Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05.2019 Ran by SLR (administrator) on SWEETIE-DAHLING (Dell Inc. Inspiron 15-5578) (06-05-2019 17:25:24) Running from C:\Users\SLR\Desktop Loaded Profiles: SLR & (Available Profiles: defaultuser0 & SLR) Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\pcdrwi.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] (Samsung Electronics CO., LTD. -> ) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9080848 2016-11-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Cm106Sound] => C:\WINDOWS\Syswow64\cm106.dll [8146944 2009-09-07] (C-Media Corporation) [File not signed] HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-01-09] (Intel(R) Rapid Storage Technology -> Intel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05062019172414112\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05062019172414143\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-4076564316-1935873266-44556536-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05062019172414159\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [File not signed] ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {12304551-6028-4738-9B75-B9593811BF89} - System32\Tasks\refereesreferees => C:\Program Files (x86)\surrey\surrey.exe Task: {27649C89-CF5F-48DF-994B-071D6745970C} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1662200 2019-02-27] (Corel Corporation -> Corel Corporation) Task: {3916BD1A-8130-49EF-B4E3-CEAEC78B8861} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1480712 2016-11-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {46E98259-5F4E-42C6-BE6E-E5F11EF3AC49} - System32\Tasks\AdobeAAMUpdater-1.0-SWEETIE-DAHLING-SLR => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {5FFA52DE-1CF5-4DF2-A6F0-7B56F0EE115D} - System32\Tasks\nizar_harbin => C:\Program Files (x86)\Solid\Mazes.exe Task: {7589701C-A3C6-405F-9839-B344316FA994} - System32\Tasks\nizar_harbinnizar_harbin => C:\Program Files (x86)\Solid\Mazes.exe Task: {78E1E5B7-344C-403E-897F-279BD8DAE614} - System32\Tasks\AdobeGCInvoker-1.0-SWEETIE-DAHLING-SLR => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) Task: {7BC83271-2BF5-4C6D-92EF-1D6311F1B30E} - System32\Tasks\jotted-patna => C:\Program Files (x86)\rounders\Cahners.exe Task: {81555F06-4F4F-4033-88B3-B97D3875B80D} - System32\Tasks\rapp ruhl => C:\Program Files (x86)\Solid\Cahners.exe Task: {921D0334-EE50-48C7-B84D-96C6E4B441E3} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1512920 2019-04-10] (Dell Inc. -> Dell Inc.) Task: {9E5145E0-97FF-4835-A028-DBF25FA90898} - System32\Tasks\referees => C:\Program Files (x86)\surrey\surrey.exe Task: {A29D8E7C-F709-4680-82E3-C9BAACEA7EBE} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [30912 2018-03-20] (Rivet Networks LLC -> DELL) Task: {A6C95916-A3C7-4017-A5A7-038159157E1D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_pepper.exe [1453056 2019-03-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {C31CD62B-D117-4E64-8D90-DC75BDC8716A} - System32\Tasks\jotted-patnajotted-patna => C:\Program Files (x86)\rounders\Cahners.exe Task: {C564F9F6-6B82-4081-AD39-FFED46B62ED7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-24] (Adobe Inc. -> Adobe) Task: {D4612FF3-FED6-49D5-85BF-0ED0904F88EC} - System32\Tasks\rapp ruhlrapp ruhl => C:\Program Files (x86)\Solid\Cahners.exe Task: {EFE96584-B90A-4005-9EC1-06F2C2BA25A8} - System32\Tasks\CorelUpdateHelperTask-1C4DFC7D611817B5DCBA6F1534EDCCAD => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1662200 2019-02-27] (Corel Corporation -> Corel Corporation) Task: {F340ECBA-14FC-4064-A477-16565FB29A8A} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{be89aef4-2958-4da1-b090-dcdd4863c654}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) FireFox: ======== FF DefaultProfile: qdl081mj.default-1556135615430 FF ProfilePath: C:\Users\SLR\AppData\Roaming\Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430 [2019-05-06] FF Homepage: Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430 -> luckychix.com FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\SLR\AppData\Roaming\Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-06] FF Extension: (Baidu Search Update) - C:\Users\SLR\AppData\Roaming\Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430\features\{df675aa4-2c0a-4a37-8eca-e717eccea76f}\baidu-code-update@mozillaonline.com.xpi [2019-05-03] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-24] (Adobe Inc. -> ) FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File] FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-24] (Adobe Inc. -> ) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2019-02-28] (Dell Inc -> Dell Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3363824 2019-02-28] (Dell Inc -> Dell Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2019-02-28] (Dell Inc -> Dell Inc.) R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe [1038144 2019-04-23] (PC-Doctor, Inc. -> PC-Doctor, Inc.) R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [27136 2018-08-02] (Sanford, L.P.) [File not signed] R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-21] (Intel Corporation -> Intel Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17464 2019-01-09] (Intel(R) Rapid Storage Technology -> Intel Corporation) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation) S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-22] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) S3 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [7286880 2019-02-09] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.) R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) S2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-03-20] (Rivet Networks LLC -> CloudBees, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [329736 2016-11-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor) R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2018-11-29] (Samsung Electronics CO., LTD. -> ) R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks LLC -> Rivet Networks) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39896 2019-04-10] (Dell Inc. -> Dell Inc.