mmcintosh Posted April 21, 2020 Report Share Posted April 21, 2020 Please help clean my computer! Link to post Share on other sites
flashh4 Posted April 21, 2020 Report Share Posted April 21, 2020 Howdy Markay and welcome back to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer. Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !! If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !! Perform all actions in the order given. Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Do Not Remove anything or run any tools/programs until advised to do so ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. ================================ Download and run AdwCleaner Download AdwCleaner from here and save it to your desktop. >>> https://downloads.malwarebytes.com/file/adwcleaner run AdwCleaner by clicking on Scan Now when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair if it asks to reboot, allow the reboot on reboot, click on View Log File; please attach the content of the log to your next reply. =================================================== Run Malwarebytes Anti-Malware You may have Malwarebytes Anti-Malware installed but if not, you can download it from here: >>> https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ run the program click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM) click on the ‘Scan’ tab, (directly below the Dashboard tab) select the Threat Scan option slick the Scan Now button Threat Scan will begin when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found if prompted to restart the computer, close all other programs and click Yes to restart your computer once you are back at your desktop, open MBAM once more click on the ‘Reports’ tab double-click on the most recent Scan Report click on Export, then Copy to Clipboard Logs to include with the next post: AdwCleaner log Mbam.txt ==================================== Post the logs from these program by copy & paste them into this topic of yours. Then i will have more for you afterwards !! Thanks Chuck Link to post Share on other sites
mmcintosh Posted April 21, 2020 Author Report Share Posted April 21, 2020 # ------------------------------- # Malwarebytes AdwCleaner 8.0.4.0 # ------------------------------- # Build: 04-03-2020 # Database: 2020-04-08.2 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-21-2020 # Duration: 00:00:26 # OS: Windows 10 Home # Cleaned: 23 # Failed: 1 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\mysearch.avg.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll Deleted HKLM\Software\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted HKLM\Software\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKLM\Software\Wow6432Node\\Classes\AppID\AmazonAppIE.dll Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted AVG Secure Search Deleted https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp Deleted https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp Deleted https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp Deleted https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp Not Deleted AVG Secure Search ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [9031 octets] - [21/04/2020 14:11:16] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## Link to post Share on other sites
flashh4 Posted April 21, 2020 Report Share Posted April 21, 2020 Markay ..... thanks for the log ! Now lets continue ! THIS MUST BE DOWNLOADED & RUN FROM THE DESK TOP or it will not work ! Run Farbar Recovery Scan Tool * Please download Farbar Recovery Scan Tool and save it to your Desktop. >>> https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ * Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. * right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. * press Scan button * it will produce a log called Frst.txt in the same directory the tool is run from * please copy and paste log back here. * the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply. * Logs to include with next post: Frst.txt Addition.txt Thanks Chuck Link to post Share on other sites
mmcintosh Posted April 21, 2020 Author Report Share Posted April 21, 2020 Malwarebyteswww.malwarebytes.com -Log Details- Scan Date: 4/21/20 Scan Time: 3:01 PM Log File: 519a01f8-8413-11ea-bad3-74e6e239d998.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.875 Update Package Version: 1.0.22744 License: Trial -System Information- OS: Windows 10 (Build 17134.1246) CPU: x64 File System: NTFS User: MARKAY\MarKay -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 299963 Threats Detected: 3 Threats Quarantined: 3 Time Elapsed: 5 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 2 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, 11070, -1, 0.0.0, , action, PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, 11070, -1, 0.0.0, , action, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP, Quarantined, 11070, 809559, 1.0.22744, , ame, File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites
flashh4 Posted April 21, 2020 Report Share Posted April 21, 2020 We are getting there ...... the Farbar will take awhile & then i will read through it & write up a fix to clean everything !! Thank you ! Chuck Link to post Share on other sites
mmcintosh Posted April 21, 2020 Author Report Share Posted April 21, 2020 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-04-2020 Ran by MarKay (administrator) on MARKAY (Dell Inc. Inspiron 3543) (21-04-2020 15:37:51) Running from C:\Users\MarKay\Downloads Loaded Profiles: MarKay (Available Profiles: MarKay) Platform: Windows 10 Home Version 1803 17134.1246 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (DELL Inc.) [File not signed] C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe (Google LLC -> Google) C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\SwReporter\81.233.200\software_reporter_tool.exe <4> (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Leader Technologies Inc -> Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\MarKay\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12624.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4> (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Wyse Technology Inc -> ) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3859456 2014-09-05] (Dell Inc.) [File not signed] HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> ) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6287872 2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [84489984 2020-01-03] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04212020152936053\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\MarKay\AppData\Local\Microsoft\Teams\Update.exe [2324624 2020-04-21] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Policies\Explorer: [NoLogOff] 0 HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.113\Installer\chrmstp.exe [2020-04-21] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> c:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2014-02-18] (Broadcom Corporation -> Broadcom Corporation.) Startup: C:\Users\MarKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk [2020-04-21] ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1944437N05PJ;CONNECTION=USB;MONITOR=1; Startup: C:\Users\MarKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-09-05] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05B3C478-8808-4F7A-947C-E0161AC5721B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe Task: {07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {188DB286-66F6-4E53-B82E-FBE8A8E44134} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {1D61B60A-B3F0-4A94-9DC1-0BF0DF6A2564} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4167224 2017-12-19] (Synaptics Incorporated -> Synaptics Incorporated) Task: {1DE82BCC-351D-48D3-8A1D-8BEA3CF6FC1B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation) Task: {2225C9AF-4D25-467A-9A82-6A822565EA54} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.) Task: {24A34E1F-C7DB-4398-930E-AE666DFD13BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4357016 2020-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {2BF00924-F6D5-41AC-8EC5-68E4A7D45CE5} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe] Task: {2FCEF649-8E79-42AD-823C-9740F10B51AE} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [713008 2013-08-22] (Wyse Technology Inc -> ) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {4AFE2147-7209-4E77-9DA3-01B5BDDE50D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-21] (Adobe Inc. -> Adobe) Task: {52DD92D5-D67F-4DC6-8FBD-4272D1505B2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {552B3233-5697-4076-B7BE-8E25223C94B7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-11] (Microsoft Windows -> Microsoft Corporation) Task: {5B09ECA6-BF21-4881-B90D-7EF879FD16D7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink) Task: {5DC68ECD-43E5-4F15-9684-C689FFECE624} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION Task: {670DBF19-0AB9-4296-B664-8A6453B5E4FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {695E1228-FA22-4B77-B92A-812CB46DB629} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2017-07-24] (Apple Inc. -> Apple Inc.) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {74BDE4B1-C3D7-432D-A362-D0D92BCF7F26} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-21] (Adobe Inc. -> Adobe) Task: {7F14A200-542D-42E7-AAD9-AED5DCD4899D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {9543A93A-5CE5-4314-9E89-A7075F4591FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-29] (Google Inc -> Google Inc.) Task: {96045AF9-97E8-4B84-B7C9-3A741A5CEF73} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {98C977F1-38A0-4A71-B1D8-7322F4411DD9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {B01BBD6A-B06D-4BC5-AEDE-97787B097DB2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4357016 2020-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {B2A67C31-8575-4CFF-BC8D-8F78EA47D7DD} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc) Task: {B6954865-E48E-4B03-A345-F47993FA0CCC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {BB0B5233-A0BC-4A95-99FE-7B71720A7394} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) Task: {C02762AE-F09B-40E5-A03C-339C4DB90E90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {C57CCABA-0702-41C4-B0A9-9229865368E3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {C641E95B-C7E4-421A-A877-3487686B1EB0} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {CE239613-B4FD-4C17-9502-8263D69C9D1D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation) Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {CFA0FC04-3529-4284-9E96-FB63EC5A2A31} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {D1F17116-DDE8-4D0D-8877-276D9561C23B} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc) Task: {D67945E7-D83B-45E9-8205-60EFDD08BA95} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.) Task: {DB94ED5F-1552-43C6-A45F-5D8AC4BB8B14} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_Plugin.exe [1458232 2020-04-19] (Adobe Inc. -> Adobe) Task: {DFBE1B10-DD9C-4352-93DB-8485E1E8698A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {E744C069-CE66-4ABA-8F03-1E7E46E6108F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {E7D2D033-B041-4D78-A5CE-999273775454} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {EC36752F-0C6D-49D6-9FC0-FBFA21A03984} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-29] (Google Inc -> Google Inc.) Task: {EC955163-6405-4E8A-B428-86517C524ACE} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [17200 2013-08-22] (Wyse Technology Inc -> ) Task: {F4172F5B-8193-43CC-8EBA-FAFD43DDD659} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.) Task: {F6139BE1-BE7A-4A9C-B5DB-97482E99199A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {FD340491-43DC-40E0-A276-DCD3E2B17D66} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1448320 2020-04-21] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{0b4cae4d-802d-460b-a7fd-4ad38284263d}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{9dd3c540-9e69-40a9-9600-38f0ae087783}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-04-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-04-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation -> Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation -> Microsoft Corporation.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: zld0mb4h.default-1542906549349 FF ProfilePath: C:\Users\MarKay\AppData\Roaming\Mozilla\Firefox\Profiles\zld0mb4h.default-1542906549349 [2020-04-21] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_363.dll [2020-04-19] (Adobe Inc. -> ) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_363.dll [2020-04-19] (Adobe Inc. -> ) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-04-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-04-06] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default [2020-04-21] CHR Notifications: Default -> hxxps://www.facebook.com CHR HomePage: Default -> hxxps://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp CHR StartupUrls: Default -> "hxxps://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp","hxxps://www.google.com/" CHR Extension: (Slides) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29] CHR Extension: (Docs) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-29] CHR Extension: (Google Drive) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-29] CHR Extension: (YouTube) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-29] CHR Extension: (Sheets) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29] CHR Extension: (Google Docs Offline) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-21] CHR Extension: (Gmail) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-21] CHR Extension: (Chrome Media Router) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-21] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10626648 2020-04-10] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc -> Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Leader Technologies Inc -> Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc -> Dell Inc.) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel(R) pGFX -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-21] (Malwarebytes Inc -> Malwarebytes) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink Corp. -> CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265784 2017-12-19] (Synaptics Incorporated -> Synaptics Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] (Wyse Technology Inc -> ) R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] S2 SupportAssistAgent; "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Techporch Incorporated -> Dell Inc.) