Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93097 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Have I been hacked?


  • This topic is locked This topic is locked
9 replies to this topic

#1 ChadA

ChadA

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 19 August 2019 - 05:47 PM

Worried I might have been hacked.  The other day, I found a message in my Gmail SPAM folder that looked like a garden variety phishing/ransom email.  It said I'd been hacked and they'd installed a keylogger, hacked my webcam, and cracked my contacts list.  If I didn't pay them they'd email incriminating info/videos to my contacts.

 

Normally I wouldn't give it much thought, but 1) they listed an old password in the email (doesn't get used for anything important anymore) and 2) laptops can go anywhere, including the bedroom...  Don't want a hacked webcam.
 
Before I remembered this site, I ran MBAM's standard scan.  It found and quarantined a half dozen things that didn't seem serious.  I ran another MBAM scan, looking just at rootkits and it found nothing.
 
I came here and downloaded aswMBR.  Ran as Admin.  Had already quit MBAM to try to avoid conflicts.  It blue-screened both times I ran it.  aswMBR.sys failed and threw up an error:  IRQL NOT LESS OR EQUAL.
 
FRST logs below.  Thanks for the help!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2019
Ran by CHAD (administrator) on CHAD-HP (Hewlett-Packard HP ProBook 4540s) (19-08-2019 19:31:11)
Running from C:\Users\CHAD\Desktop
Loaded Profiles: CHAD (Available Profiles: CHAD & DefaultAppPool)
Platform: Windows 10 Pro Version 1903 18362.295 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft, Inc. -> ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(B.H.A Corporation -> B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Juniper Networks, Inc. -> Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PDF Complete Inc. -> PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Prolific Technology Inc.) [File not signed] C:\Windows\SysWOW64\IoctlSvc.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(RealNetworks, Inc. -> ) C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\ffprobe.exe
(RealNetworks, Inc. -> ) C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\proclaunch.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKEE.EXE
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Validity Sensors, Inc -> Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-05-07] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-03-14] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-05-03] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc -> Leader Technologies Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-03-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-02-16] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-02-16] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1194048 2017-11-02] (PDF Complete Inc. -> PDF Complete Inc)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-08-22] (Hewlett-Packard Company) [File not signed]
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\Run: [Sync2] => C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe [7711592 2015-04-29] (Alittera Limited Inc -> 4Team Corporation)
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-09] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-07] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-07] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
HKLM\Software\...\Authentication\PLAP Providers: [{60442b50-aac2-4db7-b9b0-813d2107287d}] -> C:\WINDOWS\system32\dsNcSmartCardProv.dll [2013-08-02] (Juniper Networks, Inc. -> Juniper Networks)
HKLM\Software\...\Authentication\PLAP Providers: [{9f4a51de-92b1-483a-b717-dd7d3bb7d3db}] -> C:\WINDOWS\system32\dsNcCredProv.dll [2013-08-02] (Juniper Networks, Inc. -> Juniper Networks)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00027A13-2F69-4CD2-9A3D-79F681558700} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe [179288 2014-06-10] (4Team Corporation -> )
Task: {0028B6FA-EA23-4640-B422-0BB168FF3700} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {02A19295-BE30-40C8-B55A-884F5EB702F5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {035339AF-BBED-4831-BAA0-1B2222353FC8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {03DA773A-58D1-4575-B82C-3B2EB26081A1} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0465AC40-B7AA-44EB-B947-64671D9A7735} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0ACAD6B4-78AC-4B1C-9572-CED15D4EFEB6} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {10D41246-C4AD-41F1-8419-5DB2296FF300} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [292952 2019-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {11A660D8-C7F1-44CB-A8EA-203E5C299956} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {15878568-230F-4094-96F7-6D6E1E224C8A} - System32\Tasks\EPSON WF-3620 Series Update {E45CB90C-42C3-415F-88A8-F4E627A93EF7} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {158AC727-54B6-40CA-BA6C-EF18C0650F99} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-501829448-2021581346-1665667405-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [147016 2014-06-10] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {1B00DE15-231B-4DF2-A6AE-B25B6CAEBD74} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2267C3CD-3530-4685-ABBD-B0ACA5AA537D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {263FA65D-D5D2-4A26-A8FC-F9BA4111A705} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {26C15821-4D68-4375-AC75-F9AB47D715B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {37F9EBEF-8F9A-47AF-AA55-22CD7435CC4C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {3F13B301-5186-4E32-8388-A5E54FD3B353} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {436D9AD3-FF67-47C9-891A-6836E87A2901} - System32\Tasks\EPSON WF-3620 Series Update {6CA90904-54D9-4652-801C-F03E2BB880E1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {445D1F80-51CC-4B97-9D38-589A790EDE21} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {453178F6-86CE-4208-9CB9-63B47296332D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4AD94960-E72A-44A4-A67A-442C160461D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [525728 2012-09-27] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {54B29038-DBC0-4BB6-9C86-DB86FCF57333} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {55296F2A-315D-4B8B-8FA6-3012CD62D4FD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-501829448-2021581346-1665667405-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [147016 2014-06-10] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D7090BE-CCA9-4417-BA35-CFB27E5BC065} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [525728 2012-09-27] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {60363A55-106D-4F22-A679-C69F2C0CA859} - System32\Tasks\EPSON WF-3620 Series Update {E7A67749-BDB1-4DC8-A8EF-43CB200C10E1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {608E865A-25B9-44B9-AEA1-B4552AEEB3D3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {60F8C347-2DBE-413F-9175-834709C8964F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {626395DE-43AF-4DFD-9DAB-E7B3C61322B2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {661B38E9-6086-4451-B9CD-BA88F08D9019} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6885BD88-8B60-4B3C-9A02-4C12F4053220} - System32\Tasks\HPCeeScheduleForCHAD => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [95800 2011-07-15] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {6BF73B70-8002-4F4A-8B4C-E5C0900DCCDD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {73B16A6A-F2F1-4293-B033-9BCF8F351A00} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {74B62765-28F5-48DF-9684-6944189AB767} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {771E8145-A800-4F1F-8802-A04A9E610CDD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7740FC1D-1A11-4E36-A5B1-F8410B7A7236} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7B6311B0-8E34-474B-A4E9-9455340A7120} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [292952 2019-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B7CF43D-DA9D-4FDD-BE7C-AA72AC093AC7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7C0E4D42-C49C-4A1F-AC39-BA5EDB9EFD7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {7E305DE6-8675-4B18-A220-CAA13D1E298A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7E77EF7E-C796-4D9F-AE8F-8B169B3C5A41} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {7FD9F0E0-759D-4630-AD6E-846F76035987} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1059704 2018-11-09] (HP Inc. -> HP Inc.)
Task: {86DDB56C-F712-4477-ADCB-0661FFD1A500} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {879F0DDC-79C1-49A8-8958-ECD20B6A6171} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {8DE2EC38-29DB-49AF-B5D7-1B701DFE77A0} - System32\Tasks\EPSON WF-3620 Series Update {B95A2280-8452-4093-980F-3BE815BC83F1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {90E3ADEC-3AFD-4318-8C24-795E0641C2D4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9143CAFB-3946-4C12-9C3F-F2CE5B0ECBAB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {92B975A7-791F-4B06-AC75-8D8A06D90E83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {981CC582-73C2-4AA4-980D-B94D834C6B73} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-14] (Adobe Inc. -> Adobe)
Task: {99755DEF-11FF-4772-89E7-932F8643764F} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {99DCAE34-D78B-4427-B17A-A7694845779D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9BC64C35-A8C3-4D8D-B684-29BFCBBBFA55} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {9C0B97B0-0659-4D0B-B32C-EEF7594BC694} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9FF579BB-AB82-44A2-BB6D-B5AA7D621D9E} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {A1954350-D535-4F66-87B5-399D02293142} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1F632FD-A497-4E8E-9E4D-16136704B54D} - System32\Tasks\EPSON WF-3620 Series Invitation {6CA90904-54D9-4652-801C-F03E2BB880E1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {A86E8C48-0E0E-45C6-9EB2-EDF47A2C6A2A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {AB45C5EC-1E61-46D9-B013-8A3B45ADA42F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AF42EC86-1FBF-4CF5-B847-D3BA7AD7CD53} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B4CCFB1C-4390-4CCF-820C-42C095A668A1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B766AC2C-B50C-4C2E-B0F6-2439A1242A8F} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {BCA20F3F-B57C-402F-847A-466EB21E2A8B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C0F352E3-17C6-4B51-A016-21BC6BC4EAFE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-14] (Adobe Inc. -> Adobe)
Task: {C83C10DE-50B2-49A4-8653-1BC5CDC55FED} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CA3EE5C1-21EC-4619-A35B-9DF0414CC3FD} - System32\Tasks\EPSON WF-3620 Series Invitation {E7A67749-BDB1-4DC8-A8EF-43CB200C10E1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {CD146A67-2697-49D2-BC7A-B31D35EBB667} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [208760 2018-06-27] (HP Inc. -> HP Inc.)
Task: {CDB75803-208B-4199-AC18-3E194452A9D5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D5716031-903B-4AEA-B847-4F6D2F53FE30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [88120 2016-02-18] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {D5F6FE3C-49AA-4EFA-B50D-81A030012A03} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D9E05319-9875-4A89-9593-038913E16DC0} - System32\Tasks\EPSON WF-3620 Series Invitation {E45CB90C-42C3-415F-88A8-F4E627A93EF7} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {D9F633CB-5FC4-4F33-9573-44C5B6703430} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DE817038-3D67-4072-B3B6-58E06A7D9A43} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E4C8FA01-2D3D-4E09-A06E-E33AA7342AE7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E723203D-8C34-48D1-A13B-318211184000} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E81E1938-10D9-475C-9411-0C0667360E50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {ED3229FF-75AC-4E5D-AE1C-DA92BE8B09FB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FAB91744-9B2A-409B-9AD2-B7D807CB064C} - System32\Tasks\EPSON WF-3620 Series Update {98CBB363-98D0-4580-9CF4-3D752537F8CC} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {FCA21B66-C303-43B8-BED4-ACC0A125C51A} - System32\Tasks\EPSON WF-3620 Series Invitation {98CBB363-98D0-4580-9CF4-3D752537F8CC} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {FDB5575F-C915-4AA8-8FEA-70B9F41423E7} - System32\Tasks\EPSON WF-3620 Series Invitation {B95A2280-8452-4093-980F-3BE815BC83F1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {FF76F358-BA4D-4645-B2C7-443C4E29F27B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {6CA90904-54D9-4652-801C-F03E2BB880E1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {98CBB363-98D0-4580-9CF4-3D752537F8CC}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {B95A2280-8452-4093-980F-3BE815BC83F1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {E45CB90C-42C3-415F-88A8-F4E627A93EF7}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {E7A67749-BDB1-4DC8-A8EF-43CB200C10E1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {6CA90904-54D9-4652-801C-F03E2BB880E1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{6CA90904-54D9-4652-801C-F03E2BB880E1} /F:UpdateWORKGROUP\CHAD-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {98CBB363-98D0-4580-9CF4-3D752537F8CC}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{98CBB363-98D0-4580-9CF4-3D752537F8CC} /F:UpdateWORKGROUP\CHAD-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {B95A2280-8452-4093-980F-3BE815BC83F1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{B95A2280-8452-4093-980F-3BE815BC83F1} /F:UpdateWORKGROUP\CHAD-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {E45CB90C-42C3-415F-88A8-F4E627A93EF7}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{E45CB90C-42C3-415F-88A8-F4E627A93EF7} /F:UpdateWORKGROUP\CHAD-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {E7A67749-BDB1-4DC8-A8EF-43CB200C10E1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{E7A67749-BDB1-4DC8-A8EF-43CB200C10E1} /F:UpdateWORKGROUP\CHAD-HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\HPCeeScheduleForCHAD.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{400dbc20-b4eb-4abf-a02d-003f059e2d91}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bf058385-fcc5-44d5-9d3a-450a6250acea}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://rr.com/
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-501829448-2021581346-1665667405-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-501829448-2021581346-1665667405-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-501829448-2021581346-1665667405-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-06-10] (RealNetworks, Inc. -> RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-07] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-04-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard Company -> Hewlett-Packard)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.) [File not signed]
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-06-10] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2019-02-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2019-04-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard Company -> Hewlett-Packard)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.) [File not signed]
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h50203.www5.hp.com/WCLWeb/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://googleonline.webex.com/client/T29LSP13/support/ieatgpc1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://sslvpn.uc.edu/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Edge:
======
DownloadDir: C:\Users\CHAD\Downloads
FireFox:
========
FF DefaultProfile: i0sxdgat.default-1552393182377
FF ProfilePath: C:\Users\CHAD\AppData\Roaming\Mozilla\Firefox\Profiles\i0sxdgat.default-1552393182377 [2019-07-16]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-14] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_238.dll [2019-08-14] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-14] (Adobe Inc. -> )
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-14] (Internal - Intel® Identity Protection Technology Software -> Intel Corporation) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-14] (Internal - Intel® Identity Protection Technology Software -> Intel Corporation) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-07-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-06-10] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-06-10] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-06-10] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-07-14] (RealNetworks, Inc. -> RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-501829448-2021581346-1665667405-1001: @citrixonline.com/appdetectorplugin -> C:\Users\CHAD\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-04] (Citrix Online -> Citrix Online)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\CHAD\AppData\Local\Google\Chrome\User Data\Default [2019-08-08]
CHR Extension: (Docs) - C:\Users\CHAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\CHAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\CHAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-09]
CHR Extension: (Google Search) - C:\Users\CHAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\CHAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-08-08]
CHR Extension: (RealPlayer Downloader) - C:\Users\CHAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CHAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-08-08]
CHR Extension: (Gmail) - C:\Users\CHAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-08]
CHR Extension: (Chrome Media Router) - C:\Users\CHAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [416192 2018-11-15] (Qualcomm Atheros -> Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-10-11] (Macrovision Europe Ltd.) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-07-14] (Intel® pGFX -> Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2014-03-14] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2014-03-14] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG -> Nero AG)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1794624 2017-11-02] (PDF Complete Inc. -> PDF Complete Inc)
