
    Upon completion of the scan (or after the reboot), click the Reports tab.
    Double-click the Scan Log.
    At the bottom click Export and choose Text file.

    Save the file to your desktop and include its content in your next reply.

    You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
  • Then click on POST
  • Exit Malwarebytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
  • Once the extraction is complete, the EEK folder will open. Right-click on G0tu5D9.pngstart emergency kit scanner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, open EEK again (in the C:\EEK folder);
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
Please post these 2 logs when finished.

Also, tell me how the computer is now.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 Rich0428

Rich0428

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 26 May 2019 - 12:50 PM

Juliet - Here are the two logs you requested.  As for how it's running, well I have to assume that the 4gb of RAM is an issue, so I ordered 16gb.  But it still seems that it should be behaving differently as it was out of the box.  If I click to open my Chrome Browser, it takes forever to open.  I don't think the shortage of RAM would cause that, but maybe?

 

PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
Emsisoft Emergency Kit - Version 2018.6
Last update: 5/26/2019 2:34:10 PM
User account: Craig-HP\Craig
Computer name: CRAIG-HP
OS version: Windows 10x64 
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 5/26/2019 2:34:54 PM
 
Scanned 77436
Found 0
 
Scan end: 5/26/2019 2:41:31 PM
Scan time: 0:06:37


#6 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,317 posts
  • Interests:Boo!....
  • MVP

Posted 26 May 2019 - 04:43 PM

A couple of things we can try

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
Backup Internet Explorer Favourites
Backup Firefox Bookmarks
Backup Chrome Bookmarks

Proceed with the reset once done.

Internet Explorer: How to reset Internet Explorer settings
Firefox: Reset Firefox
Chrome: Chrome - Reset browser settings


~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please Download Tweaking.com - Windows Repair from Here
OR
Windows Repair (all in one) from here.
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

    01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    07 - Repair Internet Explorer
    10 - Remove Policies Set By Infections
    17 - Repair Windows Updates
    19 - Repair Volume Shadow Copy Service
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
Restart the computer normally.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,317 posts
  • Interests:Boo!....
  • MVP

Posted 04 June 2019 - 04:39 PM

bump
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#8 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,317 posts
  • Interests:Boo!....
  • MVP

Posted 17 June 2019 - 03:57 PM

Glad we could help. SakDYGv.gif Since this issue appears resolved ... this Topic is closed.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users