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Techporch Incorporated -> Dell Computer Corporation) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-04-21] (Malwarebytes Corporation -> Malwarebytes) S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation - Software and Firmware Products -> Intel Corporation) R3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation - Software and Firmware Products -> Intel Corporation) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-04-21] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-04-21] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-04-21] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-04-21] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [124560 2020-04-21] (Malwarebytes Inc -> Malwarebytes) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.) S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek Semiconductor Corp -> Realtek ) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66104 2017-12-19] (Synaptics Incorporated -> Synaptics Incorporated) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394680 2020-04-21] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-21] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-21 15:37 - 2020-04-21 15:40 - 000030765 _____ C:\Users\MarKay\Downloads\FRST.txt 2020-04-21 15:37 - 2020-04-21 15:39 - 000000000 ____D C:\FRST 2020-04-21 15:36 - 2020-04-21 15:37 - 002281984 _____ (Farbar) C:\Users\MarKay\Downloads\FRST64.exe 2020-04-21 15:36 - 2020-04-21 15:36 - 002010624 _____ (Farbar) C:\Users\MarKay\Downloads\Unconfirmed 399113.crdownload 2020-04-21 15:16 - 2020-04-21 15:16 - 000000000 ____D C:\Users\MarKay\AppData\Local\D3DSCache 2020-04-21 15:15 - 2020-04-21 15:15 - 000001607 _____ C:\Users\MarKay\Documents\malware.txt 2020-04-21 15:12 - 2020-04-21 15:29 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2020-04-21 15:12 - 2020-04-21 15:12 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2020-04-21 15:12 - 2020-04-21 15:12 - 000124560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2020-04-21 15:01 - 2020-04-21 15:01 - 000000000 ____D C:\Users\MarKay\AppData\Local\mbam 2020-04-21 14:59 - 2020-04-21 14:59 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-04-21 14:59 - 2020-04-21 14:59 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-04-21 14:59 - 2020-04-21 14:59 - 000000000 ____D C:\Users\MarKay\AppData\Local\mbamtray 2020-04-21 14:58 - 2020-04-21 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2020-04-21 14:58 - 2020-04-21 14:58 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-04-21 14:58 - 2020-04-21 14:58 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-04-21 14:58 - 2020-04-21 14:57 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-04-21 14:58 - 2020-04-21 14:56 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-04-21 14:57 - 2020-04-21 14:57 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-04-21 14:55 - 2020-04-21 14:55 - 001928352 _____ (Malwarebytes) C:\Users\MarKay\Downloads\MBSetup-076981.076981-Consumer.exe 2020-04-21 14:55 - 2020-04-21 14:55 - 000000000 ____D C:\Program Files\Malwarebytes 2020-04-21 14:49 - 2020-04-21 14:49 - 000000000 ____D C:\Users\MarKay\AppData\Roaming\Microsoft Teams 2020-04-21 14:43 - 2020-04-21 14:49 - 000000000 ____D C:\Users\MarKay\AppData\Local\SquirrelTemp 2020-04-21 14:31 - 2020-02-03 17:18 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2020-04-21 14:31 - 2020-02-03 17:18 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2020-04-21 14:10 - 2020-04-21 14:14 - 000000000 ____D C:\AdwCleaner 2020-04-21 14:09 - 2020-04-21 14:09 - 008196784 _____ (Malwarebytes) C:\Users\MarKay\Downloads\adwcleaner_8.0.4.exe 2020-04-21 12:23 - 2019-03-28 03:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2020-04-21 12:23 - 2019-03-28 03:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll 2020-04-21 12:23 - 2019-03-28 03:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2020-04-21 12:23 - 2019-03-28 03:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll 2020-04-21 12:23 - 2019-03-28 00:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll 2020-04-21 12:23 - 2019-03-28 00:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll 2020-04-21 12:23 - 2019-03-28 00:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll 2020-04-21 12:23 - 2019-03-28 00:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll 2020-04-21 12:22 - 2019-03-28 00:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll 2020-04-21 12:22 - 2019-03-28 00:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll 2020-04-21 11:33 - 2020-04-21 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-04-19 21:16 - 2020-04-21 11:38 - 005197368 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2020-04-14 06:19 - 2020-04-14 06:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2020-04-14 06:19 - 2020-04-14 06:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2020-04-14 06:19 - 2020-04-14 06:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2020-04-14 06:19 - 2020-04-14 06:19 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2020-04-09 17:02 - 2019-02-12 23:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2020-04-09 16:35 - 2020-04-09 16:35 - 000000000 ____D C:\WINDOWS\{E9E39016-F1A4-4947-BF49-E0DACA61F95C} 2020-04-06 13:50 - 2019-09-03 23:15 - 000323904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2020-04-06 13:49 - 2020-01-07 03:36 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll 2020-04-06 13:49 - 2020-01-07 03:35 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll 2020-04-06 13:49 - 2020-01-07 03:35 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll 2020-04-06 13:49 - 2020-01-07 02:03 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll 2020-04-06 13:49 - 2020-01-06 21:58 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2020-04-06 13:49 - 2019-11-08 01:45 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll 2020-04-06 13:49 - 2019-11-08 00:03 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll 2020-04-06 13:49 - 2019-11-07 20:40 - 000060216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll 2020-04-06 13:49 - 2019-11-07 20:30 - 000785776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2020-04-06 13:49 - 2019-11-07 20:12 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2020-04-06 13:49 - 2019-10-02 04:11 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\compact.exe 2020-04-06 13:49 - 2019-10-02 03:12 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compact.exe 2020-04-06 13:49 - 2019-10-01 23:04 - 002774120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2020-04-06 13:49 - 2019-10-01 23:00 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2020-04-06 13:49 - 2019-10-01 22:48 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2020-04-06 13:49 - 2019-10-01 22:47 - 002260928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2020-04-06 13:49 - 2019-10-01 22:14 - 001222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2020-04-06 13:49 - 2019-10-01 22:14 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll 2020-04-06 13:49 - 2019-10-01 22:14 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll 2020-04-06 13:49 - 2019-09-04 03:44 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2020-04-06 13:49 - 2019-09-04 03:42 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll 2020-04-06 13:49 - 2019-09-03 22:43 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2020-04-06 13:49 - 2019-09-03 22:40 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2020-04-06 13:49 - 2019-08-07 02:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2020-04-06 13:49 - 2019-08-07 02:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2020-04-06 13:49 - 2019-08-07 01:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2020-04-06 13:49 - 2019-08-07 01:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2020-04-06 13:49 - 2019-08-07 01:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2020-04-06 13:49 - 2019-07-08 20:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll 2020-04-06 13:49 - 2019-07-08 20:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2020-04-06 13:49 - 2019-07-08 20:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll 2020-04-06 13:49 - 2019-06-21 02:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2020-04-06 13:48 - 2020-01-07 03:37 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll 2020-04-06 13:48 - 2020-01-07 03:34 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll 2020-04-06 13:48 - 2020-01-07 03:34 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll 2020-04-06 13:48 - 2020-01-07 02:00 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll 2020-04-06 13:48 - 2020-01-06 21:58 - 000694184 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2020-04-06 13:48 - 2020-01-06 21:48 - 000538912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2020-04-06 13:48 - 2020-01-06 21:29 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2020-04-06 13:48 - 2020-01-06 21:28 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll 2020-04-06 13:48 - 2020-01-06 21:23 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2020-04-06 13:48 - 2020-01-06 21:23 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll 2020-04-06 13:48 - 2020-01-06 21:22 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2020-04-06 13:48 - 2019-11-28 04:31 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2020-04-06 13:48 - 2019-11-28 04:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2020-04-06 13:48 - 2019-11-28 04:30 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2020-04-06 13:48 - 2019-11-28 02:53 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2020-04-06 13:48 - 2019-11-28 02:53 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2020-04-06 13:48 - 2019-11-28 02:52 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2020-04-06 13:48 - 2019-11-27 22:41 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll 2020-04-06 13:48 - 2019-11-27 22:36 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2020-04-06 13:48 - 2019-11-27 22:28 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2020-04-06 13:48 - 2019-11-08 01:41 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2020-04-06 13:48 - 2019-11-07 20:39 - 000227848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2020-04-06 13:48 - 2019-11-07 20:38 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2020-04-06 13:48 - 2019-11-07 20:38 - 000605712 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2020-04-06 13:48 - 2019-11-07 20:38 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2020-04-06 13:48 - 2019-11-07 20:13 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll 2020-04-06 13:48 - 2019-11-07 20:12 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll 2020-04-06 13:48 - 2019-11-07 20:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe 2020-04-06 13:48 - 2019-10-02 04:09 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll 2020-04-06 13:48 - 2019-10-02 04:07 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2020-04-06 13:48 - 2019-10-02 03:11 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prntvpt.dll 2020-04-06 13:48 - 2019-10-01 23:05 - 000092472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys 2020-04-06 13:48 - 2019-10-01 22:51 - 000192312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2020-04-06 13:48 - 2019-10-01 22:50 - 000536832 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2020-04-06 13:48 - 2019-10-01 22:48 - 000402744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2020-04-06 13:48 - 2019-10-01 22:35 - 000465832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2020-04-06 13:48 - 2019-10-01 22:14 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2020-04-06 13:48 - 2019-10-01 22:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2020-04-06 13:48 - 2019-09-13 04:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2020-04-06 13:48 - 2019-09-12 22:47 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2020-04-06 13:48 - 2019-09-12 22:47 - 000081720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys 2020-04-06 13:48 - 2019-09-12 22:47 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys 2020-04-06 13:48 - 2019-09-12 22:21 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2020-04-06 13:48 - 2019-09-12 22:21 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe 2020-04-06 13:48 - 2019-09-12 22:17 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2020-04-06 13:48 - 2019-09-12 22:13 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2020-04-06 13:48 - 2019-09-12 22:13 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll 2020-04-06 13:48 - 2019-09-12 22:11 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2020-04-06 13:48 - 2019-09-03 23:14 - 000594032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2020-04-06 13:48 - 2019-09-03 23:14 - 000420984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll 2020-04-06 13:48 - 2019-09-03 22:45 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll 2020-04-06 13:48 - 2019-09-03 22:45 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys 2020-04-06 13:48 - 2019-08-13 08:44 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll 2020-04-06 13:48 - 2019-08-13 08:43 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll 2020-04-06 13:48 - 2019-08-12 22:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll 2020-04-06 13:48 - 2019-08-12 22:12 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll 2020-04-06 13:48 - 2019-08-12 22:11 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2020-04-06 13:48 - 2019-08-12 20:51 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe 2020-04-06 13:48 - 2019-08-07 01:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll 2020-04-06 13:48 - 2019-08-07 01:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2020-04-06 13:48 - 2019-08-07 01:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2020-04-06 13:48 - 2019-08-07 01:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2020-04-06 13:48 - 2019-08-07 01:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2020-04-06 13:48 - 2019-08-07 01:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2020-04-06 13:48 - 2019-07-08 21:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2020-04-06 13:48 - 2019-07-08 20:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2020-04-06 13:48 - 2019-06-13 00:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2020-04-06 13:48 - 2019-06-13 00:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2020-04-06 13:48 - 2019-06-12 22:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2020-04-06 13:47 - 2020-01-06 22:00 - 000568312 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2020-04-06 13:47 - 2020-01-06 21:59 - 000791352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2020-04-06 13:47 - 2020-01-06 21:58 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2020-04-06 13:47 - 2020-01-06 21:47 - 000222736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2020-04-06 13:47 - 2020-01-06 21:24 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2020-04-06 13:47 - 2019-11-27 22:52 - 025857024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2020-04-06 13:47 - 2019-11-27 22:40 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2020-04-06 13:47 - 2019-11-08 01:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll 2020-04-06 13:47 - 2019-11-08 01:42 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2020-04-06 13:47 - 2019-11-07 20:13 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll 2020-04-06 13:47 - 2019-11-07 20:10 - 001827328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2020-04-06 13:47 - 2019-10-02 04:48 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2020-04-06 13:47 - 2019-10-02 04:47 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2020-04-06 13:47 - 2019-10-02 04:45 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2020-04-06 13:47 - 2019-10-02 04:09 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll 2020-04-06 13:47 - 2019-10-02 02:41 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2020-04-06 13:47 - 2019-10-01 23:01 - 000491208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2020-04-06 13:47 - 2019-10-01 23:00 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2020-04-06 13:47 - 2019-10-01 22:49 - 000550512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2020-04-06 13:47 - 2019-10-01 22:28 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll 2020-04-06 13:47 - 2019-10-01 22:27 