R2 PLFlash DeviceIoControl Service; C:\windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] (RealNetworks, Inc. -> )
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5775208 2019-08-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [318464 2014-03-14] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255584 2017-08-19] (Synaptics Incorporated -> Synaptics Incorporated)
R2 uArcCapture; C:\WINDOWS\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc. -> ArcSoft, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-07] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [43800 2012-03-15] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 ARCVCAM; C:\WINDOWS\system32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-02] (ArcSoft, Inc. -> ArcSoft, Inc.)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2019-03-19] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation -> B.H.A Corporation)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [30488 2012-03-15] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr.sys [25912 2011-07-18] (Hewlett-Packard Company -> Hewlett-Packard Company)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895224 2016-04-16] (Realtek Semiconductor Corp -> Realtek )
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [700128 2015-06-16] (Sunplus Innovation Technology Inc. -> Sunplus)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [536576 2014-03-14] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-25] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-08-19 19:38 - 2019-08-19 19:38 - 000000000 _____ C:\Users\CHAD\Desktop\Post.txt
2019-08-19 19:31 - 2019-08-19 19:35 - 000055903 _____ C:\Users\CHAD\Desktop\FRST.txt
2019-08-19 19:29 - 2019-08-19 19:31 - 000000000 ____D C:\FRST
2019-08-19 19:28 - 2019-08-19 19:28 - 001612800 _____ (Farbar) C:\Users\CHAD\Desktop\FRST64.exe
2019-08-19 19:20 - 2019-08-19 19:24 - 000681660 _____ C:\WINDOWS\Minidump\081919-40796-01.dmp
2019-08-19 18:27 - 2019-08-19 19:20 - 555928810 _____ C:\WINDOWS\MEMORY.DMP
2019-08-19 18:27 - 2019-08-19 19:20 - 000000000 ____D C:\WINDOWS\Minidump
2019-08-19 18:27 - 2019-08-19 18:27 - 000000000 _____ C:\WINDOWS\Minidump\081919-39843-01.dmp
2019-08-19 18:15 - 2019-08-19 18:15 - 005198336 _____ (AVAST Software) C:\Users\CHAD\Desktop\aswMBR.exe
2019-08-18 18:59 - 2019-08-18 18:59 - 000633344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2019-08-18 18:59 - 2019-08-18 18:59 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2019-08-18 18:59 - 2019-08-18 18:59 - 000093104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-08-18 18:58 - 2019-08-18 18:59 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 018017792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 007008768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 005916160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 002494440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 001715000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2019-08-18 18:58 - 2019-08-18 18:58 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 022625280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 008012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 007753728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2019-08-18 18:57 - 2019-08-18 18:57 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2019-08-18 18:57 - 2019-08-18 18:57 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000428544 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-08-18 18:57 - 2019-08-18 18:57 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Groupinghc.dll
2019-08-18 18:56 - 2019-08-18 18:57 - 025901056 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 006518184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 006071432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 005941760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 005753944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 002798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-08-18 18:56 - 2019-08-18 18:56 - 002094592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 001954960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 001562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 001535288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 001458176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 001413328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 001391416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-08-18 18:56 - 2019-08-18 18:56 - 001213240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 001072144 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-08-18 18:56 - 2019-08-18 18:56 - 001056704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000829776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-08-18 18:56 - 2019-08-18 18:56 - 000782120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-08-18 18:56 - 2019-08-18 18:56 - 000672944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-08-18 18:56 - 2019-08-18 18:56 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-08-18 18:56 - 2019-08-18 18:56 - 000316432 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000300176 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000210448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000170920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000135480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpapi.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2019-08-18 18:56 - 2019-08-18 18:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 009926672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-08-18 18:55 - 2019-08-18 18:55 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 002990096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-08-18 18:55 - 2019-08-18 18:55 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 001647280 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 001301008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-08-18 18:55 - 2019-08-18 18:55 - 001262016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 001259008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000889664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000821904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-08-18 18:55 - 2019-08-18 18:55 - 000796088 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000752792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-08-18 18:55 - 2019-08-18 18:55 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000524216 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000477712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-08-18 18:55 - 2019-08-18 18:55 - 000386320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000210400 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-08-18 18:55 - 2019-08-18 18:55 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-08-18 18:54 - 2019-08-18 18:55 - 004562904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-08-18 18:54 - 2019-08-18 18:54 - 017785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 007890256 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 007277568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 007251808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 006226864 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 004012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 003724800 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 003698176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 003590672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 003550720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 002724352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 002449432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 001754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-08-18 18:54 - 2019-08-18 18:54 - 001717776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 001509936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-08-18 18:54 - 2019-08-18 18:54 - 001505808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-08-18 18:54 - 2019-08-18 18:54 - 001337872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 001182240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-08-18 18:54 - 2019-08-18 18:54 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 001037312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 000876560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 000481592 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-08-18 18:54 - 2019-08-18 18:54 - 000441360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 000283152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 000202256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2019-08-18 18:54 - 2019-08-18 18:54 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-08-18 18:54 - 2019-08-18 18:54 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2019-08-18 18:54 - 2019-08-18 18:54 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2019-08-18 18:54 - 2019-08-18 18:54 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2019-08-18 18:53 - 2019-08-18 18:53 - 000804880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2019-08-18 03:46 - 2019-08-19 19:24 - 000003540 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-501829448-2021581346-1665667405-1001
2019-08-18 01:01 - 2019-08-19 19:24 - 000003602 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-501829448-2021581346-1665667405-1001
2019-08-18 00:22 - 2019-08-18 00:22 - 000000000 ____D C:\Users\CHAD\AppData\Local\mbamtray
2019-08-18 00:22 - 2019-08-18 00:22 - 000000000 ____D C:\Users\CHAD\AppData\Local\mbam
2019-08-18 00:21 - 2019-08-18 00:21 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-18 00:21 - 2019-08-18 00:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-18 00:21 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-18 00:21 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-18 00:20 - 2019-08-18 00:20 - 064333800 _____ (Malwarebytes ) C:\Users\CHAD\Downloads\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270.exe
2019-08-18 00:20 - 2019-08-18 00:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-18 00:20 - 2019-08-18 00:20 - 000000000 ____D C:\Program Files\Malwarebytes
2019-08-07 17:28 - 2019-08-07 14:06 - 000000000 ____D C:\Windows.old
2019-08-07 16:45 - 2019-08-07 17:28 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-08-07 16:45 - 2019-08-07 16:45 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2019-08-07 16:44 - 2019-08-07 16:45 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-08-07 16:43 - 2019-08-07 16:43 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-08-07 16:33 - 2019-08-07 16:33 - 019811328 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 007802224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 005500416 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 005083352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 005014016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 004481024 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 004306432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 004129616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 003635200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 002956984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 002398720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 002358584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 002314440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 002235936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 002190648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 002147840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 002072152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001866064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001652536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001611576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001555688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001510952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001505080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001493392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001383736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001297720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001273176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001248256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2019-08-07 16:33 - 2019-08-07 16:33 - 001244728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001185280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 001181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001126400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 001106288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001043768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 001039872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2019-08-07 16:33 - 2019-08-07 16:33 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000957240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\opengl32.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000828216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 000827192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000816440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000800568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-08-07 16:33 - 2019-08-07 16:33 - 000762880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000744248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2019-08-07 16:33 - 2019-08-07 16:33 - 000741376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000741176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000737552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2019-08-07 16:33 - 2019-08-07 16:33 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000700928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000682744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2019-08-07 16:33 - 2019-08-07 16:33 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2019-08-07 16:33 - 2019-08-07 16:33 - 000666128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000649016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000551824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000512512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 000494904 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000463272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 000420360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000394040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AnalogShell.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000267528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\provplatformdesktop.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glu32.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 000228664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000181560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 000174392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2019-08-07 16:33 - 2019-08-07 16:33 - 000172856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 000153912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVfs.sys
2019-08-07 16:33 - 2019-08-07 16:33 - 000137528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
2019-08-07 16:33 - 2019-08-07 16:33 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwclientres.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmlib.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000037688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2019-08-07 16:33 - 2019-08-07 16:33 - 000021816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScriptRunner.exe