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-04-10] (Bluestack Systems, Inc. -> Bluestack System Inc. ) R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [40824 2019-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-21] (Intel Corporation -> Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69536 2017-11-21] (Intel Corporation -> Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382880 2017-11-21] (Intel Corporation -> Intel Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-04-27] (Malwarebytes Corporation -> Malwarebytes) R1 Eve; C:\WINDOWS\system32\DRIVERS\eve.sys [41304 2015-01-21] (VSO-SOFTWARE -> ) R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63496 2017-01-12] (Intel(R) Software -> Intel Corporation) R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [31328 2016-08-10] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel) R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017312 2019-01-09] (Intel(R) Rapid Storage Technology -> Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [143984 2016-09-19] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel) R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [80496 2016-08-18] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-05-02] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-05-06] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-05-06] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-06] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-04-24] (Malwarebytes Corporation -> Malwarebytes) R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.) R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8623128 2018-04-04] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [436224 2016-12-15] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3149824 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks LLC -> Rivet Networks, LLC.) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 USBMULCD; C:\WINDOWS\system32\drivers\CM10664.sys [1307648 2009-10-01] (Microsoft Windows Hardware Compatibility Publisher -> C-Media Electronics Inc) R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel(R) Software -> Intel Corporation) S3 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation) S4 ipaonst; System32\drivers\scbnokpi.sys [X] S1 rwptx; \??\C:\Users\SLR\AppData\Local\Temp\wmkvrasd.sys [X] <==== ATTENTION S1 upylqahn; \??\C:\WINDOWS\system32\drivers\upylqahn.sys [X] S1 xpyyvxrh; \??\C:\WINDOWS\system32\drivers\xpyyvxrh.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three months (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-06 19:44 - 2019-05-06 19:53 - 000000000 _____ C:\Recovery.txt 2019-05-06 17:25 - 2019-05-06 17:26 - 000023469 _____ C:\Users\SLR\Desktop\FRST.txt 2019-05-06 17:24 - 2019-05-06 17:24 - 002430464 _____ (Farbar) C:\Users\SLR\Desktop\FRST64.exe 2019-05-06 17:24 - 2019-05-06 17:24 - 000000000 ____D C:\Users\SLR\Desktop\FRST-OlderVersion 2019-05-06 17:23 - 2019-05-06 17:23 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-05-06 17:23 - 2019-05-06 17:23 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-05-06 17:23 - 2019-05-06 17:23 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-05-06 15:39 - 2019-05-06 19:53 - 032505856 _____ C:\WINDOWS\system32\config\SYSTEM 2019-05-06 15:38 - 2019-05-06 15:39 - 032243712 _____ C:\WINDOWS\system32\config\HARDWARE 2019-05-06 11:08 - 2019-05-06 11:08 - 000001396 _____ C:\Users\SLR\Downloads\fixlist(1).txt 2019-05-06 11:08 - 2019-05-06 11:08 - 000000000 _____ C:\Users\SLR\Downloads\fixlist.txt 2019-05-06 10:49 - 2019-05-06 10:57 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-05-03 15:29 - 2019-05-03 15:29 - 054149296 _____ (MiniTool Software Limited ) C:\Users\SLR\Downloads\pw11-pro-demo.exe 2019-05-03 15:18 - 2019-05-03 15:21 - 000000000 ____D C:\Users\SLR\Downloads\b from Babel 2019-05-03 11:54 - 2019-05-03 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2019-05-03 11:54 - 2019-05-03 11:54 - 000000000 ____D C:\Program Files\7-Zip 2019-05-02 19:33 - 2019-05-02 19:33 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-05-02 19:03 - 2019-05-02 19:03 - 000319024 _____ C:\active_protection.txt 2019-05-02 19:03 - 2019-05-02 19:03 - 000035928 _____ C:\url_setting_definitions.txt 2019-05-02 17:10 - 2019-05-06 17:25 - 000000000 ____D C:\FRST 2019-05-02 16:26 - 2019-05-03 12:38 - 000062256 ____H C:\Users\SLR\AppData\Local\IconCache.db.backup 2019-05-02 15:58 - 2019-05-02 15:58 - 000000489 _____ C:\Users\SLR\Documents\email.txt 2019-05-02 13:43 - 2019-05-02 13:43 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-05-01 17:52 - 2019-05-01 17:52 - 000001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk 2019-05-01 17:51 - 2019-05-01 17:51 - 009834432 _____ (Martin Prikryl ) C:\Users\SLR\Downloads\WinSCP-5.15.1-Setup.exe 2019-05-01 17:14 - 2019-05-01 17:14 - 000000000 ____D C:\Users\Public\BlueStacks 2019-05-01 14:15 - 2019-05-01 19:22 - 000000000 ____D C:\Users\SLR\Downloads\a transfer 2019-05-01 13:12 - 2019-05-02 15:58 - 000000000 ____D C:\Users\SLR\Documents\TCB 2019-05-01 13:09 - 2019-05-02 16:46 - 000001140 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt 2019-05-01 12:54 - 2019-05-02 19:01 - 000000000 ____D C:\Program Files\Reimage 2019-05-01 12:32 - 2019-05-01 12:32 - 000001114 _____ C:\Users\SLR\Documents\hosts.txt 2019-04-29 18:36 - 2019-04-29 18:36 - 000000218 _____ C:\Users\SLR\AppData\Local\recently-used.xbel 2019-04-29 13:27 - 2019-04-29 13:27 - 000000000 ____D C:\Users\SLR\AppData\Roaming\inkscape 2019-04-29 13:27 - 2019-04-29 13:27 - 000000000 ____D C:\Users\SLR\AppData\Local\fontconfig 2019-04-29 12:30 - 2019-04-29 13:30 - 000000000 ____D C:\Users\SLR\Downloads\inkscape 2019-04-29 12:29 - 2019-04-29 12:30 - 063666130 _____ C:\Users\SLR\Downloads\inkscape-0.92.4-x64.7z 2019-04-29 11:33 - 2019-04-29 11:33 - 000001194 _____ C:\Users\SLR\AppData\Roaming\SAS7_000.DAT 2019-04-29 11:00 - 2019-05-06 13:26 - 001048576 _____ C:\WINDOWS\system32\secedit.sdb 2019-04-29 11:00 - 2019-05-06 13:26 - 000016384 _____ C:\WINDOWS\system32\secedit.jfm 2019-04-28 12:56 - 2019-05-02 17:52 - 005814992 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-04-28 12:39 - 2019-05-03 14:41 - 000000000 ____D C:\Program Files\Exterminate It! 2019-04-28 12:39 - 2019-04-28 12:39 - 000000939 _____ C:\Users\Public\Desktop\Exterminate It!.lnk 2019-04-28 12:38 - 2019-04-28 12:38 - 021587528 _____ (Curio Systems GmbH) C:\Users\SLR\Downloads\ExterminateItSetup.exe 2019-04-27 10:10 - 2019-04-29 17:57 - 000026328 _____ C:\Users\SLR\Documents\S.ReinekeCV.odt 2019-04-24 17:42 - 2019-04-27 09:43 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2019-04-24 17:41 - 2019-04-24 17:46 - 000000000 ____D C:\ProgramData\HitmanPro 2019-04-24 17:37 - 2019-05-01 11:56 - 000000000 ____D C:\Users\SLR\Desktop\rkill 2019-04-24 16:45 - 2019-04-24 17:41 - 011515648 _____ (SurfRight B.V.) C:\Users\SLR\Downloads\HitmanPro_x64.exe 2019-04-24 16:41 - 2019-04-24 16:41 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\SLR\Downloads\rkill.exe 2019-04-24 15:53 - 2019-05-06 10:57 - 000001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-04-24 15:26 - 2019-04-24 15:26 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-04-24 14:56 - 2019-04-24 14:57 - 000000000 ____D C:\Users\SLR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup 2019-04-24 14:49 - 2019-05-06 11:55 - 000003332 _____ C:\WINDOWS\System32\Tasks\CorelUpdateHelperTask-1C4DFC7D611817B5DCBA6F1534EDCCAD 2019-04-24 13:57 - 2019-05-01 17:16 - 000000000 ____D C:\Users\SLR\AppData\Local\nirusow 2019-04-24 13:55 - 2019-05-06 19:51 - 000000000 ____D C:\Users\SLR\AppData\Local\dtdwagx 2019-04-24 13:55 - 2019-04-24 13:55 - 000000000 ____D C:\Users\SLR\AppData\Local\vdrulge 2019-04-24 13:54 - 2019-05-06 15:39 - 002930176 _____ C:\WINDOWS\system32\simtulnsvc.exe 2019-04-24 13:54 - 2019-04-24 13:57 - 000000000 ____D C:\WINDOWS\system32\pselvno 2019-04-24 13:54 - 2019-04-24 13:54 - 000000000 ____D C:\WINDOWS\SysWOW64\pselvno 2019-04-24 13:53 - 2019-04-24 13:53 - 000000000 ____D C:\Users\SLR\AppData\Roaming\et 2019-04-24 13:52 - 2019-04-24 13:52 - 000004136 _____ C:\WINDOWS\System32\Tasks\jotted-patna 2019-04-24 13:52 - 2019-04-24 13:52 - 000004126 _____ C:\WINDOWS\System32\Tasks\nizar_harbin 2019-04-24 13:52 - 2019-04-24 13:52 - 000004124 _____ C:\WINDOWS\System32\Tasks\rapp ruhl 2019-04-24 13:52 - 2019-04-24 13:52 - 000004122 _____ C:\WINDOWS\System32\Tasks\referees 2019-04-24 13:52 - 2019-04-24 13:52 - 000004006 _____ C:\WINDOWS\System32\Tasks\jotted-patnajotted-patna 2019-04-24 13:52 - 2019-04-24 13:52 - 000003996 _____ C:\WINDOWS\System32\Tasks\nizar_harbinnizar_harbin 2019-04-24 13:52 - 2019-04-24 13:52 - 000003988 _____ C:\WINDOWS\System32\Tasks\rapp ruhlrapp ruhl 2019-04-24 13:52 - 2019-04-24 13:52 - 000003984 _____ C:\WINDOWS\System32\Tasks\refereesreferees 2019-04-24 13:52 - 2019-04-24 13:52 - 000000012 _____ C:\WINDOWS\b79640158 2019-04-24 13:52 - 2019-04-24 13:52 - 000000000 ____D C:\Users\SLR\AppData\Roaming\AGData 2019-04-24 13:51 - 2019-04-24 14:16 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL 2019-04-24 13:50 - 2019-04-24 13:50 - 000000000 ____D C:\Users\SLR\AppData\Local\AdvinstAnalytics 2019-04-24 11:38 - 2019-04-01 13:51 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-04-24 11:38 - 2019-04-01 13:51 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-04-24 06:39 - 2019-04-24 06:39 - 000098229 _____ C:\WINDOWS\uninstaller.dat 2019-04-23 14:01 - 2019-04-29 20:14 - 000000000 ____D C:\Users\SLR\Downloads\marsall project 2019-04-23 13:42 - 2019-04-29 20:02 - 000000000 ____D C:\Users\SLR\Downloads\S Portfolio 2019-04-23 13:29 - 2019-04-02 08:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-04-23 13:29 - 2019-04-02 08:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-04-23 13:29 - 2019-04-02 05:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-04-23 13:29 - 2019-04-02 05:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-04-23 13:29 - 2019-04-02 04:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-04-23 13:29 - 2019-04-02 04:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-04-23 13:29 - 2019-04-02 04:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-04-23 13:29 - 2019-04-02 03:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-04-23 13:29 - 2019-04-02 03:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-04-23 13:29 - 2019-04-02 03:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-04-23 13:29 - 2019-04-02 03:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-04-23 13:29 - 2019-04-02 01:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-04-23 13:29 - 2019-04-02 00:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-04-23 13:29 - 2019-04-02 00:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-04-23 13:29 - 2019-04-02 00:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-04-23 13:29 - 2019-03-14 04:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-04-23 13:29 - 2019-03-14 04:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-04-23 13:29 - 2019-03-14 04:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-04-23 13:29 - 2019-03-14 03:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-04-23 13:29 - 2019-03-14 03:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2019-04-23 13:29 - 2019-03-14 03:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-04-23 13:29 - 2019-03-14 03:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2019-04-23 13:29 - 2019-03-14 03:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2019-04-23 13:28 - 2019-04-02 08:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-04-23 13:28 - 2019-04-02 08:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-04-23 13:28 - 2019-04-02 08:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-04-23 13:28 - 2019-04-02 08:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-04-23 13:28 - 2019-04-02 08:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-04-23 13:28 - 2019-04-02 08:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2019-04-23 13:28 - 2019-04-02 08:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll 2019-04-23 13:28 - 2019-04-02 08:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-04-23 13:28 - 2019-04-02 08:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-04-23 13:28 - 2019-04-02 08:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-04-23 13:28 - 2019-04-02 08:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2019-04-23 13:28 - 2019-04-02 08:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-04-23 13:28 - 2019-04-02 08:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2019-04-23 13:28 - 2019-04-02 08:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll 2019-04-23 13:28 - 2019-04-02 05:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-04-23 13:28 - 2019-04-02 05:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2019-04-23 13:28 - 2019-04-02 05:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2019-04-23 13:28 - 2019-04-02 05:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll 2019-04-23 13:28 - 2019-04-02 05:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-04-23 13:28 - 2019-04-02 05:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2019-04-23 13:28 - 2019-04-02 05:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-04-23 13:28 - 2019-04-02 04:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-04-23 13:28 - 2019-04-02 04:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-04-23 13:28 - 2019-04-02 04:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-04-23 13:28 - 2019-04-02 04:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-04-23 13:28 - 2019-04-02 04:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-04-23 13:28 - 2019-04-02 04:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-04-23 13:28 - 2019-04-02 04:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-04-23 13:28 - 2019-04-02 04:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-04-23 13:28 - 2019-04-02 04:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2019-04-23 13:28 - 2019-04-02 04:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-04-23 13:28 - 2019-04-02 04:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2019-04-23 13:28 - 2019-04-02 04:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-04-23 13:28 - 2019-04-02 04:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-04-23 13:28 - 2019-04-02 04:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-04-23 13:28 - 2019-04-02 03:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-04-23 13:28 - 2019-04-02 03:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2019-04-23 13:28 - 2019-04-02 03:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-04-23 13:28 - 2019-04-02 03:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-04-23 13:28 - 2019-04-02 03:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2019-04-23 13:28 - 2019-04-02 03:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-04-23 13:28 - 2019-04-02 03:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-04-23 13:28 - 2019-04-02 03:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-04-23 13:28 - 2019-04-02 03:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-04-23 13:28 - 2019-04-02 03:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2019-04-23 13:28 - 2019-04-02 03:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-04-23 13:28 - 2019-04-02 03:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2019-04-23 13:28 - 2019-04-02 03:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2019-04-23 13:28 - 2019-04-02 03:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-04-23 13:28 - 2019-04-02 02:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2019-04-23 13:28 - 2019-04-02 01:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-04-23 13:28 - 2019-04-02 01:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-04-23 13:28 - 2019-04-02 01:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-04-23 13:28 - 2019-04-02 01:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2019-04-23 13:28 - 2019-04-02 00:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-04-23 13:28 - 2019-04-02 00:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-04-23 13:28 - 2019-04-02 00:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2019-04-23 13:28 - 2019-04-02 00:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll 2019-04-23 13:28 - 2019-04-02 00:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2019-04-23 13:28 - 2019-04-02 00:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2019-04-23 13:28 - 2019-04-02 00:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-04-23 13:28 - 2019-04-02 00:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-04-23 13:28 - 2019-03-16 08:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-04-23 13:28 - 2019-03-16 05:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-04-23 13:28 - 