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2020-04-06 13:47 - 2019-10-01 22:25 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll 2020-04-06 13:47 - 2019-10-01 22:23 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2020-04-06 13:47 - 2019-10-01 22:22 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2020-04-06 13:47 - 2019-10-01 22:18 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2020-04-06 13:47 - 2019-09-12 22:48 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2020-04-06 13:47 - 2019-09-12 22:20 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe 2020-04-06 13:47 - 2019-09-12 22:20 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll 2020-04-06 13:47 - 2019-09-12 22:20 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2020-04-06 13:47 - 2019-09-12 22:17 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll 2020-04-06 13:47 - 2019-09-12 22:17 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2020-04-06 13:47 - 2019-09-12 22:14 - 001809408 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2020-04-06 13:47 - 2019-09-12 22:12 - 001634304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2020-04-06 13:47 - 2019-09-03 23:13 - 000129040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2020-04-06 13:47 - 2019-09-03 22:43 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2020-04-06 13:47 - 2019-08-12 22:16 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2020-04-06 13:47 - 2019-08-12 22:11 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2020-04-06 13:47 - 2019-08-07 02:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2020-04-06 13:47 - 2019-08-07 01:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll 2020-04-06 13:47 - 2019-08-07 01:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2020-04-06 13:47 - 2019-07-09 01:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll 2020-04-06 13:47 - 2019-07-09 01:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2020-04-06 13:47 - 2019-07-09 00:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll 2020-04-06 13:47 - 2019-07-08 21:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys 2020-04-06 13:47 - 2019-07-08 21:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2020-04-06 13:47 - 2019-07-08 21:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2020-04-06 13:47 - 2019-07-08 20:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2020-04-06 13:47 - 2019-07-08 20:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2020-04-06 13:47 - 2019-06-13 05:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2020-04-06 13:47 - 2019-06-13 05:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2020-04-06 13:47 - 2019-06-13 05:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll 2020-04-06 13:47 - 2019-06-13 05:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2020-04-06 13:47 - 2019-06-13 05:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2020-04-06 13:47 - 2019-06-13 05:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll 2020-04-06 13:47 - 2019-06-13 03:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll 2020-04-06 13:46 - 2020-01-07 03:33 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2020-04-06 13:46 - 2020-01-07 03:32 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-04-06 13:46 - 2020-01-07 01:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-04-06 13:46 - 2020-01-06 20:02 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2020-04-06 13:46 - 2019-11-28 04:52 - 000094216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2020-04-06 13:46 - 2019-11-27 23:09 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2020-04-06 13:46 - 2019-11-27 23:09 - 000636848 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2020-04-06 13:46 - 2019-11-27 22:48 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2020-04-06 13:46 - 2019-11-08 01:46 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2020-04-06 13:46 - 2019-11-08 01:43 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2020-04-06 13:46 - 2019-11-08 01:40 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2020-04-06 13:46 - 2019-11-08 01:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll 2020-04-06 13:46 - 2019-11-08 01:38 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2020-04-06 13:46 - 2019-11-07 23:58 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll 2020-04-06 13:46 - 2019-11-07 23:57 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2020-04-06 13:46 - 2019-11-07 23:55 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2020-04-06 13:46 - 2019-11-07 20:38 - 000466744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2020-04-06 13:46 - 2019-11-07 20:12 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys 2020-04-06 13:46 - 2019-11-07 20:12 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll 2020-04-06 13:46 - 2019-11-07 20:11 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2020-04-06 13:46 - 2019-11-07 20:10 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll 2020-04-06 13:46 - 2019-11-07 20:09 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll 2020-04-06 13:46 - 2019-10-02 04:46 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2020-04-06 13:46 - 2019-10-02 04:29 - 001517480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2020-04-06 13:46 - 2019-10-02 03:24 - 001320640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2020-04-06 13:46 - 2019-10-02 02:25 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll 2020-04-06 13:46 - 2019-10-01 23:19 - 000374584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2020-04-06 13:46 - 2019-10-01 23:01 - 002468048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2020-04-06 13:46 - 2019-10-01 22:48 - 001990056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2020-04-06 13:46 - 2019-10-01 22:48 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2020-04-06 13:46 - 2019-10-01 22:40 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2020-04-06 13:46 - 2019-10-01 22:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll 2020-04-06 13:46 - 2019-10-01 22:19 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll 2020-04-06 13:46 - 2019-10-01 22:18 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll 2020-04-06 13:46 - 2019-09-13 04:40 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe 2020-04-06 13:46 - 2019-09-12 22:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe 2020-04-06 13:46 - 2019-09-12 22:16 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll 2020-04-06 13:46 - 2019-09-12 22:15 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll 2020-04-06 13:46 - 2019-09-12 22:14 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll 2020-04-06 13:46 - 2019-09-04 03:39 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe 2020-04-06 13:46 - 2019-09-03 22:40 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2020-04-06 13:46 - 2019-09-03 22:39 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2020-04-06 13:46 - 2019-08-12 20:49 - 000806328 _____ C:\WINDOWS\SysWOW64\locale.nls 2020-04-06 13:46 - 2019-08-12 20:49 - 000806328 _____ C:\WINDOWS\system32\locale.nls 2020-04-06 13:46 - 2019-08-07 02:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2020-04-06 13:46 - 2019-08-07 02:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll 2020-04-06 13:46 - 2019-08-07 01:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll 2020-04-06 13:46 - 2019-08-07 01:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll 2020-04-06 13:46 - 2019-08-07 01:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2020-04-06 13:46 - 2019-08-07 01:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2020-04-06 13:46 - 2019-08-07 01:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll 2020-04-06 13:46 - 2019-07-08 21:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2020-04-06 13:46 - 2019-07-08 21:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2020-04-06 13:46 - 2019-07-08 20:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2020-04-06 13:46 - 2019-07-08 20:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll 2020-04-06 13:46 - 2019-07-03 22:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2020-04-06 13:46 - 2019-07-03 22:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2020-04-06 13:46 - 2019-07-03 22:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2020-04-06 13:46 - 2019-07-03 22:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2020-04-06 13:46 - 2019-06-13 03:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2020-04-06 13:46 - 2019-06-13 00:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll 2020-04-06 13:46 - 2019-06-13 00:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2020-04-06 13:46 - 2019-06-13 00:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2020-04-06 13:46 - 2019-06-12 22:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2020-04-06 13:45 - 2020-01-06 22:00 - 001224504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-04-06 13:45 - 2020-01-06 22:00 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-04-06 13:45 - 2020-01-06 21:30 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2020-04-06 13:45 - 2020-01-06 21:28 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2020-04-06 13:45 - 2020-01-06 21:27 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2020-04-06 13:45 - 2020-01-06 21:23 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2020-04-06 13:45 - 2019-11-28 04:47 - 000490336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2020-04-06 13:45 - 2019-11-27 23:10 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2020-04-06 13:45 - 2019-11-27 22:49 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2020-04-06 13:45 - 2019-11-08 02:20 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2020-04-06 13:45 - 2019-11-08 02:20 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2020-04-06 13:45 - 2019-11-08 02:20 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2020-04-06 13:45 - 2019-11-07 20:39 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll 2020-04-06 13:45 - 2019-11-07 20:13 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys 2020-04-06 13:45 - 2019-11-07 20:13 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2020-04-06 13:45 - 2019-10-02 04:50 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2020-04-06 13:45 - 2019-10-02 04:46 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2020-04-06 13:45 - 2019-10-02 04:45 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2020-04-06 13:45 - 2019-10-02 04:45 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2020-04-06 13:45 - 2019-10-02 04:45 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll 2020-04-06 13:45 - 2019-10-02 04:45 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2020-04-06 13:45 - 2019-10-02 04:34 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2020-04-06 13:45 - 2019-10-02 04:07 - 001262592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2020-04-06 13:45 - 2019-10-01 23:01 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2020-04-06 13:45 - 2019-10-01 23:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2020-04-06 13:45 - 2019-10-01 23:01 - 000514576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2020-04-06 13:45 - 2019-10-01 23:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2020-04-06 13:45 - 2019-10-01 22:49 - 000088016 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe 2020-04-06 13:45 - 2019-10-01 22:48 - 000103736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2020-04-06 13:45 - 2019-10-01 22:28 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2020-04-06 13:45 - 2019-10-01 22:28 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2020-04-06 13:45 - 2019-10-01 22:26 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL 2020-04-06 13:45 - 2019-10-01 22:26 - 000468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2020-04-06 13:45 - 2019-10-01 22:24 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL 2020-04-06 13:45 - 2019-10-01 22:24 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2020-04-06 13:45 - 2019-10-01 22:24 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2020-04-06 13:45 - 2019-10-01 22:19 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2020-04-06 13:45 - 2019-10-01 22:18 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2020-04-06 13:45 - 2019-10-01 22:17 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2020-04-06 13:45 - 2019-10-01 22:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2020-04-06 13:45 - 2019-10-01 22:16 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe 2020-04-06 13:45 - 2019-10-01 22:15 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2020-04-06 13:45 - 2019-10-01 22:13 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2020-04-06 13:45 - 2019-09-13 04:56 - 000341392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll 2020-04-06 13:45 - 2019-09-13 04:44 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2020-04-06 13:45 - 2019-09-13 04:44 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2020-04-06 13:45 - 2019-09-12 22:21 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2020-04-06 13:45 - 2019-09-12 22:15 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2020-04-06 13:45 - 2019-09-12 22:13 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll 2020-04-06 13:45 - 2019-09-12 22:12 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2020-04-06 13:45 - 2019-09-12 22:11 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll 2020-04-06 13:45 - 2019-09-10 01:17 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2020-04-06 13:45 - 2019-09-03 23:14 - 000361752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2020-04-06 13:45 - 2019-09-03 22:39 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2020-04-06 13:45 - 2019-09-03 22:39 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2020-04-06 13:45 - 2019-09-03 22:39 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2020-04-06 13:45 - 2019-09-03 22:38 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2020-04-06 13:45 - 2019-09-03 22:38 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2020-04-06 13:45 - 2019-08-13 08:42 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2020-04-06 13:45 - 2019-08-13 08:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2020-04-06 13:45 - 2019-08-13 03:49 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2020-04-06 13:45 - 2019-08-07 02:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2020-04-06 13:45 - 2019-08-07 01:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2020-04-06 13:45 - 2019-08-07 01:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll 2020-04-06 13:45 - 2019-08-07 01:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2020-04-06 13:45 - 2019-07-09 02:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2020-04-06 13:45 - 2019-07-09 01:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe 2020-04-06 13:45 - 2019-07-08 21:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2020-04-06 13:45 - 2019-07-08 21:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2020-04-06 13:45 - 2019-07-08 21:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2020-04-06 13:45 - 2019-07-08 21:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2020-04-06 13:45 - 2019-07-08 20:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2020-04-06 13:45 - 2019-07-08 20:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2020-04-06 13:45 - 2019-07-08 20:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2020-04-06 13:45 - 2019-07-08 20:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2020-04-06 13:45 - 2019-07-08 20:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2020-04-06 