2019-08-07 16:33 - 2019-08-07 16:33 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwstreamingux.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 007174656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 006218752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 004863488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 004578816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 004348408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 003837440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 003735264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 002586608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 002306048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 002216448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 002175288 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 002132520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001893888 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001847808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001788944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001690624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001661544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001651848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001611416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001562640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001531992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001515008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaclient.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001473488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001334064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ttdrecordcpu.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001283384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-08-07 16:32 - 2019-08-07 16:32 - 001282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001273344 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\opengl32.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001192096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 001178608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001124864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CBDHSvc.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001079296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001059840 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 001007160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000892488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000800048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000777528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000774664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000772656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000769336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000739328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000674816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000669496 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000667272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000645632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000588256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000568336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourceMapper.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000531464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiagn.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000510768 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-08-07 16:32 - 2019-08-07 16:32 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000451896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000450400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000441584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiagn.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000422008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-08-07 16:32 - 2019-08-07 16:32 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000404392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\provplatformdesktop.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000386048 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\SysWOW64\curl.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webauthn.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxdiag.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000366184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxdiag.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2019-08-07 16:32 - 2019-08-07 16:32 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000284536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000283472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ttdwriter.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000268216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000261016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityUxHost.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-08-07 16:32 - 2019-08-07 16:32 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000199176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000187920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-08-07 16:32 - 2019-08-07 16:32 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-08-07 16:32 - 2019-08-07 16:32 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glu32.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000149512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ulib.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000145936 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000135000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinHvPlatform.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000120352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000116184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000110080 _____ C:\WINDOWS\system32\ResBParser.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GraphicsCapture.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000098592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Display.BrightnessOverride.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000096032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-08-07 16:32 - 2019-08-07 16:32 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-08-07 16:32 - 2019-08-07 16:32 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzautoupdate.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coloradapterclient.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaproxystub.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000058825 _____ C:\WINDOWS\system32\srms.dat
2019-08-07 16:32 - 2019-08-07 16:32 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000056008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000042296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000021544 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnlsres.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2019-08-07 16:32 - 2019-08-07 16:32 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2019-08-07 16:32 - 2019-08-07 16:32 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-08-07 16:32 - 2019-08-07 16:32 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3r.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 014814208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 006403072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 005087744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 003915536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 003771392 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 003750912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 003372744 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 002771752 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 002764040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 002698552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 002697728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 002490712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 002081976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001999648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001912576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001840968 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001815040 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001633864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001408000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001393960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\APMon.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001366528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001345024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001304888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001244672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001154960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 001020768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000984376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000928776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000913168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000888056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000879792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000861696 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000818688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000818656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000811160 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-08-07 16:31 - 2019-08-07 16:31 - 000811160 _____ C:\WINDOWS\system32\locale.nls
2019-08-07 16:31 - 2019-08-07 16:31 - 000773680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000771584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000674072 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000673080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000639608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000634880 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000613392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000606112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000602224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000586760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000574976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_9.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000515896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000515448 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000511008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000478800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000466624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000462352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000457016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000437776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-08-07 16:31 - 2019-08-07 16:31 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000401416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000379192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000375512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000358944 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000336928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000334728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000310072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000279624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000260920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000248088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Gpu.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000220680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000205112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winquic.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\regapi.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000194176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winquic.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regapi.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000146744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000144376 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000139472 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000132912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Display.BrightnessOverride.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000129848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000106536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mapistub.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mapi32.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameChatTranscription.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000087048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000066360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000063504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2019-08-07 16:31 - 2019-08-07 16:31 - 000020728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnlsres.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fixmapi.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2019-08-07 16:31 - 2019-08-07 16:31 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCertResources.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-08-07 16:31 - 2019-08-07 16:31 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 007832896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 006059520 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 004552376 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 004470784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 004034048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 004008960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 003947520 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 003327256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 003261440 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 003141120 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 003104768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 003084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002871824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 002870272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002656768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002550792 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002448384 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002321408 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002282496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002249216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002178048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaclient.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002120488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002113536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 002032640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001979392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001940952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001884672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001884200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConstraintIndex.Search.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001830416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001784832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001781248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001761792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001743672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001654520 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001635328 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdrecordcpu.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001608704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001581056 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001553408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 001497088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001480704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001437184 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 001423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001413904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001395600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001364480 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsf3gip.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001249920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 001098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Signals.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001092096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001084728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001068856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001065984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001042944 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-08-07 16:30 - 2019-08-07 16:30 - 001040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 001007120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000977688 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000940736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000910272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-08-07 16:30 - 2019-08-07 16:30 - 000862720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000824832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000810512 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000804880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000731448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000728576 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000706760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000680760 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000642208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000637968 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_9.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000589592 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_PCDisplay.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000551736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000544576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-08-07 16:30 - 2019-08-07 16:30 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2019-08-07 16:30 - 2019-08-07 16:30 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2019-08-07 16:30 - 2019-08-07 16:30 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\webauthn.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000425264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000416008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000390456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000363624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000343104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ttdwriter.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000339520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000296976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000283144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\directxdatabaseupdater.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio2.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ManagePhone.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000249656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000225320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgiadaptercache.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000214032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000208400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000201232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000199688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000199184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000182072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000180536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000180240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000180024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000162384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000157752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaproxystub.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000142136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameChatTranscription.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapistub.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapi32.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000120048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000117048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds_ps.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000088560 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000088488 _____ (Microsoft Corporation) C:\WINDOWS\system32\coloradapterclient.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000071720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000065064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidspi.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000055608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000047200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\devauthe.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000046632 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000037888 _____ C:\WINDOWS\system32\usocoreps.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000028936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsldr.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000023352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\fixmapi.exe