2019-03-14 10:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2019-04-23 13:28 - 2019-03-14 10:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2019-04-23 13:28 - 2019-03-14 10:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll 2019-04-23 13:28 - 2019-03-14 10:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2019-04-23 13:28 - 2019-03-14 10:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys 2019-04-23 13:28 - 2019-03-14 10:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys 2019-04-23 13:28 - 2019-03-14 10:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe 2019-04-23 13:28 - 2019-03-14 10:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll 2019-04-23 13:28 - 2019-03-14 10:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll 2019-04-23 13:28 - 2019-03-14 10:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2019-04-23 13:28 - 2019-03-14 10:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll 2019-04-23 13:28 - 2019-03-14 10:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll 2019-04-23 13:28 - 2019-03-14 10:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2019-04-23 13:28 - 2019-03-14 09:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll 2019-04-23 13:28 - 2019-03-14 09:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe 2019-04-23 13:28 - 2019-03-14 09:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll 2019-04-23 13:28 - 2019-03-14 09:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll 2019-04-23 13:28 - 2019-03-14 09:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2019-04-23 13:28 - 2019-03-14 09:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll 2019-04-23 13:28 - 2019-03-14 04:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2019-04-23 13:28 - 2019-03-14 04:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-04-23 13:28 - 2019-03-14 04:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-04-23 13:28 - 2019-03-14 04:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll 2019-04-23 13:28 - 2019-03-14 04:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-04-23 13:28 - 2019-03-14 04:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2019-04-23 13:28 - 2019-03-14 04:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2019-04-23 13:28 - 2019-03-14 04:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-04-23 13:28 - 2019-03-14 04:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll 2019-04-23 13:28 - 2019-03-14 04:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-04-23 13:28 - 2019-03-14 04:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-04-23 13:28 - 2019-03-14 04:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-04-23 13:28 - 2019-03-14 04:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-04-23 13:28 - 2019-03-14 04:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-04-23 13:28 - 2019-03-14 04:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2019-04-23 13:28 - 2019-03-14 04:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-04-23 13:28 - 2019-03-14 04:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2019-04-23 13:28 - 2019-03-14 04:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys 2019-04-23 13:28 - 2019-03-14 04:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2019-04-23 13:28 - 2019-03-14 04:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-04-23 13:28 - 2019-03-14 04:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-04-23 13:28 - 2019-03-14 04:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-04-23 13:28 - 2019-03-14 04:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-04-23 13:28 - 2019-03-14 04:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2019-04-23 13:28 - 2019-03-14 04:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll 2019-04-23 13:28 - 2019-03-14 04:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll 2019-04-23 13:28 - 2019-03-14 04:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-04-23 13:28 - 2019-03-14 04:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-04-23 13:28 - 2019-03-14 04:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2019-04-23 13:28 - 2019-03-14 04:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2019-04-23 13:28 - 2019-03-14 04:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll 2019-04-23 13:28 - 2019-03-14 04:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll 2019-04-23 13:28 - 2019-03-14 04:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2019-04-23 13:28 - 2019-03-14 04:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2019-04-23 13:28 - 2019-03-14 04:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2019-04-23 13:28 - 2019-03-14 04:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2019-04-23 13:28 - 2019-03-14 04:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll 2019-04-23 13:28 - 2019-03-14 04:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-04-23 13:28 - 2019-03-14 04:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2019-04-23 13:28 - 2019-03-14 04:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2019-04-23 13:28 - 2019-03-14 04:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-04-23 13:28 - 2019-03-14 04:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2019-04-23 13:28 - 2019-03-14 03:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2019-04-23 13:28 - 2019-03-14 03:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-04-23 13:28 - 2019-03-14 03:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2019-04-23 13:28 - 2019-03-14 03:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2019-04-23 13:28 - 2019-03-14 03:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2019-04-23 13:28 - 2019-03-14 03:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2019-04-23 13:28 - 2019-03-14 03:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-04-23 13:28 - 2019-03-14 03:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe 2019-04-23 13:28 - 2019-03-14 03:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2019-04-23 13:28 - 2019-03-14 03:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2019-04-23 13:28 - 2019-03-14 03:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2019-04-23 13:28 - 2019-03-14 03:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-04-23 13:28 - 2019-03-14 03:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2019-04-23 13:28 - 2019-03-14 03:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll 2019-04-23 13:28 - 2019-03-14 03:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-04-23 13:28 - 2019-03-14 03:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-04-23 13:28 - 2019-03-14 03:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll 2019-04-23 13:28 - 2019-03-14 03:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2019-04-23 13:28 - 2019-03-14 03:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-04-23 13:28 - 2019-03-14 03:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2019-04-23 13:28 - 2019-03-14 03:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2019-04-23 13:28 - 2019-03-14 03:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2019-04-23 13:28 - 2019-03-13 21:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-04-23 13:28 - 2019-03-13 21:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2019-04-23 13:28 - 2019-03-13 21:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2019-04-23 13:28 - 2019-03-13 21:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-04-23 13:28 - 2019-03-13 21:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-04-01 16:11 - 2019-04-27 10:03 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-04-01 16:11 - 2019-04-01 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-04-01 16:11 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-03-13 14:12 - 2019-03-06 11:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-03-13 14:12 - 2019-03-06 11:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2019-03-13 14:12 - 2019-03-06 11:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2019-03-13 14:12 - 2019-03-06 11:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys 2019-03-13 14:12 - 2019-03-06 11:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2019-03-13 14:12 - 2019-03-06 11:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2019-03-13 14:12 - 2019-03-06 11:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2019-03-13 14:12 - 2019-03-06 11:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2019-03-13 14:12 - 2019-03-06 08:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2019-03-13 14:12 - 2019-03-06 08:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2019-03-13 14:12 - 2019-03-06 08:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2019-03-13 14:12 - 2019-03-06 05:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2019-03-13 14:12 - 2019-03-06 05:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-03-13 14:12 - 2019-03-06 05:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2019-03-13 14:12 - 2019-03-06 05:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2019-03-13 14:12 - 2019-03-06 05:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2019-03-13 14:12 - 2019-03-06 05:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll 2019-03-13 14:12 - 2019-03-06 05:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2019-03-13 14:12 - 2019-03-06 05:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2019-03-13 14:12 - 2019-03-06 05:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2019-03-13 14:12 - 2019-03-06 05:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys 2019-03-13 14:12 - 2019-03-06 05:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll 2019-03-13 14:12 - 2019-03-06 05:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys 2019-03-13 14:12 - 2019-03-06 05:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2019-03-13 14:12 - 2019-03-06 05:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2019-03-13 14:12 - 2019-03-06 04:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2019-03-13 14:12 - 2019-03-06 04:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys 2019-03-13 14:12 - 2019-03-06 04:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-03-13 14:12 - 2019-03-06 04:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2019-03-13 14:12 - 2019-03-06 04:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2019-03-13 14:12 - 2019-03-06 04:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2019-03-13 14:12 - 2019-03-06 04:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2019-03-13 14:12 - 2019-03-06 04:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-03-13 14:12 - 2019-03-06 04:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-03-13 14:12 - 2019-03-06 04:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys 2019-03-13 14:12 - 2019-03-06 04:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys 2019-03-13 14:12 - 2019-03-06 04:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys 2019-03-13 14:12 - 2019-03-06 02:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2019-03-13 14:12 - 2019-03-06 02:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2019-03-13 14:12 - 2019-03-06 02:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2019-03-13 14:12 - 2019-03-06 02:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-03-13 14:12 - 2019-03-06 02:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll 2019-03-13 14:12 - 2019-03-06 02:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2019-03-13 14:12 - 2019-03-06 01:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2019-03-13 