13:45 - 2019-07-08 20:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2020-04-06 13:45 - 2019-06-13 05:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2020-04-06 13:45 - 2019-06-13 05:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2020-04-06 13:45 - 2019-06-13 05:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2020-04-06 13:45 - 2019-06-13 05:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe 2020-04-06 13:45 - 2019-06-13 03:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2020-04-06 13:45 - 2019-06-13 00:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2020-04-06 13:44 - 2020-01-07 03:34 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll 2020-04-06 13:44 - 2020-01-07 02:01 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll 2020-04-06 13:44 - 2020-01-06 21:59 - 001798664 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2020-04-06 13:44 - 2020-01-06 21:29 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2020-04-06 13:44 - 2020-01-06 21:28 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2020-04-06 13:44 - 2020-01-06 21:28 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2020-04-06 13:44 - 2019-11-28 04:47 - 000790928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2020-04-06 13:44 - 2019-11-28 04:47 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2020-04-06 13:44 - 2019-11-28 04:26 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2020-04-06 13:44 - 2019-11-28 03:07 - 000662840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2020-04-06 13:44 - 2019-11-28 03:06 - 000322360 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2020-04-06 13:44 - 2019-11-27 23:09 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2020-04-06 13:44 - 2019-11-27 22:48 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2020-04-06 13:44 - 2019-11-27 22:41 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2020-04-06 13:44 - 2019-11-27 22:40 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2020-04-06 13:44 - 2019-11-27 22:39 - 000929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2020-04-06 13:44 - 2019-11-27 22:36 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2020-04-06 13:44 - 2019-11-27 22:35 - 001418752 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2020-04-06 13:44 - 2019-11-07 20:39 - 000727584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2020-04-06 13:44 - 2019-11-07 20:39 - 000435728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2020-04-06 13:44 - 2019-11-07 20:31 - 000379432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2020-04-06 13:44 - 2019-11-07 20:12 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2020-04-06 13:44 - 2019-11-07 20:10 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2020-04-06 13:44 - 2019-11-07 20:09 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2020-04-06 13:44 - 2019-10-02 05:14 - 000349216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2020-04-06 13:44 - 2019-10-02 05:08 - 001047568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2020-04-06 13:44 - 2019-10-02 04:27 - 000117240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2020-04-06 13:44 - 2019-10-02 04:06 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2020-04-06 13:44 - 2019-10-02 03:23 - 000106560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe 2020-04-06 13:44 - 2019-10-02 03:07 - 000486400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2020-04-06 13:44 - 2019-10-02 02:53 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2020-04-06 13:44 - 2019-10-01 23:02 - 000210448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2020-04-06 13:44 - 2019-10-01 23:02 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2020-04-06 13:44 - 2019-10-01 23:00 - 000039032 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll 2020-04-06 13:44 - 2019-10-01 22:50 - 000148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2020-04-06 13:44 - 2019-10-01 22:50 - 000095224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2020-04-06 13:44 - 2019-10-01 22:49 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll 2020-04-06 13:44 - 2019-10-01 22:48 - 000430304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll 2020-04-06 13:44 - 2019-10-01 22:48 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll 2020-04-06 13:44 - 2019-10-01 22:47 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2020-04-06 13:44 - 2019-10-01 22:34 - 000129360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2020-04-06 13:44 - 2019-10-01 22:34 - 000081040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2020-04-06 13:44 - 2019-10-01 22:32 - 000412696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll 2020-04-06 13:44 - 2019-10-01 22:28 - 002929152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll 2020-04-06 13:44 - 2019-10-01 22:25 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll 2020-04-06 13:44 - 2019-10-01 22:18 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll 2020-04-06 13:44 - 2019-10-01 22:16 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll 2020-04-06 13:44 - 2019-10-01 22:14 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2020-04-06 13:44 - 2019-10-01 22:09 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2020-04-06 13:44 - 2019-09-13 05:03 - 000586680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2020-04-06 13:44 - 2019-09-13 04:41 - 001644032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2020-04-06 13:44 - 2019-09-13 04:41 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2020-04-06 13:44 - 2019-09-13 04:40 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2020-04-06 13:44 - 2019-09-13 03:18 - 000470512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll 2020-04-06 13:44 - 2019-09-13 03:01 - 001300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2020-04-06 13:44 - 2019-09-13 03:01 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2020-04-06 13:44 - 2019-09-12 22:49 - 000274792 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2020-04-06 13:44 - 2019-09-12 22:48 - 000710240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2020-04-06 13:44 - 2019-09-12 22:21 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll 2020-04-06 13:44 - 2019-09-12 22:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2020-04-06 13:44 - 2019-09-12 22:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2020-04-06 13:44 - 2019-09-12 22:17 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2020-04-06 13:44 - 2019-09-12 22:16 - 000910336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2020-04-06 13:44 - 2019-09-12 22:15 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll 2020-04-06 13:44 - 2019-09-12 22:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2020-04-06 13:44 - 2019-09-12 22:14 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2020-04-06 13:44 - 2019-09-12 22:14 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2020-04-06 13:44 - 2019-09-12 22:13 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2020-04-06 13:44 - 2019-09-12 22:12 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2020-04-06 13:44 - 2019-09-12 22:11 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2020-04-06 13:44 - 2019-09-03 23:13 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2020-04-06 13:44 - 2019-09-03 23:02 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2020-04-06 13:44 - 2019-09-03 22:41 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2020-04-06 13:44 - 2019-09-03 22:40 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2020-04-06 13:44 - 2019-09-03 22:38 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2020-04-06 13:44 - 2019-08-13 12:06 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe 2020-04-06 13:44 - 2019-08-13 03:49 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe 2020-04-06 13:44 - 2019-08-12 22:13 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2020-04-06 13:44 - 2019-08-12 22:13 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll 2020-04-06 13:44 - 2019-08-07 02:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2020-04-06 13:44 - 2019-08-07 02:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2020-04-06 13:44 - 2019-08-07 01:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2020-04-06 13:44 - 2019-08-07 01:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2020-04-06 13:44 - 2019-08-07 01:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2020-04-06 13:44 - 2019-08-07 01:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2020-04-06 13:44 - 2019-08-07 01:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2020-04-06 13:44 - 2019-08-07 01:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2020-04-06 13:44 - 2019-07-09 01:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2020-04-06 13:44 - 2019-07-09 00:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2020-04-06 13:44 - 2019-07-08 21:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2020-04-06 13:44 - 2019-07-08 21:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2020-04-06 13:44 - 2019-07-08 21:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys 2020-04-06 13:44 - 2019-07-08 20:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll 2020-04-06 13:44 - 2019-07-08 20:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2020-04-06 13:44 - 2019-07-08 20:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2020-04-06 13:44 - 2019-07-08 20:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2020-04-06 13:44 - 2019-07-08 20:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2020-04-06 13:44 - 2019-07-03 22:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2020-04-06 13:44 - 2019-07-03 22:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2020-04-06 13:44 - 2019-07-03 22:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2020-04-06 13:44 - 2019-07-03 22:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2020-04-06 13:44 - 2019-06-13 00:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2020-04-06 13:44 - 2019-06-13 00:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2020-04-06 13:44 - 2019-06-13 00:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2020-04-06 13:43 - 2020-01-07 03:54 - 001639864 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-04-06 13:43 - 2020-01-07 02:15 - 001628496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-04-06 13:43 - 2020-01-06 22:00 - 000076328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2020-04-06 13:43 - 2020-01-06 21:59 - 001964176 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2020-04-06 13:43 - 2020-01-06 21:48 - 001659944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2020-04-06 13:43 - 2020-01-06 21:27 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2020-04-06 13:43 - 2020-01-06 21:25 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2020-04-06 13:43 - 2020-01-06 21:24 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2020-04-06 13:43 - 2020-01-06 21:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2020-04-06 13:43 - 2019-11-27 23:11 - 000498072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll 2020-04-06 13:43 - 2019-11-27 23:09 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2020-04-06 13:43 - 2019-11-27 23:09 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2020-04-06 13:43 - 2019-11-27 23:09 - 001141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2020-04-06 13:43 - 2019-11-27 23:09 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2020-04-06 13:43 - 2019-11-27 22:51 - 000424208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2020-04-06 13:43 - 2019-11-27 22:39 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2020-04-06 13:43 - 2019-11-27 22:38 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2020-04-06 13:43 - 2019-11-27 22:28 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2020-04-06 13:43 - 2019-11-07 20:39 - 000500752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2020-04-06 13:43 - 2019-11-07 20:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2020-04-06 13:43 - 2019-10-31 20:10 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2020-04-06 13:43 - 2019-10-02 04:09 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2020-04-06 13:43 - 2019-10-02 04:05 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll 2020-04-06 13:43 - 2019-10-02 03:08 - 000472576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll 2020-04-06 13:43 - 2019-10-02 03:06 - 002406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2020-04-06 13:43 - 2019-10-01 23:00 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2020-04-06 13:43 - 2019-10-01 22:59 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2020-04-06 13:43 - 2019-10-01 22:49 - 000769288 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll 2020-04-06 13:43 - 2019-10-01 22:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2020-04-06 13:43 - 2019-10-01 22:47 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2020-04-06 13:43 - 2019-10-01 22:34 - 000526512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll 2020-04-06 13:43 - 2019-10-01 22:23 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2020-04-06 13:43 - 2019-10-01 22:23 - 004517376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2020-04-06 13:43 - 2019-10-01 22:19 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2020-04-06 13:43 - 2019-10-01 22:18 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2020-04-06 13:43 - 2019-10-01 22:14 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2020-04-06 13:43 - 2019-10-01 22:14 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll 2020-04-06 13:43 - 2019-10-01 22:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2020-04-06 13:43 - 2019-10-01 22:13 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2020-04-06 13:43 - 2019-10-01 22:09 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2020-04-06 13:43 - 2019-09-13 04:40 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2020-04-06 13:43 - 2019-09-13 03:00 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2020-04-06 13:43 - 2019-09-12 22:58 - 007900880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2020-04-06 13:43 - 2019-09-12 22:56 - 005821448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2020-04-06 13:43 - 2019-09-12 22:15 - 002913792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2020-04-06 13:43 - 2019-09-12 22:11 - 000979456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll 2020-04-06 13:43 - 2019-09-09 19:20 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2020-04-06 13:43 - 2019-09-09 19:20 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2020-04-06 13:43 - 2019-09-03 23:24 - 000705336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2020-04-06 13:43 - 2019-09-03 23:14 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2020-04-06 13:43 - 2019-09-03 23:13 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2020-04-06 13:43 - 2019-09-03 23:03 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2020-04-06 13:43 - 2019-09-03 22:42 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2020-04-06 13:43 - 2019-09-03 22:41 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2020-04-06 13:43 - 2019-09-03 22:41 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2020-04-06 13:43 - 2019-08-13 09:04 - 001585304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2020-04-06 13:43 - 2019-08-12 22:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2020-04-06 13:43 - 2019-08-12 22:44 - 001793472 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2020-04-06 13:43 - 2019-08-12 22:12 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2020-04-06 13:43 - 2019-08-12 19:24 