2019-08-07 16:30 - 2019-08-07 16:30 - 000019256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys
2019-08-07 16:30 - 2019-08-07 16:30 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2019-08-07 16:30 - 2019-08-07 16:30 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2019-08-07 16:22 - 2019-08-07 16:22 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-08-07 16:22 - 2019-08-07 16:22 - 000903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2019-08-07 16:22 - 2019-08-07 16:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2019-08-07 16:22 - 2019-08-07 16:22 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2019-08-07 16:22 - 2019-08-07 16:22 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2019-08-07 16:22 - 2019-08-07 16:22 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2019-08-07 16:22 - 2019-08-07 16:22 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2019-08-07 16:22 - 2019-08-07 16:22 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2019-08-07 16:22 - 2019-08-07 16:22 - 000000000 ____D C:\WINDOWS\system32\msmq
2019-08-07 16:22 - 2019-08-07 16:22 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2019-08-07 16:22 - 2019-08-07 16:22 - 000000000 ____D C:\inetpub
2019-08-07 16:21 - 2019-08-07 16:21 - 001166488 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2019-08-07 16:21 - 2019-08-07 16:21 - 000778912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2019-08-07 16:21 - 2019-08-07 16:21 - 000124568 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2019-08-07 16:21 - 2019-08-07 16:21 - 000103072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-08-07 16:21 - 2019-08-07 16:21 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2019-08-07 16:21 - 2019-08-07 16:21 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2019-08-07 16:21 - 2019-08-07 16:21 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-08-07 16:21 - 2019-08-07 16:21 - 000000000 ____D C:\Program Files\MSBuild
2019-08-07 16:21 - 2019-08-07 16:21 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-08-07 16:21 - 2019-08-07 16:21 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-08-07 14:12 - 2019-08-07 14:12 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-08-07 14:11 - 2019-08-07 14:11 - 000000000 ____D C:\Users\CHAD\AppData\Local\PlaceholderTileLogoFolder
2019-08-07 14:09 - 2015-06-16 07:36 - 000700128 _____ (Sunplus) C:\WINDOWS\system32\Drivers\SPUVCBv_x64.sys
2019-08-07 14:09 - 2015-06-16 07:36 - 000077752 _____ (Dext5xx) C:\WINDOWS\system32\DextUVCB_x64.ax
2019-08-07 14:09 - 2015-06-16 07:36 - 000072632 _____ (Dext5xx) C:\WINDOWS\SysWOW64\DextUVCB.ax
2019-08-07 14:09 - 2015-06-16 07:30 - 000014681 _____ C:\WINDOWS\TWAINSP_HP.ini
2019-08-07 14:09 - 2015-06-16 07:30 - 000007408 _____ C:\WINDOWS\TWAINSP_HP.src
2019-08-07 14:06 - 2019-08-07 14:06 - 000000020 ___SH C:\Users\CHAD\ntuser.ini
2019-08-07 14:04 - 2019-08-19 19:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-07 14:04 - 2019-08-18 21:26 - 000003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForCHAD
2019-08-07 14:04 - 2019-08-18 16:44 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{032A1A12-4C00-4DE4-A08E-241433E2DAE0}
2019-08-07 14:04 - 2019-08-14 16:56 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-08-07 14:04 - 2019-08-14 16:56 - 000004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-08-07 14:04 - 2019-08-11 11:05 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-501829448-2021581346-1665667405-1001
2019-08-07 14:04 - 2019-08-07 14:04 - 000003488 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Update {E7A67749-BDB1-4DC8-A8EF-43CB200C10E1}
2019-08-07 14:04 - 2019-08-07 14:04 - 000003488 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Update {E45CB90C-42C3-415F-88A8-F4E627A93EF7}
2019-08-07 14:04 - 2019-08-07 14:04 - 000003488 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Update {B95A2280-8452-4093-980F-3BE815BC83F1}
2019-08-07 14:04 - 2019-08-07 14:04 - 000003488 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Update {98CBB363-98D0-4580-9CF4-3D752537F8CC}
2019-08-07 14:04 - 2019-08-07 14:04 - 000003488 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Update {6CA90904-54D9-4652-801C-F03E2BB880E1}
2019-08-07 14:04 - 2019-08-07 14:04 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-08-07 14:04 - 2019-08-07 14:04 - 000003310 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Invitation {E7A67749-BDB1-4DC8-A8EF-43CB200C10E1}
2019-08-07 14:04 - 2019-08-07 14:04 - 000003310 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Invitation {E45CB90C-42C3-415F-88A8-F4E627A93EF7}
2019-08-07 14:04 - 2019-08-07 14:04 - 000003310 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Invitation {B95A2280-8452-4093-980F-3BE815BC83F1}
2019-08-07 14:04 - 2019-08-07 14:04 - 000003310 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Invitation {98CBB363-98D0-4580-9CF4-3D752537F8CC}
2019-08-07 14:04 - 2019-08-07 14:04 - 000003310 _____ C:\WINDOWS\System32\Tasks\EPSON WF-3620 Series Invitation {6CA90904-54D9-4652-801C-F03E2BB880E1}
2019-08-07 14:04 - 2019-08-07 14:04 - 000003264 _____ C:\WINDOWS\System32\Tasks\4Team updater
2019-08-07 14:04 - 2019-08-07 14:04 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-08-07 14:04 - 2019-08-07 14:04 - 000002078 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2019-08-07 14:04 - 2019-08-07 14:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2019-08-07 14:04 - 2019-08-07 14:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-08-07 14:04 - 2019-08-07 14:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2019-08-07 14:04 - 2019-08-07 14:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2019-08-07 14:01 - 2019-08-07 14:04 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2019-08-07 14:01 - 2019-08-07 14:04 - 000011433 _____ C:\WINDOWS\diagerr.xml
2019-08-07 13:53 - 2019-08-19 19:28 - 000972156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-07 13:41 - 2019-08-19 18:28 - 000000000 ____D C:\Users\CHAD
2019-08-07 13:41 - 2019-08-11 11:04 - 000002397 _____ C:\Users\CHAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-07 13:41 - 2019-08-07 13:49 - 000000000 ____D C:\Users\DefaultAppPool
2019-08-07 13:41 - 2019-03-19 00:46 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-08-07 13:34 - 2019-08-07 13:34 - 000000000 ____D C:\ProgramData\USOShared
2019-08-07 13:34 - 2016-07-14 10:27 - 000081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2019-08-07 13:33 - 2019-08-07 16:30 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-08-07 13:29 - 2019-08-19 18:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-07 13:29 - 2019-08-19 18:07 - 002588512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-08-06 14:53 - 2019-08-06 15:10 - 000194897 _____ C:\Users\CHAD\Documents\DPO Instrument Insurance 19-Arnow.xlsx
2019-07-26 19:54 - 2019-08-07 14:10 - 000000000 ___DC C:\WINDOWS\Panther
2019-07-26 11:46 - 2019-08-19 18:07 - 000000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForCHAD.job
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-08-19 19:36 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-19 19:28 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF
2019-08-19 19:25 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-08-19 19:22 - 2015-12-08 00:24 - 000000000 __SHD C:\Users\CHAD\IntelGraphicsProfiles
2019-08-19 19:21 - 2012-04-16 06:58 - 000000000 ____D C:\ProgramData\PDFC
2019-08-19 18:09 - 2018-01-30 21:10 - 000000000 ___RD C:\Users\CHAD\3D Objects
2019-08-19 18:09 - 2016-04-27 02:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-08-19 18:09 - 2013-10-10 21:56 - 000000000 ___RD C:\Users\CHAD\Virtual Machines
2019-08-18 21:57 - 2019-03-19 00:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-08-18 21:56 - 2019-03-19 02:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-08-18 21:56 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-08-18 21:56 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-08-18 21:56 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-08-18 19:38 - 2015-12-08 11:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-08-18 19:20 - 2015-12-08 11:32 - 134272480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-08-18 19:18 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-08-18 19:17 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\servicing
2019-08-18 16:44 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-18 13:01 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-18 00:21 - 2019-03-19 00:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-08-14 16:56 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-08-14 16:56 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-08-11 11:04 - 2015-12-08 00:37 - 000000000 ___RD C:\Users\CHAD\OneDrive
2019-08-09 10:30 - 2014-05-28 23:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-09 10:30 - 2014-05-28 23:20 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-08 14:13 - 2018-01-28 12:57 - 000000000 ____D C:\Users\CHAD\AppData\Local\Packages
2019-08-08 13:35 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\appcompat
2019-08-07 17:28 - 2019-07-16 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2019-08-07 17:28 - 2019-04-22 10:41 - 000000000 ____D C:\WINDOWS\en
2019-08-07 17:28 - 2019-03-19 00:56 - 000000000 ____D C:\WINDOWS\Setup
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 __RHD C:\Users\Public\Libraries
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\spool
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\IME
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\schemas
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Registration
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\IME
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Help
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Cursors
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Common Files\System
2019-08-07 17:28 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-08-07 17:28 - 2019-03-19 00:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-08-07 17:28 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2019-08-07 17:28 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-08-07 17:28 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-08-07 17:28 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-08-07 17:28 - 2017-10-01 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2019-08-07 17:28 - 2017-09-27 15:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale
2019-08-07 17:28 - 2017-07-27 19:37 - 000000000 ____D C:\Program Files\Intel
2019-08-07 17:28 - 2017-07-27 19:36 - 000000000 ____D C:\WINDOWS\SysWOW64\ArcVCapRender
2019-08-07 17:28 - 2017-07-10 17:03 - 000000000 ____D C:\Program Files\UNP
2019-08-07 17:28 - 2017-03-24 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2019-08-07 17:28 - 2016-02-27 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML Help Workshop
2019-08-07 17:28 - 2016-02-23 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2019-08-07 17:28 - 2015-10-13 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-08-07 17:28 - 2015-04-15 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-08-07 17:28 - 2015-03-19 21:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garritan ARIA Player
2019-08-07 17:28 - 2014-08-08 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartMusic
2019-08-07 17:28 - 2014-08-05 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2019-08-07 17:28 - 2014-05-28 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-08-07 17:28 - 2014-05-01 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2019-08-07 17:28 - 2013-10-19 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SureThing
2019-08-07 17:28 - 2013-10-19 22:58 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2019-08-07 17:28 - 2013-10-19 22:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
2019-08-07 17:28 - 2013-10-16 23:55 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-08-07 17:28 - 2013-10-12 10:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StyleEase
2019-08-07 17:28 - 2013-10-11 11:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS3
2019-08-07 17:28 - 2013-10-11 00:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2012
2019-08-07 17:28 - 2013-10-10 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-08-07 17:28 - 2013-10-10 13:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2019-08-07 17:28 - 2013-05-05 06:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2019-08-07 17:28 - 2013-05-05 06:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star
2019-08-07 17:28 - 2013-05-05 06:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2019-08-07 17:28 - 2013-05-05 06:25 - 000000000 ____D C:\WINDOWS\SysWOW64\SDA
2019-08-07 17:28 - 2013-05-05 06:17 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2019-08-07 17:28 - 2012-04-16 06:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2019-08-07 17:28 - 2012-04-16 06:59 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2019-08-07 17:28 - 2012-04-16 06:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-08-07 17:28 - 2012-04-16 06:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2019-08-07 17:28 - 2009-07-14 01:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-08-07 16:48 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-08-07 16:48 - 2017-07-27 19:37 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2019-08-07 16:48 - 2013-10-11 11:54 - 000000000 ____D C:\WINDOWS\SysWOW64\spool
2019-08-07 16:46 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Resources
2019-08-07 16:46 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-08-07 16:46 - 2013-11-25 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio Entertainment Ltd
2019-08-07 16:45 - 2017-07-27 19:37 - 000000000 ____D C:\Program Files\Synaptics
2019-08-07 16:45 - 2014-07-31 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Team Corporation
2019-08-07 16:45 - 2013-11-18 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
2019-08-07 16:45 - 2013-10-19 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
2019-08-07 16:45 - 2013-10-10 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2019-08-07 16:39 - 2019-03-19 02:23 - 000000000 ___SD C:\WINDOWS\system32\AppV
2019-08-07 16:39 - 2019-03-19 00:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-08-07 16:39 - 2019-03-19 00:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-08-07 16:39 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\TextInput
2019-08-07 16:39 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2019-08-07 16:39 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-08-07 16:39 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-08-07 16:39 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-08-07 16:39 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-08-07 16:39 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-08-07 16:35 - 2019-03-19 00:56 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-08-07 16:35 - 2019-03-19 00:56 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-08-07 16:22 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2019-08-07 16:22 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2019-08-07 16:22 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2019-08-07 16:22 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2019-08-07 16:22 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2019-08-07 16:22 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2019-08-07 16:22 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\et-EE
2019-08-07 16:22 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2019-08-07 15:35 - 2018-07-19 11:13 - 000000000 ____D C:\ProgramData\Packages
2019-08-07 14:13 - 2018-01-28 10:16 - 000000000 ____D C:\Program Files\rempl
2019-08-07 14:10 - 2016-10-02 21:51 - 000000000 ____D C:\Program Files (x86)\HP Universal Camera Driver
2019-08-07 14:09 - 2016-10-02 22:31 - 000000000 ____D C:\Users\CHAD\AppData\Local\ConnectedDevicesPlatform
2019-08-07 14:07 - 2015-12-08 00:24 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2019-08-07 14:06 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\USOPrivate
2019-08-07 14:04 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Windows Defender
2019-08-07 14:04 - 2019-03-19 00:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-08-07 14:01 - 2019-03-19 00:52 - 000000000 __RSD C:\WINDOWS\Media
2019-08-07 13:42 - 2013-10-10 22:17 - 000000000 ____D C:\Users\CHAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2019-08-07 13:39 - 2019-03-19 00:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-08-07 13:35 - 2018-06-19 14:35 - 000001715 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk
2019-08-07 13:33 - 2013-05-05 06:30 - 000002280 _____ C:\WINDOWS\system32\arcVCapture.pfg
2019-08-07 13:31 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ServiceState
2019-07-26 22:09 - 2016-07-19 00:32 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2019-07-25 19:30 - 2018-01-28 13:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Files in the root of some directories ================
2018-05-18 15:25 - 2018-05-18 15:25 - 007649280 _____ () C:\Program Files (x86)\GUTE1C7.tmp
2013-10-10 23:00 - 2013-10-10 23:00 - 000002032 _____ () C:\Program Files (x86)\INSTALL.LOG
2014-01-19 12:37 - 2019-03-19 16:09 - 000010578 _____ () C:\Users\CHAD\AppData\Roaming\Comma Separated Values.CAL
2014-08-07 23:18 - 2014-08-07 23:18 - 000003584 _____ () C:\Users\CHAD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by CHAD (19-08-2019 19:39:56)
Running from C:\Users\CHAD\Desktop
Windows 10 Pro Version 1903 18362.295 (X64) (2019-08-07 18:06:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-501829448-2021581346-1665667405-500 - Administrator - Disabled)
CHAD (S-1-5-21-501829448-2021581346-1665667405-1001 - Administrator - Enabled) => C:\Users\CHAD
DefaultAccount (S-1-5-21-501829448-2021581346-1665667405-503 - Limited - Disabled)
Guest (S-1-5-21-501829448-2021581346-1665667405-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-501829448-2021581346-1665667405-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-501829448-2021581346-1665667405-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4Team Folder Backup for Outlook (HKLM-x32\...\{E08336DF-56D4-4B43-AC62-C26389E878A8}) (Version: 1.11.0048 - 4Team Corporation)
4Team Sync2 (HKLM-x32\...\{489CC4E7-8014-411E-869E-CBE2E70FBCB3}) (Version: 2.62.2640 - 4Team Corporation)
Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_8bb24e071e5922899698c2105557bd2) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe)
AHV content for Acrobat and Flash (HKLM-x32\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden
Angry Birds (HKLM-x32\...\{8156D076-6317-44AF-AB53-37C2E529D510}) (Version: 3.3.3 - Rovio Entertainment Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\{B3B67519-2201-4C38-8002-D54473D651F9}) (Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
ARIA Engine v1.8.7.2 (HKLM\...\ARIA Engine_is1) (Version: v1.8.7.2 - Plogue Art et Technologie, Inc)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{006C8256-3855-43BF-8BA5-4B4C40F41F71}) (Version: 3.10.0065 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.02.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - Seiko Epson Corporation)
Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.1.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Evernote v. 4.5.4 (HKLM-x32\...\{550BFF6E-7376-11E1-99EA-984BE15F174E}) (Version: 4.5.4.6487 - Evernote Corp.)
Finale (HKLM\...\{9809ED8C-BBFE-4A2A-86E1-0E252627C69C}) (Version: 25.4.1.152 - MakeMusic)
Finale 2012 (HKLM-x32\...\Finale 2012) (Version: 2012.c.r13.3 - MakeMusic)
Garritan ARIA Player v1.872 (HKLM\...\__ARIA_1012___is1) (Version: v1.872 - Garritan)
Garritan Instruments for Finale (HKLM\...\__ARIA_1013___is1) (Version: v2.0.0.4 - Garritan)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.7.0.4062 (HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\GoToMeeting) (Version: 7.7.0.4062 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{22706ADC-74A1-43A0-ABAE-47F84966B909}) (Version: 4.2.50.1 - Hewlett-Packard Company)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP HD Webcam [Fixed] (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.5.8.2 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{7F7E2060-7212-4A53-9875-55173E4BA3F0}) (Version: 5.0.21.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
iTunes (HKLM\...\{A8AF3EF8-5010-4A92-BCCA-90F62A7D62B8}) (Version: 12.9.5.7 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Juniper Networks Network Connect 7.3.0 (HKLM-x32\...\Juniper Network Connect 7.3.0) (Version: 7.3.0.26561 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\Juniper_Setup_Client) (Version: 7.3.7.38707 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LightScribe System Software  1.14.25.1 (HKLM-x32\...\{DA9DAC64-C947-47BA-B411-8A1959B177CF}) (Version: 1.14.25.1 - LightScribe)
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5137.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\OneDriveSetup.exe) (Version: 19.123.0624.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual FoxPro 8.0 Professional - English (HKLM-x32\...\Visual FoxPro 8.0 Professional - English) (Version:  - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MMFonts (HKLM-x32\...\{1DD5D3E6-8DF5-4657-8825-713C499CDCC0}) (Version: 1.1.1.1 - MakeMusic, Inc.)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Firefox 68.0 (x64 en-US) (HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\Mozilla Firefox 68.0 (x64 en-US)) (Version: 68.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{470C8EFE-AEB0-402E-B05A-91E08C201033}) (Version: 8.3.416 - Nero AG)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5137.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5137.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5137.1000 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}) (Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.23 - PDF Complete, Inc)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
RealDownloader (HKLM-x32\...\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}) (Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.58.411.2012 - Realtek)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Self-service Plug-in (HKLM-x32\...\{EF269F8D-1DFE-4C3B-9CE9-09C5773C0CF9}) (Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartMusic (HKLM-x32\...\{287324A5-8034-4720-ACE4-497956793955}) (Version: 1.1.2557 - MakeMusic, Inc.)
StyleEase for CHI Style, Version 5.18 (HKLM-x32\...\StyleEase for CHI Style, Version 5.18) (Version:  - )
SureThing CD Labeler Deluxe 3.0 (HKLM-x32\...\MVApplication1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{ADAA7361-54B8-4FC8-804E-94EC6C11ED68}) (Version: 4.5.133.0 - Validity Sensors, Inc.)
VideoCam Suite (HKLM-x32\...\{8113EBFB-1524-4202-AECF-5F2C037FEF8C}) (Version: 1.00.821 - Panasonic) Hidden
VideoCam Suite 1.0 (HKLM-x32\...\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}) (Version: 1.00.822.0009 - Panasonic Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-21] (HP Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-30] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-07-07] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Sling TV -> C:\Program Files\WindowsApps\SlingTVLLC.SlingTV_7.0.8.0_x86__vgszm6stshdqy [2019-01-10] (Sling TV LLC)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-12-08] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-501829448-2021581346-1665667405-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-501829448-2021581346-1665667405-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\CHAD\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-03-29] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2008-06-08] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-10] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2014-07-14] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-10] (WinZip Computing -> WinZip Computing, S.L.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-03-29] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-10] (WinZip Computing -> WinZip Computing, S.L.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) ==============
2012-03-14 17:10 - 2012-03-14 17:10 - 000007168 _____ ( ) [File not signed] C:\Program Files\Hewlett-Packard\HP Power Assistant\SDKCOMServerLib.dll
2012-02-10 17:26 - 2012-02-10 17:26 - 001083392 _____ () [File not signed] C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2007-01-19 04:23 - 2007-03-29 22:37 - 001559552 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll
2006-08-02 07:52 - 2006-08-02 07:52 - 000126976 ____R (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\asneu.dll
2006-09-14 23:20 - 2006-09-14 23:20 - 000212992 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll
2006-09-14 23:46 - 2006-09-14 23:46 - 000208896 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll
2006-09-14 23:20 - 2006-09-14 23:20 - 000346112 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll
2007-01-12 17:39 - 2007-03-07 19:54 - 000030208 _____ (Adobe Systems Incorporated.) [File not signed] C:\WINDOWS\System32\AdobePDF64.dll
2013-01-23 21:44 - 2013-01-23 21:44 - 000016216 _____ (Hewlett-Packard Company ->  ) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\Interop.HPQWMIEXLib.dll
2013-01-23 21:43 - 2013-01-23 21:43 - 002452824 _____ (Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll
2013-01-23 21:44 - 2013-01-23 21:44 - 000068440 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\CaslSmBios.dll
2013-01-23 21:44 - 2013-01-23 21:44 - 000524632 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\CaslWmi.dll
2019-08-07 13:43 - 2019-08-07 13:43 - 000113496 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
2019-08-07 13:43 - 2019-08-07 13:43 - 000092504 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
2008-08-22 14:19 - 2008-08-22 14:19 - 000033280 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2008-08-22 14:19 - 2008-08-22 14:19 - 000110592 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2013-03-26 21:12 - 2013-03-26 21:12 - 000056832 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HP.Mobile.Shared.dll
2013-05-05 06:28 - 2012-03-27 05:12 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2006-09-15 13:58 - 2006-09-15 13:58 - 000934400 ____R (Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll
2016-05-09 10:20 - 2016-05-09 10:20 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 18:39 - 2009-10-21 18:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2013-10-10 23:02 - 2011-04-18 23:03 - 000120320 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_YLMIUE.DLL
2016-09-14 15:31 - 2016-09-14 15:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\CHAD\Desktop\382013_205256.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\CHAD\Downloads\launch.ica.l94w72b.partial:icasource [241]
AlternateDataStreams: C:\Users\Test\Desktop\382013_205256.mpg:TOC.WMV [130]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2013-11-19 01:47 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CHAD\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Auto run of VideoCam Suite 1.0.lnk => C:\windows\pss\Auto run of VideoCam Suite 1.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "PDF Complete"
HKLM\...\StartupApproved\Run32: => "LTCM Client"
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\StartupApproved\Run: => "Sync2"
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\StartupApproved\Run: => "LightScribe Control Panel"
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0A4CA946-D8F2-4DA2-9C48-00D1ABFA28A3}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7EEE8B6C-1325-4551-8A1E-7BD13F7FBF42}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4FE99483-6678-4ED7-8CFB-70CEBA3AA3F9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C80E0A2D-D4D6-4D80-B774-0C71D0CDE896}] => (Allow) LPort=1900
FirewallRules: [{702C8E58-7DBE-4899-B188-2D5E58F12115}] => (Allow) LPort=2869
FirewallRules: [{8F673CC8-19DA-4432-B278-AE8295FE358F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4218F3CF-7A56-4457-92A9-63C7DDA05193}] => (Allow) C:\Users\CHAD\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{3DB2785F-4B16-4338-9EAE-07B7B1BC5B69}] => (Allow) C:\Users\CHAD\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{8AF69BB1-B3C0-4166-8E20-C09FFC46AB94}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{8DD5F0C7-42FE-46B9-96AE-637EA8BC575B}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{548D157B-1B30-4E68-9019-3804E8082970}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9BC05C6F-F4BF-48B8-B1BA-783516B2CFAE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0BAF798E-26BF-4330-A049-7103674062A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7ABFF0B1-EDAB-42CF-AD27-ACCF903F7F6B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B875CC26-18BA-4FBD-A4C0-19F517F989D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8F4CE8E8-6C35-4DF5-9C4D-0C990D4046B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9E11461F-706F-415F-BF2C-F84CDEDB0ED6}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{79D59C47-6F87-4ED3-A7EE-9ED329564624}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BF39C5FC-18B9-4F0D-AF79-E741D033332D}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{DEDABF5D-1CAD-446D-B606-0A54305B6E3F}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{D5D3916A-814A-4389-95C2-9B4BB0D6CD5D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D21B3193-D597-4A41-BBC7-819BD1D24362}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{3B823970-9F20-4FC6-A177-89AAEC30DA79}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{D3C35D3C-E305-4E70-966A-E9727C39EC17}] => (Allow) LPort=50901
FirewallRules: [{37B01D81-F21C-47D9-AF91-CD96F5E4993A}] => (Allow) LPort=50900
FirewallRules: [{E1CD1D20-7657-47B9-A905-E6EE850762B3}] => (Allow) LPort=3704
FirewallRules: [{86A0C72F-60DD-445D-A9AB-298989664DA6}] => (Allow) LPort=3703
FirewallRules: [{A0DFF23A-A302-4E8F-9D5F-0813EAE6194B}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{3F3B8655-973D-4886-A8E1-CA0C763D4367}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{CC4D25D3-EC57-4E1C-B397-C735C07D24C8}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{907920B6-B9A7-46A8-AFBD-85DD052134FB}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{32CF200B-0009-4011-AD20-040B25D37D40}C:\program files (x86)\bluetooth suite\bttray.exe] => (Allow) C:\program files (x86)\bluetooth suite\bttray.exe No File
FirewallRules: [TCP Query User{6C2943E4-E445-4AF5-AA78-F9DD0B137BE2}C:\program files (x86)\bluetooth suite\bttray.exe] => (Allow) C:\program files (x86)\bluetooth suite\bttray.exe No File
FirewallRules: [UDP Query User{81876520-97BD-4CA0-B913-EC2503C9986A}C:\program files (x86)\bluetooth suite\btvstack.exe] => (Allow) C:\program files (x86)\bluetooth suite\btvstack.exe No File
FirewallRules: [TCP Query User{027213FB-DA73-4E40-84DB-8A220629C2B0}C:\program files (x86)\bluetooth suite\btvstack.exe] => (Allow) C:\program files (x86)\bluetooth suite\btvstack.exe No File
FirewallRules: [{D738F40C-5540-4026-8055-FB8033F9B725}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{18882437-ACF4-4FB4-83E6-F1AE8E4EDF92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BF6244D5-FCA3-4C37-A127-2E3EB301EDCF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9851D075-6F85-4420-9EF2-3D305E3C710B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ED3FD78A-D183-4A33-93ED-744E6911C71E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9B561627-F24C-499A-9648-552B4200720C}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Win7Ui.exe (Qualcomm Atheros -> Qualcomm Atheros) [File not signed]
FirewallRules: [{CA3F0314-0AE1-4904-AD50-600F90FEA1A2}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe No File
FirewallRules: [{5CCBABF9-FB33-47B7-AB4A-EE3E0E5B5F1C}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe No File
FirewallRules: [{70A0FA97-98B3-458C-B439-723BB9ED64B6}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Btvstack.exe No File
FirewallRules: [{52798FC4-2902-4332-A9EB-C75C9FA31364}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{807F0AA6-84CE-4361-ADFA-393CCC53140F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{810E3561-E290-4A51-A59C-DFA53C0B89AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1923BBF8-EA33-4BB7-973B-02B31B46952B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{14986E1A-6351-4828-A91B-DA1C25822B0B}] => (Allow) C:\Users\CHAD\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{D8871A75-4F05-4B8E-A899-4DD5A0A7E011}] => (Allow) C:\Users\CHAD\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{9FB5ECFD-3E67-4091-B5D0-C466AD8FB459}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A6D21721-7D01-4C3E-9EDD-BB2180E504FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E7AE0EB3-ED10-47CA-BA7E-D2469D2CC8F5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5AB31CEB-C7DB-4F39-9245-ADE113B34D9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
07-08-2019 16:34:58 Windows Update
18-08-2019 18:16:39 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (08/19/2019 07:26:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pdiSdkHelperx64.exe, version: 2.2.30.42, time stamp: 0x4f5a57eb
Faulting module name: pdiSdkHelperx64.exe, version: 2.2.30.42, time stamp: 0x4f5a57eb
Exception code: 0xc0000005
Fault offset: 0x0000000000005234
Faulting process id: 0x2808
Faulting application start time: 0x01d556e56c5b3f31
Faulting application path: C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
Faulting module path: C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
Report Id: c620ec9d-eed6-4ffc-bc80-eceba194c792
Faulting package full name:
Faulting package-relative application ID:
Error: (08/19/2019 07:26:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxext.exe, version: 6.15.10.4358, time stamp: 0x567856cc
Faulting module name: igfxext.exe, version: 6.15.10.4358, time stamp: 0x567856cc
Exception code: 0xc0000005
Fault offset: 0x0000000000008274
Faulting process id: 0x22a4
Faulting application start time: 0x01d556e5783dd2f2
Faulting application path: C:\WINDOWS\system32\igfxext.exe
Faulting module path: C:\WINDOWS\system32\igfxext.exe
Report Id: 2c54e956-7c92-4e3a-a878-a2b9ee7183db
Faulting package full name:
Faulting package-relative application ID:
Error: (08/19/2019 07:25:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxext.exe, version: 6.15.10.4358, time stamp: 0x567856cc
Faulting module name: igfxext.exe, version: 6.15.10.4358, time stamp: 0x567856cc
Exception code: 0xc0000005
Fault offset: 0x0000000000008274
Faulting process id: 0x15b0
Faulting application start time: 0x01d556e57268957d
Faulting application path: C:\WINDOWS\system32\igfxext.exe
Faulting module path: C:\WINDOWS\system32\igfxext.exe
Report Id: e15c2cb3-918d-483d-83a0-9c29fe96d448
Faulting package full name:
Faulting package-relative application ID:
Error: (08/19/2019 07:21:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname CHAD-HP.local already in use; will try CHAD-HP-2.local instead
Error: (08/19/2019 07:21:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 CHAD-HP.local. Addr 192.168.1.141
Error: (08/19/2019 07:21:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.141:5353   16 CHAD-HP.local. AAAA 2605:A000:1327:0948:31C2:B840:1C5F:A1FD
Error: (08/19/2019 07:21:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 CHAD-HP.local. AAAA FE80:0000:0000:0000:31C2:B840:1C5F:A1FD
Error: (08/19/2019 07:21:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.141:5353   16 CHAD-HP.local. AAAA 2605:A000:1327:0948:31C2:B840:1C5F:A1FD