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2020-04-06 13:43 - 2019-08-12 18:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2020-04-06 13:43 - 2019-08-07 02:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2020-04-06 13:43 - 2019-07-10 19:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2020-04-06 13:43 - 2019-07-08 21:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2020-04-06 13:43 - 2019-07-08 21:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2020-04-06 13:43 - 2019-07-08 20:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2020-04-06 13:43 - 2019-07-08 20:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2020-04-06 13:43 - 2019-07-08 20:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2020-04-06 13:43 - 2019-07-08 20:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2020-04-06 13:43 - 2019-07-08 20:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2020-04-06 13:43 - 2019-06-19 20:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat 2020-04-06 13:43 - 2019-06-13 05:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2020-04-06 13:43 - 2019-06-13 05:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2020-04-06 13:43 - 2019-06-13 05:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe 2020-04-06 13:43 - 2019-06-13 05:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2020-04-06 13:43 - 2019-06-13 01:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2020-04-06 13:43 - 2019-06-13 01:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2020-04-06 13:43 - 2019-06-13 00:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2020-04-06 13:43 - 2019-06-13 00:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2020-04-06 13:43 - 2019-06-12 22:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2020-04-06 13:42 - 2020-01-07 03:33 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-04-06 13:42 - 2020-01-07 01:59 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-04-06 13:42 - 2020-01-06 22:03 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2020-04-06 13:42 - 2020-01-06 21:59 - 002810896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2020-04-06 13:42 - 2020-01-06 21:58 - 009080848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-04-06 13:42 - 2020-01-06 21:30 - 003403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2020-04-06 13:42 - 2020-01-06 21:27 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2020-04-06 13:42 - 2020-01-06 21:25 - 002179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2020-04-06 13:42 - 2020-01-06 21:25 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2020-04-06 13:42 - 2020-01-06 21:24 - 002163712 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-04-06 13:42 - 2020-01-06 21:24 - 001563648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2020-04-06 13:42 - 2020-01-06 21:24 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-04-06 13:42 - 2020-01-06 21:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2020-04-06 13:42 - 2020-01-06 21:23 - 001058816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2020-04-06 13:42 - 2020-01-06 21:23 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-04-06 13:42 - 2020-01-06 21:23 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2020-04-06 13:42 - 2019-11-28 04:46 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2020-04-06 13:42 - 2019-11-28 03:09 - 001453624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2020-04-06 13:42 - 2019-11-27 23:10 - 002571336 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2020-04-06 13:42 - 2019-11-27 22:49 - 001979960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2020-04-06 13:42 - 2019-11-27 22:35 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2020-04-06 13:42 - 2019-11-27 22:25 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2020-04-06 13:42 - 2019-11-08 01:38 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2020-04-06 13:42 - 2019-11-07 20:38 - 002711352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2020-04-06 13:42 - 2019-11-07 20:10 - 003091968 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2020-04-06 13:42 - 2019-11-07 20:09 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2020-04-06 13:42 - 2019-11-07 20:08 - 003203072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2020-04-06 13:42 - 2019-11-07 20:08 - 002603008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2020-04-06 13:42 - 2019-10-02 04:50 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2020-04-06 13:42 - 2019-10-02 04:48 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2020-04-06 13:42 - 2019-10-02 04:06 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll 2020-04-06 13:42 - 2019-10-02 03:07 - 000645632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll 2020-04-06 13:42 - 2019-10-02 02:42 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2020-04-06 13:42 - 2019-10-01 23:01 - 001288928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-04-06 13:42 - 2019-10-01 22:59 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2020-04-06 13:42 - 2019-10-01 22:59 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2020-04-06 13:42 - 2019-10-01 22:48 - 002421776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2020-04-06 13:42 - 2019-10-01 22:48 - 001922056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys 2020-04-06 13:42 - 2019-10-01 22:47 - 001380312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2020-04-06 13:42 - 2019-10-01 22:47 - 001020280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2020-04-06 13:42 - 2019-10-01 22:47 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2020-04-06 13:42 - 2019-10-01 22:22 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2020-04-06 13:42 - 2019-10-01 22:15 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2020-04-06 13:42 - 2019-10-01 22:11 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll 2020-04-06 13:42 - 2019-09-13 04:57 - 001375456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2020-04-06 13:42 - 2019-09-13 03:17 - 001026280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2020-04-06 13:42 - 2019-09-12 22:48 - 003290584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2020-04-06 13:42 - 2019-09-12 22:47 - 001947168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2020-04-06 13:42 - 2019-09-12 22:36 - 002478152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2020-04-06 13:42 - 2019-09-12 22:35 - 001559272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2020-04-06 13:42 - 2019-09-03 23:04 - 000286616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2020-04-06 13:42 - 2019-08-13 12:21 - 000221016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2020-04-06 13:42 - 2019-06-13 05:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe 2020-04-06 13:42 - 2019-06-13 05:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2020-04-06 13:42 - 2019-06-13 00:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll 2020-04-06 13:42 - 2019-06-13 00:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll 2020-04-06 13:42 - 2019-06-13 00:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll 2020-04-06 13:42 - 2019-06-13 00:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll 2020-04-06 13:42 - 2019-06-12 22:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll 2020-04-06 13:42 - 2019-06-12 22:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll 2020-04-06 13:42 - 2019-06-12 22:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll 2020-04-06 13:41 - 2020-01-07 04:02 - 000403584 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2020-04-06 13:41 - 2020-01-07 03:54 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2020-04-06 13:41 - 2020-01-07 03:37 - 008628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2020-04-06 13:41 - 2020-01-07 02:15 - 000358128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2020-04-06 13:41 - 2020-01-07 02:00 - 007991808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2020-04-06 13:41 - 2020-01-07 01:24 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2020-04-06 13:41 - 2020-01-06 23:27 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2020-04-06 13:41 - 2020-01-06 21:59 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-04-06 13:41 - 2020-01-06 21:49 - 001462192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2020-04-06 13:41 - 2020-01-06 21:48 - 006566448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-04-06 13:41 - 2020-01-06 21:30 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2020-04-06 13:41 - 2020-01-06 21:27 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2020-04-06 13:41 - 2020-01-06 21:26 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2020-04-06 13:41 - 2020-01-06 21:26 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2020-04-06 13:41 - 2020-01-06 21:24 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2020-04-06 13:41 - 2019-11-28 04:27 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2020-04-06 13:41 - 2019-11-27 23:10 - 002161072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2020-04-06 13:41 - 2019-11-27 22:49 - 001651040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2020-04-06 13:41 - 2019-11-27 22:43 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2020-04-06 13:41 - 2019-11-27 22:38 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-04-06 13:41 - 2019-11-27 22:34 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2020-04-06 13:41 - 2019-11-27 22:28 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-04-06 13:41 - 2019-11-08 01:38 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2020-04-06 13:41 - 2019-11-07 23:56 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2020-04-06 13:41 - 2019-11-07 20:39 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2020-04-06 13:41 - 2019-11-07 20:39 - 000494904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2020-04-06 13:41 - 2019-11-07 20:39 - 000440768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2020-04-06 13:41 - 2019-11-07 20:39 - 000209936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2020-04-06 13:41 - 2019-11-07 20:39 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2020-04-06 13:41 - 2019-11-07 20:32 - 000435216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2020-04-06 13:41 - 2019-11-07 20:32 - 000385272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2020-04-06 13:41 - 2019-11-07 20:32 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2020-04-06 13:41 - 2019-11-07 20:32 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2020-04-06 13:41 - 2019-11-07 20:31 - 006053808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2020-04-06 13:41 - 2019-11-07 20:31 - 000665432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2020-04-06 13:41 - 2019-11-07 20:17 - 022736384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-04-06 13:41 - 2019-10-02 05:10 - 004527072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2020-04-06 13:41 - 2019-10-02 05:08 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL 2020-04-06 13:41 - 2019-10-02 04:50 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2020-04-06 13:41 - 2019-10-02 04:45 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2020-04-06 13:41 - 2019-10-02 04:28 - 021411976 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2020-04-06 13:41 - 2019-10-02 04:13 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2020-04-06 13:41 - 2019-10-02 03:11 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2020-04-06 13:41 - 2019-10-02 02:52 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL 2020-04-06 13:41 - 2019-10-01 23:02 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2020-04-06 13:41 - 2019-10-01 22:50 - 006979128 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2020-04-06 13:41 - 2019-10-01 22:47 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2020-04-06 13:41 - 2019-10-01 22:33 - 003330880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll 2020-04-06 13:41 - 2019-10-01 22:26 - 016598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2020-04-06 13:41 - 2019-10-01 22:25 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll 2020-04-06 13:41 - 2019-10-01 22:23 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2020-04-06 13:41 - 2019-10-01 22:21 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2020-04-06 13:41 - 2019-10-01 22:20 - 001647616 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2020-04-06 13:41 - 2019-10-01 22:16 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll 2020-04-06 13:41 - 2019-10-01 22:16 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll 2020-04-06 13:41 - 2019-10-01 22:10 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll 2020-04-06 13:41 - 2019-09-13 04:40 - 000806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2020-04-06 13:41 - 2019-09-13 04:40 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2020-04-06 13:41 - 2019-09-13 04:39 - 002085888 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2020-04-06 13:41 - 2019-09-13 04:39 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2020-04-06 13:41 - 2019-09-13 02:59 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2020-04-06 13:41 - 2019-09-12 22:48 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2020-04-06 13:41 - 2019-09-12 22:17 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2020-04-06 13:41 - 2019-09-12 22:15 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2020-04-06 13:41 - 2019-09-12 22:15 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2020-04-06 13:41 - 2019-09-12 22:13 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2020-04-06 13:41 - 2019-09-12 22:13 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2020-04-06 13:41 - 2019-09-12 22:12 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll 2020-04-06 13:41 - 2019-09-12 22:11 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll 2020-04-06 13:41 - 2019-09-10 01:16 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2020-04-06 13:41 - 2019-09-03 23:14 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2020-04-06 13:41 - 2019-09-03 23:02 - 001805872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2020-04-06 13:41 - 2019-09-03 22:48 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2020-04-06 13:41 - 2019-09-03 22:46 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2020-04-06 13:41 - 2019-09-03 22:45 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2020-04-06 13:41 - 2019-09-03 22:44 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2020-04-06 13:41 - 2019-09-03 22:44 - 003687424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2020-04-06 13:41 - 2019-09-03 22:43 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2020-04-06 13:41 - 2019-09-03 22:43 - 004849664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2020-04-06 13:41 - 2019-09-03 22:43 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2020-04-06 13:41 - 2019-09-03 22:43 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2020-04-06 13:41 - 2019-09-03 22:42 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2020-04-06 13:41 - 2019-09-03 22:42 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2020-04-06 13:41 - 2019-09-03 22:42 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2020-04-06 13:41 - 2019-09-03 22:41 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll 2020-04-06 13:41 - 2019-09-03 22:41 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll 2020-04-06 13:41 - 2019-09-03 22:40 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2020-04-06 13:41 - 2019-09-03 22:40 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2020-04-06 13:41 - 2019-09-03 22:39 