System errors:
=============
Error: (08/19/2019 07:24:54 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0xffffa1814ea33010, 0x00000000000000ff, 0x0000000000000000, 0xfffff8022c1895ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: df77c5eb-4be6-431f-b276-8243318eba61.
Error: (08/19/2019 07:22:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (08/19/2019 07:22:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Error: (08/19/2019 07:20:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The CscService service terminated with the following error:
The system cannot find the path specified.
Error: (08/19/2019 07:20:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:27:41 PM on ‎8/‎19/‎2019 was unexpected.
Error: (08/19/2019 06:29:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (08/19/2019 06:29:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Error: (08/19/2019 06:27:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The CscService service terminated with the following error:
The system cannot find the path specified.

Windows Defender:
===================================
Date: 2019-08-18 21:53:54.501
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {53A42DBB-DB75-42D9-8C02-BDE6DAD8B117}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-08-18 19:26:10.208
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.299.2290.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-08-18 02:38:39.088
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.299.2024.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Date: 2019-08-18 02:38:39.087
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.299.2024.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x800705b4
Error description: This operation returned because the timeout period expired.
Date: 2019-08-18 02:38:38.867
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.299.2024.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x800705b4
Error description: This operation returned because the timeout period expired.
CodeIntegrity:
===================================
Date: 2019-08-19 18:14:49.715
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-08-19 18:14:49.699
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-08-19 18:14:45.158
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-08-19 18:14:45.145
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-08-19 18:14:45.030
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-08-19 18:14:45.003
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-08-19 18:14:40.531
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-08-19 18:14:40.174
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Hewlett-Packard 68IRR Ver. F.43 10/07/2013
Motherboard: Hewlett-Packard 17F6
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 82%
Total physical RAM: 3975.55 MB
Available physical RAM: 690.34 MB
Total Virtual: 8071.55 MB
Available Virtual: 4310.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:442.78 GB) (Free:81.92 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:20.69 GB) (Free:3.19 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{21f41576-b56c-11e2-b6da-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: E201C75A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=442.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End of Addition.txt ============================

Edited by ChadA, 19 August 2019 - 05:48 PM.

    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 21 August 2019 - 04:48 AM

Git rid of the email, the password was spoofed from a hacked site where you used it as a sign in.
 

aswMBR.sys failed and threw up an error:  IRQL NOT LESS OR EQUAL

Don't worry about this.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~`

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

 

Start::
CloseProcesses:
CreateRestorePoint:
Task: {0465AC40-B7AA-44EB-B947-64671D9A7735} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2267C3CD-3530-4685-ABBD-B0ACA5AA537D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {26C15821-4D68-4375-AC75-F9AB47D715B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {74B62765-28F5-48DF-9684-6944189AB767} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {7740FC1D-1A11-4E36-A5B1-F8410B7A7236} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7E305DE6-8675-4B18-A220-CAA13D1E298A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {90E3ADEC-3AFD-4318-8C24-795E0641C2D4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9143CAFB-3946-4C12-9C3F-F2CE5B0ECBAB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {92B975A7-791F-4B06-AC75-8D8A06D90E83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9C0B97B0-0659-4D0B-B32C-EEF7594BC694} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BCA20F3F-B57C-402F-847A-466EB21E2A8B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DE817038-3D67-4072-B3B6-58E06A7D9A43} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FF76F358-BA4D-4645-B2C7-443C4E29F27B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-501829448-2021581346-1665667405-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-501829448-2021581346-1665667405-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-501829448-2021581346-1665667405-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
U3 idsvc; no ImagePath
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\Users\CHAD\Desktop\382013_205256.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\CHAD\Downloads\launch.ica.l94w72b.partial:icasource [241]
AlternateDataStreams: C:\Users\Test\Desktop\382013_205256.mpg:TOC.WMV [130]
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
Please post these 3 logs when finished.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 ChadA

ChadA

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 21 August 2019 - 06:58 PM

Thanks for the help.  :)  So no keylogger or hacked webcam?  

 

I ran the processes you described above.  adwCleaner and RogueKiller appear to be newer versions than your instructions describe, but I think I figured it out.

 

Logs:

 