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2020-04-06 13:41 - 2019-09-03 22:39 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2020-04-06 13:41 - 2019-08-13 12:06 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2020-04-06 13:41 - 2019-08-13 08:45 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2020-04-06 13:41 - 2019-08-13 08:43 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll 2020-04-06 13:41 - 2019-08-13 03:46 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2020-04-06 13:41 - 2019-08-12 22:17 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2020-04-06 13:41 - 2019-08-12 22:11 - 000737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2020-04-06 13:41 - 2019-08-07 06:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll 2020-04-06 13:41 - 2019-08-07 06:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll 2020-04-06 13:41 - 2019-08-07 06:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll 2020-04-06 13:41 - 2019-08-07 06:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll 2020-04-06 13:41 - 2019-08-07 06:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll 2020-04-06 13:41 - 2019-08-07 06:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll 2020-04-06 13:41 - 2019-08-07 06:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll 2020-04-06 13:41 - 2019-08-07 06:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll 2020-04-06 13:41 - 2019-08-07 01:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2020-04-06 13:41 - 2019-08-07 01:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll 2020-04-06 13:41 - 2019-08-07 01:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll 2020-04-06 13:41 - 2019-08-07 01:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2020-04-06 13:41 - 2019-08-07 01:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2020-04-06 13:41 - 2019-07-09 01:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll 2020-04-06 13:41 - 2019-07-09 01:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe 2020-04-06 13:41 - 2019-07-09 01:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll 2020-04-06 13:41 - 2019-07-08 20:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2020-04-06 13:41 - 2019-07-04 03:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2020-04-06 13:41 - 2019-07-03 22:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2020-04-06 13:41 - 2019-07-03 22:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2020-04-06 13:41 - 2019-07-03 22:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2020-04-06 13:41 - 2019-06-13 05:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll 2020-04-06 13:41 - 2019-06-13 00:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2020-04-06 13:40 - 2019-11-27 22:28 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2020-04-06 13:40 - 2019-11-08 01:43 - 012835328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2020-04-06 13:40 - 2019-11-08 00:00 - 012036096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2020-04-06 13:40 - 2019-11-07 20:40 - 005627280 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2020-04-06 13:40 - 2019-11-07 20:38 - 007447904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2020-04-06 13:40 - 2019-11-07 20:15 - 019386368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-04-06 13:40 - 2019-11-07 20:14 - 004383232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2020-04-06 13:40 - 2019-10-02 04:53 - 004852736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2020-04-06 13:40 - 2019-10-02 04:47 - 000957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2020-04-06 13:40 - 2019-10-02 04:34 - 004098912 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2020-04-06 13:40 - 2019-10-02 04:13 - 006594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2020-04-06 13:40 - 2019-10-02 04:12 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2020-04-06 13:40 - 2019-10-02 03:22 - 020402960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2020-04-06 13:40 - 2019-10-02 03:22 - 003751824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2020-04-06 13:40 - 2019-10-02 03:16 - 005662720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2020-04-06 13:40 - 2019-10-02 02:41 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2020-04-06 13:40 - 2019-10-01 23:21 - 002417744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2020-04-06 13:40 - 2019-10-01 23:20 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2020-04-06 13:40 - 2019-10-01 22:58 - 000795360 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2020-04-06 13:40 - 2019-10-01 22:49 - 001662480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2020-04-06 13:40 - 2019-10-01 22:33 - 001254712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll 2020-04-06 13:40 - 2019-10-01 22:28 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2020-04-06 13:40 - 2019-10-01 22:27 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2020-04-06 13:40 - 2019-10-01 22:16 - 002379264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2020-04-06 13:40 - 2019-09-12 22:58 - 001613096 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2020-04-06 13:40 - 2019-09-12 22:56 - 001299472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2020-04-06 13:40 - 2019-08-13 12:21 - 000665400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2020-04-06 13:40 - 2019-08-13 04:09 - 000771384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2020-04-06 13:40 - 2019-08-13 04:09 - 000571688 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe 2020-04-06 13:40 - 2019-08-13 03:51 - 000905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe 2020-04-06 13:40 - 2019-08-13 03:50 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll 2020-04-06 13:40 - 2019-08-07 06:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2020-04-06 13:40 - 2019-08-07 06:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2020-04-06 13:19 - 2020-04-06 13:20 - 000000000 ____D C:\Program Files (x86)\Teams Installer 2020-04-06 08:17 - 2020-04-21 15:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-21 15:40 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-04-21 15:33 - 2018-05-24 17:01 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-04-21 15:33 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF 2020-04-21 15:31 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-04-21 15:31 - 2015-08-18 17:30 - 000000000 __SHD C:\Users\MarKay\IntelGraphicsProfiles 2020-04-21 15:30 - 2018-05-24 16:49 - 000000000 ____D C:\Users\MarKay 2020-04-21 15:30 - 2017-08-22 00:09 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2020-04-21 15:29 - 2018-05-24 17:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-04-21 15:29 - 2018-05-24 16:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-04-21 15:24 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2020-04-21 15:11 - 2015-08-18 18:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-04-21 15:10 - 2018-04-11 15:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-04-21 15:08 - 2015-01-10 05:44 - 000000000 ____D C:\Program Files (x86)\Amazon 2020-04-21 14:58 - 2018-04-11 17:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-04-21 14:56 - 2015-09-13 13:49 - 000000000 ____D C:\Users\MarKay\AppData\Local\Google 2020-04-21 14:53 - 2016-11-28 10:10 - 000000000 ____D C:\Users\MarKay\AppData\LocalLow\Mozilla 2020-04-21 14:44 - 2018-02-13 15:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2020-04-21 14:43 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps 2020-04-21 14:43 - 2015-08-18 18:41 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-04-21 14:41 - 2018-01-12 07:32 - 000000000 ___RD C:\Users\MarKay\3D Objects 2020-04-21 14:41 - 2015-08-18 17:21 - 000000000 __RHD C:\Users\Public\AccountPictures 2020-04-21 14:30 - 2018-05-24 16:43 - 000501528 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-04-21 14:27 - 2015-08-20 13:23 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2020-04-21 14:27 - 2015-08-20 13:23 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\UNP 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\TextInput 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2020-04-21 14:21 - 2018-04-11 15:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellComponents 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\Provisioning 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\F12 2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ___RD C:\Program Files\Windows Defender 2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2020-04-21 14:18 - 2015-08-20 13:08 - 000000000 ____D C:\Program Files\Microsoft Silverlight 2020-04-21 14:18 - 2015-01-10 05:51 - 000000000 ____D C:\Program Files (x86)\Dropbox 2020-04-21 14:17 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2020-04-21 14:16 - 2019-03-19 01:02 - 000000000 ___HD C:\$WINDOWS.~BT 2020-04-21 14:16 - 2018-05-23 18:21 - 000000000 ___DC C:\WINDOWS\Panther 2020-04-21 14:14 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\Registration 2020-04-21 14:03 - 2018-05-24 17:11 - 000009528 _____ C:\WINDOWS\diagwrn.xml 2020-04-21 14:03 - 2018-05-24 17:11 - 000009528 _____ C:\WINDOWS\diagerr.xml 2020-04-21 13:33 - 2017-12-29 22:11 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-04-21 13:33 - 2017-12-29 22:11 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-04-21 13:33 - 2017-12-29 22:11 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-04-21 12:38 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-04-21 11:59 - 2015-01-10 05:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2020-04-21 11:38 - 2018-07-09 10:03 - 000004584 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-04-21 11:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2020-04-21 11:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2020-04-19 21:18 - 2018-05-24 17:12 - 000004572 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-04-09 16:35 - 2015-01-10 05:30 - 000000000 ____D C:\ProgramData\Temp 2020-04-09 16:30 - 2018-05-24 17:12 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3528668509-3968989764-3154782742-1001 2020-04-09 16:29 - 2018-05-24 16:49 - 000002410 _____ C:\Users\MarKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-04-09 16:29 - 2015-08-18 17:36 - 000000000 ___RD C:\Users\MarKay\OneDrive 2020-04-07 01:48 - 2018-06-14 21:22 - 000000000 ____D C:\ProgramData\Packages 2020-04-07 01:31 - 2018-01-11 19:08 - 000000000 ____D C:\Users\MarKay\AppData\Local\Packages 2020-04-06 14:18 - 2018-04-11 17:38 - 000017800 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2020-04-06 13:05 - 2015-08-20 13:23 - 000000000 ____D C:\Users\MarKay\AppData\Local\Dropbox 2020-04-06 12:53 - 2018-05-24 17:12 - 000003982 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2020-04-06 12:53 - 2018-05-24 17:12 - 000003750 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore 2020-04-06 08:28 - 2019-06-07 16:11 - 000000000 ____D C:\Program Files\CUAssistant 2020-04-06 08:21 - 2015-11-17 00:33 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2020-04-06 08:16 - 2018-01-11 17:03 - 000000000 ____D C:\Program Files\rempl 2020-04-06 08:15 - 2018-05-24 17:12 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2020-04-06 08:15 - 2018-05-24 17:12 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2020-04-06 08:13 - 2017-12-29 22:11 - 000000000 ____D C:\Program Files (x86)\Google ==================== Files in the root of some directories ======== 2016-02-05 21:29 - 2016-08-01 20:16 - 000010886 _____ () C:\Users\MarKay\AppData\Local\OfficeMix_16_0.txt ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Link to post Share on other sites
mmcintosh Posted April 21, 2020 Author Report Share Posted April 21, 2020 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2020 Ran by MarKay (21-04-2020 15:43:09) Running from C:\Users\MarKay\DownloadsWindows 10 Home Version 1803 17134.1246 (X64) (2018-05-24 23:14:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3528668509-3968989764-3154782742-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3528668509-3968989764-3154782742-503 - Limited - Disabled) Guest (S-1-5-21-3528668509-3968989764-3154782742-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3528668509-3968989764-3154782742-1003 - Limited - Enabled) MarKay (S-1-5-21-3528668509-3968989764-3154782742-1001 - Administrator - Enabled) => C:\Users\MarKay WDAGUtilityAccount (S-1-5-21-3528668509-3968989764-3154782742-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Connect 9 Add-in (HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,974,231 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 95.4.441 - Dropbox, Inc.) Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.201 - Dell Inc.) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.113 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) HiddenHP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard) HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.) Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.12624.20466 - Microsoft Corporation)Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Teams) (Version: 1.3.00.362 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 72.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.2 (x64 en-US)) (Version: 72.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 72.0.2.7321 - Mozilla)Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20466 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden Office Mix (HKLM-x32\...\{9c7fb62c-70e4-4bd0-b9f1-d84aa18ff93d}) (Version: 0.1.5720.0 - Microsoft Corporation) Office Mix 32-bit (HKLM-x32\...\{E3702071-B77B-4441-9833-26B9D5BA9300}) (Version: 0.1.5720.0 - Microsoft) Hidden PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology) QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.25 - Dell Inc.)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus) Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.3.0.362 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation) VitalSource Bookshelf (HKLM-x32\...\{f4449697-7673-4d11-b23b-67f894203dc3}) (Version: 6.06.0023 - Ingram Content Group) WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation) Packages: ========= Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-04-07] (Amazon.com) Can You Escape -> C:\Program Files\WindowsApps\Trapped.CanYouEscape_1.1.0.0_x86__bhn6e84ggqs1p [2015-12-27] (Trapped) Candy Zuma -> C:\Program Files\WindowsApps\39904zuelaScott.CandyZuma_1.0.0.0_x86__65bxs6ztfacmp [2015-12-27] (zuelaScott)Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2016-05-30] (Dell Inc) Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-17] (Flipboard)HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64__v10z8vjag6ke6 [2020-04-21] (HP Inc.) Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.5.0_neutral__fphbd361v8tya [2020-04-07] (Hulu.) Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-08-18] (AMZN Mobile LLC) Magic Jigsaw Puzzles -> C:\Program Files\WindowsApps\XIMADINC.MagicPuzzles_4.1.3.0_x64__np8fj6akx2czy [2020-04-21] (ZiMAD) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-06] (Microsoft Corporation) [MS Ad] Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation) Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-12] (Microsoft Corporation) MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-18] (Microsoft Corporation) [MS Ad] MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-18] (Microsoft Corporation) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.26.12334.0_x64__8wekyb3d8bbwe [2018-08-25] (Microsoft Corporation) [MS Ad] MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-06] (Microsoft Corporation) [MS Ad] MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-18] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-07] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-21] (Netflix, Inc.) Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2020-04-07] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\MarKay\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\MarKay\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\MarKay\Dropbox [2015-08-20 13:25] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2014-06-04] (SoftThinks -> ) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2014-06-04] (SoftThinks -> ) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-21] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-21] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2014-12-11 18:40 - 2014-12-11 18:40 - 040622592 ____R () [File not signed] C:\Program Files (x86)\Fitbit Connect\libcef.dll 2014-11-10 20:11 - 2014-11-10 20:11 - 009994752 ____R (The ICU Project) [File not signed] C:\Program Files (x86)\Fitbit Connect\icudt.dll 2015-09-04 17:34 - 2015-09-04 17:34 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll 2015-09-04 17:42 - 2015-09-04 17:42 - 001367040 ____R (winsparkle.org) [File not signed] C:\Program Files (x86)\Fitbit Connect\WinSparkle.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\MarKay\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\sharepoint.com -> hxxps://bgh2-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2016-08-06 11:57 - 000000840 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Dell\DW WLAN Card;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files\WIDCOMM\Bluetooth Software\;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04212020152936053\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MarKay\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bluelava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_rgb.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "DropboxOEM" HKLM\...\StartupApproved\Run32: => "Fitbit Connect" HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{8B198B7B-1246-4DEB-B430-E22F3BA91808}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{BE63A214-A38F-49EF-962B-8DC252741B87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{67E6E94B-1B1C-468E-AC00-EBA4FEBA5B94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C1CCA4CA-38AD-4032-8245-AA87850FFD59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BB7B22F0-DC90-44F1-9910-AB40ADE7CFE9}] => (Allow) C:\Users\MarKay\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File FirewallRules: [{0859531E-CFF4-45ED-8661-6561A5478117}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{4EC2E505-BF36-4A2D-90FC-AB30241489B9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{515336D3-F288-4254-BB1A-0E8127256310}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{7DB312CC-7465-4F82-9465-820D01F900C8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{8757F25E-CF60-455A-AFE4-B5516C3A0430}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (DELL Inc.) [File not signed] FirewallRules: [{1DEADA99-A448-45F7-AC2F-FA076D234E70}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe No File FirewallRules: [{FBAC24DD-8F57-45C4-86F9-1902367C635C}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe (Wyse Technology Inc -> ) FirewallRules: [{4577A218-32FF-45CE-9EB8-EFB025D1E82C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6A435999-EFE6-4651-A4DA-5B2AA5A83FED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{66A2F905-5780-43DA-BD47-01C5430E82F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6B9D5662-B91B-433B-A0DC-E9E523A28ED2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6653B0C2-BBE3-40D2-907F-89EA42F2A37A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A524109E-9ECD-44E9-A1A3-2AA16D7792C9}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{6C3B52F9-19FA-46BA-8A3B-F3F393E0035A}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{509903D2-4870-4C2A-BA74-60E00E8376A1}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{D7719BEC-D878-4371-9446-6FF0A2067DC3}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File FirewallRules: [{C0E76921-EAF6-4B41-976F-6FF145705CDC}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File FirewallRules: [{3C92B7C7-D913-4A3B-B142-25042FFD7A2B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1B213995-8E5D-4E50-BF65-75C54C2F248F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9492DA1E-C21E-4C80-8221-34AC9D2D4E3E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C30FA0D1-CC35-4AFE-9B76-EE5AAD2830F3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{50190491-00B9-4944-8078-B46853ACD5A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F4A11410-CE29-4124-9814-6CBC55A79516}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{DEE2F906-0FB9-4164-BCC2-27B06FACA2B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= Check "VSS" service ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/21/2020 03:26:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 93390 Error: (04/21/2020 03:26:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 93390 Error: (04/21/2020 03:26:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/21/2020 03:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 16015 Error: (04/21/2020 03:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 16015 Error: (04/21/2020 03:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/21/2020 03:14:33 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (04/21/2020 03:14:33 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected System errors: ============= Error: (04/21/2020 03:34:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:34:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:34:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Dell SupportAssist service failed to start due to the following error: The system cannot find the file specified. Error: (04/21/2020 03:33:32 PM) (Source: DCOM) (EventID: 10016) (User: MARKAY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user MarKay\MarKay SID (S-1-5-21-3528668509-3968989764-3154782742-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:30:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:30:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:30:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:29:10 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:11:17 PM on 4/21/2020 was unexpected. Windows Defender: =================================== Date: 2018-08-22 12:49:05.264 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {7BCAB21A-C684-4D88-B1C1-6223E71EB2B4} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-08-22 12:19:12.981 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {57C6BE9F-96E5-45F2-8ABA-559E3F6751AF} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-08-01 18:58:39.688 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C921335A-204A-4EF6-847E-7A4404A6B7BD} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-07-20 22:39:04.739 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {3ADAA31D-B7B3-4B83-9548-B04C0CD0EF17} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-07-20 22:34:47.338 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {0DC92272-82C0-4D73-B77E-21C690264EF1} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-04-21 15:04:27.713 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.313.2035.0 Previous Signature Version: 1.313.2014.0 Update Source: User Signature Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.16900.4 Previous Engine Version: 1.1.16900.4 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2020-04-21 15:04:27.712 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.313.2035.0 Previous Signature Version: 1.313.2014.0 Update Source: User Signature Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.16900.4 Previous Engine Version: 1.1.16900.4 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2020-04-21 12:06:45.001 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.313.2014.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16900.4 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2020-04-21 12:06:45.000 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.313.2014.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16900.4 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2020-04-21 11:32:34.245 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.313.1169.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16900.4 Error code: 0x80070102 Error description: The wait operation timed out. ==================== Memory info =========================== BIOS: Dell Inc. A01 11/04/2014 Motherboard: Dell Inc. 04GKPN Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 75% Total physical RAM: 4007.66 MB Available physical RAM: 981.14 MB Total Virtual: 5927.66 MB Available Virtual: 2616.15 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:920.54 GB) (Free:830.88 GB) NTFS \\?\Volume{9fef599b-2f24-4693-b346-382dcaa9aec6}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS \\?\Volume{43cb8ddf-b77e-4c9e-a7f4-9f3f98b8930f}\ () (Fixed) (Total:0.92 GB) (Free:0.46 GB) NTFS \\?\Volume{37c89ba5-1024-4af1-8d30-8ae05614691d}\ (PBR Image) (Fixed) (Total:8.67 GB) (Free:0.73 GB) NTFS \\?\Volume{8c06b1a0-57fa-4d2d-86d9-3cd6e8e4eb14}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6D52CD60) Partition: GPT. ==================== End of Addition.txt ======================= Link to post Share on other sites
flashh4 Posted April 21, 2020 Report Share Posted April 21, 2020 Markay : Start Farbar Recovery Scan Tool with Administrator privileges (Right click on the FRST icon and select Run as administrator) highlight on the text below and select Copy. beginning with Start:: and finishing with End:: Start:: CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] Task: {07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {188DB286-66F6-4E53-B82E-FBE8A8E44134} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {52DD92D5-D67F-4DC6-8FBD-4272D1505B2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {5DC68ECD-43E5-4F15-9684-C689FFECE624} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION Task: {670DBF19-0AB9-4296-B664-8A6453B5E4FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {96045AF9-97E8-4B84-B7C9-3A741A5CEF73} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {98C977F1-38A0-4A71-B1D8-7322F4411DD9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {B6954865-E48E-4B03-A345-F47993FA0CCC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {C02762AE-F09B-40E5-A03C-339C4DB90E90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {C57CCABA-0702-41C4-B0A9-9229865368E3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {CFA0FC04-3529-4284-9E96-FB63EC5A2A31} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {DFBE1B10-DD9C-4352-93DB-8485E1E8698A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {E744C069-CE66-4ABA-8F03-1E7E46E6108F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {E7D2D033-B041-4D78-A5CE-999273775454} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {F6139BE1-BE7A-4A9C-B5DB-97482E99199A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION S2 SupportAssistAgent; "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [X] FirewallRules: [{1DEADA99-A448-45F7-AC2F-FA076D234E70}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe No File FirewallRules: [{D7719BEC-D878-4371-9446-6FF0A2067DC3}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File FirewallRules: [{C0E76921-EAF6-4B41-976F-6FF145705CDC}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File EmptyTemp: C:\Windows\Temp\*.* End:: ---------------------------- Start FRST (FRST64) with Administrator privileges Press the Fix button. FRST will process the lines copied above from the clipboard. When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from. Please copy and paste its contents in your next reply. Thanks Chuck Link to post Share on other sites
mmcintosh Posted April 21, 2020 Author Report Share Posted April 21, 2020 Fix result of Farbar Recovery Scan Tool (x64) Version: 20-04-2020 Ran by MarKay (21-04-2020 16:30:47) Run:1 Running from C:\Users\MarKay\Downloads Loaded Profiles: MarKay (Available Profiles: MarKay) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] Task: {07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {188DB286-66F6-4E53-B82E-FBE8A8E44134} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {52DD92D5-D67F-4DC6-8FBD-4272D1505B2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {5DC68ECD-43E5-4F15-9684-C689FFECE624} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION Task: {670DBF19-0AB9-4296-B664-8A6453B5E4FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {96045AF9-97E8-4B84-B7C9-3A741A5CEF73} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {98C977F1-38A0-4A71-B1D8-7322F4411DD9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {B6954865-E48E-4B03-A345-F47993FA0CCC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {C02762AE-F09B-40E5-A03C-339C4DB90E90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {C57CCABA-0702-41C4-B0A9-9229865368E3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {CFA0FC04-3529-4284-9E96-FB63EC5A2A31} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {DFBE1B10-DD9C-4352-93DB-8485E1E8698A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {E744C069-CE66-4ABA-8F03-1E7E46E6108F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {E7D2D033-B041-4D78-A5CE-999273775454} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {F6139BE1-BE7A-4A9C-B5DB-97482E99199A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION S2 SupportAssistAgent; "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [X] FirewallRules: [{1DEADA99-A448-45F7-AC2F-FA076D234E70}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe No File FirewallRules: [{D7719BEC-D878-4371-9446-6FF0A2067DC3}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File FirewallRules: [{C0E76921-EAF6-4B41-976F-6FF145705CDC}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File EmptyTemp: C:\Windows\Temp\*.* ***************** Processes closed successfully. Restore point was successfully created. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{188DB286-66F6-4E53-B82E-FBE8A8E44134}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{188DB286-66F6-4E53-B82E-FBE8A8E44134}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52DD92D5-D67F-4DC6-8FBD-4272D1505B2D}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52DD92D5-D67F-4DC6-8FBD-4272D1505B2D}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DC68ECD-43E5-4F15-9684-C689FFECE624}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DC68ECD-43E5-4F15-9684-C689FFECE624}" => removed successfully C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{670DBF19-0AB9-4296-B664-8A6453B5E4FC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{670DBF19-0AB9-4296-B664-8A6453B5E4FC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96045AF9-97E8-4B84-B7C9-3A741A5CEF73}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96045AF9-97E8-4B84-B7C9-3A741A5CEF73}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98C977F1-38A0-4A71-B1D8-7322F4411DD9}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98C977F1-38A0-4A71-B1D8-7322F4411DD9}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6954865-E48E-4B03-A345-F47993FA0CCC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6954865-E48E-4B03-A345-F47993FA0CCC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C02762AE-F09B-40E5-A03C-339C4DB90E90}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C02762AE-F09B-40E5-A03C-339C4DB90E90}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C57CCABA-0702-41C4-B0A9-9229865368E3}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C57CCABA-0702-41C4-B0A9-9229865368E3}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFA0FC04-3529-4284-9E96-FB63EC5A2A31}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFA0FC04-3529-4284-9E96-FB63EC5A2A31}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFBE1B10-DD9C-4352-93DB-8485E1E8698A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFBE1B10-DD9C-4352-93DB-8485E1E8698A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E744C069-CE66-4ABA-8F03-1E7E46E6108F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E744C069-CE66-4ABA-8F03-1E7E46E6108F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7D2D033-B041-4D78-A5CE-999273775454}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7D2D033-B041-4D78-A5CE-999273775454}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyUpload" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6139BE1-BE7A-4A9C-B5DB-97482E99199A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6139BE1-BE7A-4A9C-B5DB-97482E99199A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully HKLM\System\CurrentControlSet\Services\SupportAssistAgent => removed successfully SupportAssistAgent => service removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DEADA99-A448-45F7-AC2F-FA076D234E70}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7719BEC-D878-4371-9446-6FF0A2067DC3}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0E76921-EAF6-4B41-976F-6FF145705CDC}" => removed successfully =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\.ses => moved successfully C:\Windows\Temp\.session64 => moved successfully C:\Windows\Temp\a4fc417f-6d0d-433a-8814-9c156e9a6912_Catalog_Apps.xml => moved successfully C:\Windows\Temp\APPX.32s2wozeta3mitt914e8by6fh.tmp => moved successfully Could not move "C:\Windows\Temp\APPX.3b_6rqixw4b954nd0w7qiy27b.tmp" => Scheduled to move on reboot. C:\Windows\Temp\APPX.436il6nyhidazfwvten77ixeg.tmp => moved successfully Could not move "C:\Windows\Temp\APPX.4whsf8lhrj7f36pnnfa4jbnle.tmp" => Scheduled to move on reboot. C:\Windows\Temp\APPX.63xpm306q5u7ot6bzdodh0gfh.tmp => moved successfully C:\Windows\Temp\APPX.64ggao22foczgu259scmqttuc.tmp => moved successfully C:\Windows\Temp\APPX.682fe8ue7vb0ozqposnwoqoyb.tmp => moved successfully C:\Windows\Temp\APPX.6j94804blpxbgixp8k_4n934b.tmp => moved successfully Could not move "C:\Windows\Temp\APPX.6n4dkf6lhwduo12wqehdce_ic.tmp" => Scheduled to move on reboot. C:\Windows\Temp\APPX.6ohilfoegruqlns324e3h3rbe.tmp => moved successfully C:\Windows\Temp\APPX.7afmvamertmig288cibw27n5b.tmp => moved successfully C:\Windows\Temp\APPX.7cbl56c7sh2bu09iat9f3yqwf.tmp => moved successfully C:\Windows\Temp\APPX.7h9n2fwkls9l53zwyy9mqulsf.tmp => moved successfully C:\Windows\Temp\APPX.8wdfh_ll5o660cmikabkx92o.tmp => moved successfully C:\Windows\Temp\APPX.95b_l72_ukvil51_g9q2nzvtg.tmp => moved successfully C:\Windows\Temp\APPX.95dwqo6hvpemspvu31956surh.tmp => moved successfully C:\Windows\Temp\APPX.ajb503k4weyedqedbk9k2zh6e.tmp => moved successfully C:\Windows\Temp\APPX.aues47qag47lmiaqa0w9bnc7.tmp => moved successfully C:\Windows\Temp\APPX.ayix0u4kfy416czp5lj5b1zih.tmp => moved successfully C:\Windows\Temp\APPX.ba21zhefcv_i672nvji7u4e0c.tmp => moved successfully Could not move "C:\Windows\Temp\APPX.bcgw8yprkivrfslwrsn9a4sjc.tmp" => Scheduled to move on reboot. C:\Windows\Temp\APPX.c3_rp5vwbkhbgcjadxwf6vn1f.tmp => moved successfully C:\Windows\Temp\APPX.cyko10udnwxesezurob2iyo4e.tmp => moved successfully C:\Windows\Temp\APPX.e_s80uqe9vrue9c5_c2anc53g.tmp => moved successfully C:\Windows\Temp\APPX.g0wtkch_pe__ny0ydmu_u0i5g.tmp => moved successfully C:\Windows\Temp\APPX.gb7vbwm6g6zbfe6jl5pe0oboh.tmp => moved successfully C:\Windows\Temp\APPX.gcx6ms54ufx5i849h99w4hx7e.tmp => moved successfully C:\Windows\Temp\APPX.giyte9mtbv7yi_7rsgpd7oxs.tmp => moved successfully C:\Windows\Temp\APPX.i9c0mtgwebaxcuipzm0e2warc.tmp => moved successfully C:\Windows\Temp\APPX.iuibt4bmlbp5i8ezuoaer06be.tmp => moved successfully C:\Windows\Temp\APPX.iyxxfbk7w8d_uwlkqb33ehdgb.tmp => moved successfully C:\Windows\Temp\APPX.k1a5h7mz6xj7bb1uetxjn1r7f.tmp => moved successfully C:\Windows\Temp\APPX.l59c8vxcmv2_y5ufrhz0f9klf.tmp => moved successfully C:\Windows\Temp\APPX.mnjoavdhszlwrjeoan_gl0zqg.tmp => moved successfully C:\Windows\Temp\APPX.p2de9gxc5afy7im75540hn3_h.tmp => moved successfully C:\Windows\Temp\APPX.p7s6wxttw4ya0dorc64eygfq.tmp => moved successfully C:\Windows\Temp\APPX.r78rur4onwamortf3wr8_zg9c.tmp => moved successfully C:\Windows\Temp\APPX.rpaa9kc87jejzk6__4vz3cnb.tmp => moved successfully C:\Windows\Temp\APPX.rqqnsdq1t7u5acitdngzytl8e.tmp => moved successfully C:\Windows\Temp\APPX.spn_g29d2x3tgmwk2d0ebh3t.tmp => moved successfully C:\Windows\Temp\APPX.txg288m96m4g8sedploz222ig.tmp => moved successfully C:\Windows\Temp\APPX.u6mbkrx3axztfvvqyc369d4ce.tmp => moved successfully C:\Windows\Temp\APPX.vchyidvky7eimklob3nloc6j.tmp => moved successfully C:\Windows\Temp\APPX.zkjx3o89h8kcxvincpthh7s8.tmp => moved successfully C:\Windows\Temp\aria-debug-11832.log => moved successfully C:\Windows\Temp\aria-debug-12912.log => moved successfully C:\Windows\Temp\aria-debug-13532.log => moved successfully C:\Windows\Temp\aria-debug-15320.log => moved successfully C:\Windows\Temp\aria-debug-15420.log => moved successfully C:\Windows\Temp\aria-debug-17752.log => moved successfully C:\Windows\Temp\aria-debug-18028.log => moved successfully C:\Windows\Temp\aria-debug-5804.log => moved successfully C:\Windows\Temp\aria-debug-9268.log => moved successfully C:\Windows\Temp\chrome_installer.log => moved successfully C:\Windows\Temp\DMI4F3D.tmp => moved successfully C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully C:\Windows\Temp\HighPerformancePlan.log => moved successfully C:\Windows\Temp\ipconfig.out => moved successfully C:\Windows\Temp\MARKAY-20190207-1321.log => moved successfully C:\Windows\Temp\MARKAY-20190207-1321a.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1439.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1439a.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1729.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1737.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1737a.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1746.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1755.log => moved successfully C:\Windows\Temp\MARKAY-20190429-0648.log => moved successfully C:\Windows\Temp\MARKAY-20190429-0653.log => moved successfully C:\Windows\Temp\MARKAY-20190429-0653a.log => moved successfully C:\Windows\Temp\MARKAY-20190512-2048.log => moved successfully C:\Windows\Temp\MARKAY-20190607-1620.log => moved successfully C:\Windows\Temp\MARKAY-20190607-1620a.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1728.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1741.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1741a.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1818.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1819.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1820.log => moved successfully C:\Windows\Temp\MARKAY-20190619-2226.log => moved successfully C:\Windows\Temp\MARKAY-20190620-0004.log => moved successfully C:\Windows\Temp\MARKAY-20190626-2105.log => moved successfully C:\Windows\Temp\MARKAY-20190626-2105a.log => moved successfully C:\Windows\Temp\MARKAY-20190626-2106.log => moved successfully C:\Windows\Temp\MARKAY-20200406-0815.log => moved successfully C:\Windows\Temp\MARKAY-20200406-0830.log => moved successfully C:\Windows\Temp\MARKAY-20200406-1319.log => moved successfully C:\Windows\Temp\MARKAY-20200406-1319a.log => moved successfully C:\Windows\Temp\MARKAY-20200406-1320.log => moved successfully C:\Windows\Temp\MARKAY-20200407-0317.log => moved successfully C:\Windows\Temp\MARKAY-20200407-0400.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1637.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1637a.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1638.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1707.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1708.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1708a.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1138.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1147.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1159.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1200.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1201.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1414.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1430.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1454.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1511.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1519.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1529.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1536.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1625.log => moved successfully Could not move "C:\Windows\Temp\MARKAY-20200421-1630.log" => Scheduled to move on reboot. C:\Windows\Temp\mat-debug-12440.log => moved successfully C:\Windows\Temp\mat-debug-14380.log => moved successfully C:\Windows\Temp\mat-debug-14844.log => moved successfully C:\Windows\Temp\mat-debug-16016.log => moved successfully C:\Windows\Temp\mat-debug-16688.log => moved successfully C:\Windows\Temp\mat-debug-16764.log => moved successfully C:\Windows\Temp\mat-debug-17244.log => moved successfully C:\Windows\Temp\mat-debug-2268.log => moved successfully C:\Windows\Temp\mat-debug-3912.log => moved successfully C:\Windows\Temp\mat-debug-7984.log => moved successfully C:\Windows\Temp\mbamiservice.log => moved successfully C:\Windows\Temp\mb_errors972.log => moved successfully C:\Windows\Temp\MpCmdRun.log => moved successfully C:\Windows\Temp\MpSigStub.log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(2019021017295834DC).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211159421F58).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(2020042115114510B4).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211529281044).log => moved successfully Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211630558B4).log" => Scheduled to move on reboot. C:\Windows\Temp\PowerPlan.log => moved successfully C:\Windows\Temp\sed2BE8.tmp => moved successfully C:\Windows\Temp\sed594A.tmp => moved successfully C:\Windows\Temp\sed6934.tmp => moved successfully C:\Windows\Temp\sed7E94.tmp => moved successfully C:\Windows\Temp\sedA4CA.tmp => moved successfully C:\Windows\Temp\Silverlight0.log => moved successfully C:\Windows\Temp\SilverlightMSI.log => moved successfully C:\Windows\Temp\TS_D8CA.tmp => moved successfully C:\Windows\Temp\TS_DF33.tmp => moved successfully C:\Windows\Temp\TS_E711.tmp => moved successfully C:\Windows\Temp\TS_E7ED.tmp => moved successfully C:\Windows\Temp\TS_FBA5.tmp => moved successfully C:\Windows\Temp\UsoStoreFile.xml => moved successfully C:\Windows\Temp\{F7ED8E0D-04F6-4080-AA29-4C202436E61F} - OProcSessId.dat => moved successfully ========= End -> "C:\Windows\Temp\*.*" ======== =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 79088601 B Java, Flash, Steam htmlcache => 5003 B Windows/system/drivers => 2375105 B Edge => 1537603 B Chrome => 399750329 B Firefox => 356817602 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 1864219825 B systemprofile32 => 1864219825 B LocalService => 1864224083 B NetworkService => 2225379667 B MarKay => 2469097248 B RecycleBin => 3064734671 B EmptyTemp: => 13.2 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-04-2020 17:31:03) C:\Windows\Temp\APPX.3b_6rqixw4b954nd0w7qiy27b.tmp => Is moved successfully C:\Windows\Temp\APPX.4whsf8lhrj7f36pnnfa4jbnle.tmp => Is moved successfully C:\Windows\Temp\APPX.6n4dkf6lhwduo12wqehdce_ic.tmp => Is moved successfully C:\Windows\Temp\APPX.bcgw8yprkivrfslwrsn9a4sjc.tmp => Is moved successfully C:\Windows\Temp\MARKAY-20200421-1630.log => Is moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211630558B4).log => Is moved successfully ==== End of Fixlog 17:31:03 ==== Link to post Share on other sites
flashh4 Posted April 21, 2020 Report Share Posted April 21, 2020 Markay that looks a lot better than when we started ! The following will remove the tools we used as well as reset system restore points: KpRm Download KpRm by kernel-panik and save it to your desktop. >>> https://toolslib.net/downloads/finish/951-kprm/ * Right-click kprm_(version).exe and select Run as Administrator. * When the tool opens, ensure all boxes are checked, and select Run. * Once complete, click OK. * A log will open in Notepad titled kprm-(date).txt. * Please copy and paste its contents in your next reply. Thanks Chuck One more thing after this program !! Link to post Share on other sites
mmcintosh Posted April 21, 2020 Author Report Share Posted April 21, 2020 # Run at 4/21/2020 5:54:14 PM # KpRm (Kernel-panik) version 2.8 # Website https://kernel-panik.me/tool/kprm/ # Run by MarKay from C:\Users\MarKay\Downloads # Computer Name: MARKAY # OS: Windows 10 X64 (17134) # Number of passes: 1 - Checked options - ~ Registry Backup ~ Delete Tools ~ Restore System Settings ~ UAC Restore ~ Delete Restore Points ~ Create Restore Point ~ Delete Quarantines - Create Registry Backup - ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up ~ [OK] Hive C:\Users\MarKay\NTUSER.dat backed up [OK] Registry Backup: C:\KPRM\backup\2020-04-21-17-54-13 - Delete Tools - ## AdwCleaner [OK] C:\Users\MarKay\Downloads\adwcleaner_8.0.4.exe deleted [OK] C:\AdwCleaner deleted ## FRST [OK] C:\Users\MarKay\Downloads\Addition.txt deleted [OK] C:\Users\MarKay\Downloads\Fixlog.txt deleted [OK] C:\Users\MarKay\Downloads\FRST.exe deleted [OK] C:\Users\MarKay\Downloads\FRST.txt deleted [OK] C:\Users\MarKay\Downloads\FRST64.exe deleted [OK] C:\FRST deleted - Restore System Settings - [OK] Reset WinSock [OK] FLUSHDNS [OK] Hide Hidden file. [OK] Show Extensions for known file types [OK] Hide protected operating system files - Restore UAC - [OK] Set EnableLUA with default (1) value [OK] Set ConsentPromptBehaviorAdmin with default (5) value [OK] Set ConsentPromptBehaviorUser with default (3) value [OK] Set EnableInstallerDetection with default (0) value [OK] Set EnableSecureUIAPaths with default (1) value [OK] Set EnableUIADesktopToggle with default (0) value [OK] Set EnableVirtualization with default (1) value [OK] Set FilterAdministratorToken with default (0) value [OK] Set PromptOnSecureDesktop with default (1) value [OK] Set ValidateAdminCodeSignatures with default (0) value - Clear Restore Points - No system recovery points were found - Create Restore Point - [X] System Restore Point not created - Display System Restore Point - [X] No System Restore point found -- KPRM finished in 212.90s -- Link to post Share on other sites
flashh4 Posted April 22, 2020 Report Share Posted April 22, 2020 Looks real good !! You are clean to go !! Happy Surfing ! Chuck Link to post Share on other sites
flashh4 Posted April 22, 2020 Report Share Posted April 22, 2020 This computer is all clean & i will lock this topic after 5 days ! If Markay needs it re-opened please PM me or any Mod !! All others please start a new topic !! Thanks Chuck Link to post Share on other sites
flashh4 Posted April 27, 2020 Report Share Posted April 27, 2020 Seeing how this computer is now clean i will lock this topic ! If Markay needs this opened back up please PM me or any Mod ! All otheres please start a new topic if help is needed !! Thanks Chuck Link to post Share on other sites
Recommended Posts