************************

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by CHAD (21-08-2019 17:31:38) Run:1
Running from C:\Users\CHAD\Desktop
Loaded Profiles: CHAD &  (Available Profiles: CHAD & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Task: {0465AC40-B7AA-44EB-B947-64671D9A7735} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2267C3CD-3530-4685-ABBD-B0ACA5AA537D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {26C15821-4D68-4375-AC75-F9AB47D715B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {74B62765-28F5-48DF-9684-6944189AB767} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {7740FC1D-1A11-4E36-A5B1-F8410B7A7236} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7E305DE6-8675-4B18-A220-CAA13D1E298A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {90E3ADEC-3AFD-4318-8C24-795E0641C2D4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9143CAFB-3946-4C12-9C3F-F2CE5B0ECBAB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {92B975A7-791F-4B06-AC75-8D8A06D90E83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9C0B97B0-0659-4D0B-B32C-EEF7594BC694} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BCA20F3F-B57C-402F-847A-466EB21E2A8B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DE817038-3D67-4072-B3B6-58E06A7D9A43} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FF76F358-BA4D-4645-B2C7-443C4E29F27B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-501829448-2021581346-1665667405-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-501829448-2021581346-1665667405-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-501829448-2021581346-1665667405-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-08] (Oracle America, Inc. -> Oracle Corporation)
U3 idsvc; no ImagePath
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\Users\CHAD\Desktop\382013_205256.mpg:TOC.WMV [130]
AlternateDataStreams: C:\Users\CHAD\Downloads\launch.ica.l94w72b.partial:icasource [241]
AlternateDataStreams: C:\Users\Test\Desktop\382013_205256.mpg:TOC.WMV [130]
EmptyTemp:
C:\Windows\Temp\*.*
*****************
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0465AC40-B7AA-44EB-B947-64671D9A7735}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0465AC40-B7AA-44EB-B947-64671D9A7735}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2267C3CD-3530-4685-ABBD-B0ACA5AA537D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2267C3CD-3530-4685-ABBD-B0ACA5AA537D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26C15821-4D68-4375-AC75-F9AB47D715B5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26C15821-4D68-4375-AC75-F9AB47D715B5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74B62765-28F5-48DF-9684-6944189AB767}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74B62765-28F5-48DF-9684-6944189AB767}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7740FC1D-1A11-4E36-A5B1-F8410B7A7236}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7740FC1D-1A11-4E36-A5B1-F8410B7A7236}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E305DE6-8675-4B18-A220-CAA13D1E298A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E305DE6-8675-4B18-A220-CAA13D1E298A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90E3ADEC-3AFD-4318-8C24-795E0641C2D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90E3ADEC-3AFD-4318-8C24-795E0641C2D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9143CAFB-3946-4C12-9C3F-F2CE5B0ECBAB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9143CAFB-3946-4C12-9C3F-F2CE5B0ECBAB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92B975A7-791F-4B06-AC75-8D8A06D90E83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92B975A7-791F-4B06-AC75-8D8A06D90E83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C0B97B0-0659-4D0B-B32C-EEF7594BC694}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C0B97B0-0659-4D0B-B32C-EEF7594BC694}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BCA20F3F-B57C-402F-847A-466EB21E2A8B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCA20F3F-B57C-402F-847A-466EB21E2A8B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE817038-3D67-4072-B3B6-58E06A7D9A43}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE817038-3D67-4072-B3B6-58E06A7D9A43}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF76F358-BA4D-4645-B2C7-443C4E29F27B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF76F358-BA4D-4645-B2C7-443C4E29F27B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-21-501829448-2021581346-1665667405-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-501829448-2021581346-1665667405-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-08] (Oracle America, Inc." => not found
C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-08] (Oracle America, Inc." => not found
C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Users\CHAD\Desktop\382013_205256.mpg => ":TOC.WMV" ADS removed successfully
C:\Users\CHAD\Downloads\launch.ica.l94w72b.partial => ":icasource" ADS removed successfully
C:\Users\Test\Desktop\382013_205256.mpg => ":TOC.WMV" ADS removed successfully
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\ACLM_GeneratedProxy.cs => moved successfully
C:\Windows\Temp\amc9D22.tmp => moved successfully
C:\Windows\Temp\amc9D22.tmp.LOG1 => moved successfully
C:\Windows\Temp\amc9D22.tmp.LOG2 => moved successfully
C:\Windows\Temp\amcAC06.tmp => moved successfully
C:\Windows\Temp\amcAC06.tmp.LOG1 => moved successfully
C:\Windows\Temp\amcAC06.tmp.LOG2 => moved successfully
C:\Windows\Temp\ASPNETSetup_00000.log => moved successfully
C:\Windows\Temp\ASPNETSetup_00001.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190807-1346.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190807-1421.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190807-1451.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190807-1521.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190808-1330.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190808-1335.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190808-1346.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190808-1416.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190808-1446.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190809-1013.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190809-1013a.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190809-1023.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190809-1053.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190809-1123.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190811-1102.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190811-1102a.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190811-1102b.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190811-1115.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190811-1145.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190812-1939.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190812-1939a.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190812-1939b.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190812-1952.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190814-1659.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190814-1706.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190814-1722.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190818-0019.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190818-0020.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190818-0020a.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190818-0158.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190818-0633.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190818-1011.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190818-1103.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190818-1336.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190818-1657.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190818-1940.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190819-1807.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190819-1810.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190819-1827.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190819-1920.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190819-1936.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190821-1723.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190821-1723a.log => moved successfully
C:\Windows\Temp\CHAD-HP-20190821-1725.log => moved successfully
Could not move "C:\Windows\Temp\CHAD-HP-20190821-1731.log" => Scheduled to move on reboot.
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\HealthCheckAC.xml => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\MSI40a5c.LOG => moved successfully
C:\Windows\Temp\MSI40a5d.LOG => moved successfully
C:\Windows\Temp\MSI40a5e.LOG => moved successfully
C:\Windows\Temp\MSI40e64.LOG => moved successfully
C:\Windows\Temp\MSI40e65.LOG => moved successfully
C:\Windows\Temp\MSI42854.LOG => moved successfully
C:\Windows\Temp\MSI74873.LOG => moved successfully
C:\Windows\Temp\MSI74874.LOG => moved successfully
C:\Windows\Temp\MSI74875.LOG => moved successfully
C:\Windows\Temp\MSI74876.LOG => moved successfully
C:\Windows\Temp\MSI74877.LOG => moved successfully
C:\Windows\Temp\MSIeaafb.LOG => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190819180725D20).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190819182750DC4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190821172552D18).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190821173139A28).log" => Scheduled to move on reboot.
C:\Windows\Temp\officeclicktorun.exe_streamserver(20190819180725D20).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20190819182751DC4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20190821172553D18).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(20190821173142A28).log" => Scheduled to move on reboot.
C:\Windows\Temp\ood_stream.x86.en-us.dat => moved successfully
C:\Windows\Temp\ood_stream.x86.x-none.dat => moved successfully
C:\Windows\Temp\tem9BCA.tmp => moved successfully
C:\Windows\Temp\TS_2B3.tmp => moved successfully
C:\Windows\Temp\TS_3AE.tmp => moved successfully
C:\Windows\Temp\TS_6A4F.tmp => moved successfully
C:\Windows\Temp\TS_F05A.tmp => moved successfully
C:\Windows\Temp\TS_F944.tmp => moved successfully
C:\Windows\Temp\wbxtra_08082019_133037.wbt => moved successfully
C:\Windows\Temp\wbxtra_08192019_180725.wbt => moved successfully
C:\Windows\Temp\wbxtra_08192019_182750.wbt => moved successfully
C:\Windows\Temp\wbxtra_08192019_192048.wbt => moved successfully
C:\Windows\Temp\wbxtra_08212019_172553.wbt => moved successfully
========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========
BITS transfer queue => 7626752 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 106952860 B
Java, Flash, Steam htmlcache => 1171 B
Windows/system/drivers => 2311217 B
Edge => 367739421 B
Chrome => 33232390 B
Firefox => 514739758 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 39202 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14144 B
LocalService => 0 B
NetworkService => 16287278 B
NetworkService => 0 B
CHAD => 460041656 B
DefaultAppPool => 39202 B
RecycleBin => 162849036 B
EmptyTemp: => 1.6 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-08-2019 18:04:36)
C:\Windows\Temp\CHAD-HP-20190821-1731.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20190821173139A28).log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20190821173142A28).log => Is moved successfully
==== End of Fixlog 18:04:37 ====

 

 

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-08-21.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-21-2019
# Duration: 00:00:43
# OS:       Windows 10 Pro
# Cleaned:  49
# Failed:   0

***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\banggood.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\iad-usadmm.dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.banggood.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\banggood.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\iad-usadmm.dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.banggood.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driversupport.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\researchnow.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchengineshowdown.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Preinstalled Software ] *****
Deleted       Preinstalled.EpsonCustomerResearchParticipation
Deleted       Preinstalled.HPHealthCheck
Deleted       Preinstalled.HPSupportAssistant
Deleted       Preinstalled.HPTouchSmartMyDisplay
Deleted       Preinstalled.LenovoEasyCamera

*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [5485 octets] - [21/08/2019 18:10:02]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

 

 

RogueKiller Anti-Malware V13.4.3.0 (x64) [Aug 20 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/d...ad/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : CHAD [Administrator]
Started from : C:\Users\CHAD\Desktop\RogueKiller64.exe
Signatures : 20190820_153203, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/08/21 20:54:01 (Duration : 00:50:55)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4218F3CF-7A56-4457-92A9-63C7DDA05193} -- [%localappdata%\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3DB2785F-4B16-4338-9EAE-07B7B1BC5B69} -- [%localappdata%\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{14986E1A-6351-4828-A91B-DA1C25822B0B} -- [%localappdata%\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D8871A75-4F05-4B8E-A899-4DD5A0A7E011} -- [%localappdata%\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe] -> Deleted
[PUP.DllFiles (Potentially Malicious)] dll-files.com -- %_CHAD_appdata%\dll-files.com -> Deleted
[PUP.DllFiles (Potentially Malicious)] Dll-Files.com Fixer -- %programfiles(x86)%\Dll-Files.com Fixer -> Deleted

 

**********************



#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 22 August 2019 - 04:51 AM

So no keylogger or hacked webcam?

I think what you saw/received was called Scare-ware email.
So far no signs of any type of keylogger,  you can check your computer settings to see if your web cam is actively on, make sure its in the Off mode.

~~~~~~~~~~~~~~~~~~~``

Open Malwarebytes Anti-Malware
click the Settings tab,at the top choose Protection and tick Scan for rootkits.
Click the Dashboard tab, choose Scan, Threat Scan is checked and click Start Scan.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here.

~~~~~~~~~~~~~~~~`

G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
  • Once the extraction is complete, the EEK folder will open. Right-click on G0tu5D9.pngstart emergency kit scanner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, open EEK again (in the C:\EEK folder);
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
Please post these 2 logs when finished.

Also, tell me how the computer is now.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 ChadA

ChadA

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 22 August 2019 - 04:01 PM

Again, thanks.  I did the instructions as best I could, though there again appear to be differences in the instructions and the versions I downloaded.

 

Logs:

********************

 

 

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 8/22/19
Scan Time: 4:20 PM
Log File: 3f7a5cba-c51a-11e9-b2c6-b4b52f8e85cd.json
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.12141
License: Trial
-System Information-
OS: Windows 10 (Build 18362.295)
CPU: x64
File System: NTFS
User: CHAD-HP\CHAD
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 427843
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 30 min, 31 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)

(end)

***************************

 

 

Emsisoft Emergency Kit 2019.6.0.9501 stable [en-us]
OS: Windows 10 (Version 10.0, Build 18362, 64-bit Edition)
Forensics log
 Date Component Action Details 
8/22/2019 5:55:59 PM Scanner Scan finished Scanned 84778 objects and found nothing.  
8/22/2019 5:39:13 PM User CHAD-HP\CHAD Scan started Malware Scan  
8/22/2019 5:39:13 PM User CHAD-HP\CHAD Setting modified "Detect PUPs" has been changed to "Enabled".  
8/22/2019 5:38:37 PM User CHAD-HP\CHAD Setting modified "Recommended readings & news" has been changed to "Enabled".  
8/22/2019 5:38:36 PM User Update Downloaded and installed 77 files (17488 kb) (1 min. 2 sec.).  
8/22/2019 5:37:44 PM User CHAD-HP\CHAD Setting modified "Recommended readings & news" has been changed to "Disabled".  
8/22/2019 5:37:35 PM Core Notification "Recommended Reading:Why are so many US public entities being hit by ransomware?".  

******************



#6 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 22 August 2019 - 05:32 PM

 

again appear to be differences in the instructions and the versions I downloaded.

Ok thanks,  they've updated and I didn't know.

 

Tell me what the computer is doing now? any  better?


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 ChadA

ChadA

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 22 August 2019 - 05:41 PM

Seems to be running a good deal faster. Thanks!

#8 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 22 August 2019 - 05:49 PM

I think we can go on and remove tools and quarantine folders.
  • Please download DelFix or from Here and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Click the Run button.
  • -- This will remove the specialized tools we used to disinfect your system.
    Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
    ).
*******
  • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • 6YRrgUC.png Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • jv4nhMJ.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • j1OLIec.png SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • sHjS79L.png Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#9 ChadA

ChadA

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 23 August 2019 - 07:43 AM

Done.  Thanks!



#10 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 23 August 2019 - 02:03 PM

Glad we could help. SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users