14:12 - 2019-03-06 01:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-03-13 14:12 - 2019-03-06 01:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2019-03-13 14:12 - 2019-03-06 01:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-03-13 14:12 - 2019-02-20 23:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2019-03-13 14:12 - 2019-02-16 09:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2019-03-13 14:12 - 2019-02-16 09:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2019-03-13 14:12 - 2019-02-16 09:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2019-03-13 14:12 - 2019-02-16 09:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2019-03-13 14:12 - 2019-02-16 09:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2019-03-13 14:12 - 2019-02-16 09:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2019-03-13 14:12 - 2019-02-16 09:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2019-03-13 14:12 - 2019-02-16 09:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2019-03-13 14:12 - 2019-02-16 09:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2019-03-13 14:12 - 2019-02-16 08:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2019-03-13 14:12 - 2019-02-16 08:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2019-03-13 14:12 - 2019-02-16 08:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2019-03-13 14:12 - 2019-02-16 08:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2019-03-13 14:12 - 2019-02-16 08:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-03-13 14:12 - 2019-02-16 08:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-03-13 14:12 - 2019-02-16 08:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2019-03-13 14:12 - 2019-02-16 08:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll 2019-03-13 14:12 - 2019-02-16 08:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2019-03-13 14:12 - 2019-02-16 08:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2019-03-13 14:12 - 2019-02-16 08:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2019-03-13 14:12 - 2019-02-16 08:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2019-03-13 14:12 - 2019-02-16 08:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll 2019-03-13 14:12 - 2019-02-16 08:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2019-03-13 14:12 - 2019-02-16 08:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2019-03-13 14:12 - 2019-02-16 08:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2019-03-13 14:12 - 2019-02-16 08:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll 2019-03-13 14:12 - 2019-02-16 08:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2019-03-13 14:12 - 2019-02-16 08:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll 2019-03-13 14:12 - 2019-02-16 08:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-03-13 14:12 - 2019-02-16 08:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll 2019-03-13 14:12 - 2019-02-16 08:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2019-03-13 14:12 - 2019-02-16 08:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2019-03-13 14:12 - 2019-02-16 08:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2019-03-13 14:12 - 2019-02-16 08:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2019-03-13 14:12 - 2019-02-16 08:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2019-03-13 14:12 - 2019-02-16 08:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll 2019-03-13 14:12 - 2019-02-16 08:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2019-03-13 14:12 - 2019-02-16 06:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2019-03-13 14:12 - 2019-02-16 06:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2019-03-13 14:12 - 2019-02-16 04:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2019-03-13 14:12 - 2019-02-16 04:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2019-03-13 14:12 - 2019-02-16 04:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2019-03-13 14:12 - 2019-02-16 04:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe 2019-03-13 14:12 - 2019-02-16 04:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-03-13 14:12 - 2019-02-16 04:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2019-03-13 14:12 - 2019-02-16 04:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-03-13 14:12 - 2019-02-16 04:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-03-13 14:12 - 2019-02-16 04:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2019-03-13 14:12 - 2019-02-16 04:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2019-03-13 14:12 - 2019-02-16 04:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2019-03-13 14:12 - 2019-02-16 04:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2019-03-13 14:12 - 2019-02-16 04:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2019-03-13 14:12 - 2019-02-16 04:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2019-03-13 14:12 - 2019-02-16 04:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2019-03-13 14:12 - 2019-02-16 04:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2019-03-13 14:12 - 2019-02-16 04:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2019-03-13 14:12 - 2019-02-16 04:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-03-13 14:12 - 2019-02-16 04:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2019-03-13 14:12 - 2019-02-16 04:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll 2019-03-13 14:12 - 2019-02-16 04:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2019-03-13 14:12 - 2019-02-16 04:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-03-13 14:12 - 2019-02-16 04:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2019-03-13 14:12 - 2019-02-16 04:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll 2019-03-13 14:12 - 2019-02-16 03:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2019-03-13 14:12 - 2019-02-16 03:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2019-03-13 14:12 - 2019-02-16 03:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2019-03-13 14:12 - 2019-02-16 03:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2019-03-13 14:12 - 2019-02-16 03:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll 2019-03-13 14:12 - 2019-02-16 03:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2019-03-13 14:12 - 2019-02-16 03:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-03-13 14:12 - 2019-02-16 03:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2019-03-13 14:12 - 2019-02-16 03:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll 2019-03-13 14:12 - 2019-02-16 03:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2019-03-13 14:12 - 2019-02-16 03:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2019-03-13 14:12 - 2019-02-16 03:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2019-03-13 14:12 - 2019-02-16 03:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2019-03-13 14:12 - 2019-02-16 03:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2019-03-13 14:12 - 2019-02-16 03:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2019-03-13 14:12 - 2019-02-16 03:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll 2019-03-13 14:12 - 2019-02-16 03:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2019-03-13 14:12 - 2019-02-16 03:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2019-03-13 14:12 - 2019-02-16 03:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll 2019-03-13 14:12 - 2019-02-16 03:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll 2019-03-13 14:12 - 2019-02-16 03:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll 2019-03-13 14:12 - 2019-02-16 03:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll 2019-03-13 14:12 - 2019-02-16 03:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2019-03-13 14:12 - 2019-02-16 03:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll 2019-03-13 14:12 - 2019-02-16 03:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll 2019-03-13 14:12 - 2019-02-16 03:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2019-03-13 14:12 - 2019-02-16 03:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-03-13 14:12 - 2019-02-16 03:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2019-03-13 14:12 - 2019-02-16 03:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2019-03-13 14:12 - 2019-02-16 03:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2019-03-13 14:12 - 2019-02-16 03:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll 2019-03-13 14:12 - 2019-02-16 03:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2019-03-13 14:12 - 2019-02-16 03:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2019-03-13 14:12 - 2019-02-16 03:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2019-03-13 14:12 - 2019-02-16 03:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll 2019-03-13 14:12 - 2019-02-16 03:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2019-03-13 14:12 - 2019-02-16 03:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2019-03-13 14:12 - 2019-02-16 03:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2019-03-13 14:12 - 2019-02-16 03:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2019-03-13 14:12 - 2019-02-16 03:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2019-03-13 14:12 - 2019-02-16 03:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2019-03-13 14:12 - 2019-02-16 03:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2019-03-13 14:12 - 2019-02-16 03:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2019-03-13 14:12 - 2019-02-16 03:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2019-03-13 14:06 - 2019-03-13 14:06 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2019-03-13 14:06 - 2019-03-13 14:06 - 000000000 ____D C:\Program Files\Common Files\Intel Corporation 2019-03-13 14:06 - 2019-03-13 14:06 - 000000000 ____D C:\Program Files\Common Files\Intel 2019-03-13 13:44 - 2018-09-20 00:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2019-03-08 14:18 - 2019-03-08 14:18 - 000330762 _____ C:\Users\SLR\Downloads\irs document.pdf 2019-02-27 04:53 - 2019-02-27 04:53 - 000040824 _____ (Dell Inc.) C:\WINDOWS\system32\Drivers\dddriver64Dcsa.sys 2019-02-25 18:35 - 2019-03-14 11:22 - 000000000 ____D C:\Users\SLR\Downloads\joe 2019-02-12 16:49 - 2019-02-06 03:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-02-12 16:49 - 2019-02-05 23:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2019-02-12 16:49 - 2019-02-05 23:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll 2019-02-12 16:49 - 2019-02-05 23:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2019-02-12 16:49 - 2019-02-05 23:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2019-02-12 16:49 - 2019-02-05 23:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2019-02-12 16:49 - 2019-02-05 23:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll 2019-02-12 16:49 - 2019-02-05 22:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe 2019-02-12 16:49 - 2019-02-05 22:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll 2019-02-12 16:49 - 2019-02-05 22:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll 2019-02-12 16:49 - 2019-02-05 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2019-02-12 16:49 - 2019-02-05 22:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll 2019-02-12 16:49 - 2019-02-05 22:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-02-12 16:49 - 2019-02-05 22:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2019-02-12 16:49 - 2019-02-05 22:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-02-12 16:49 - 2019-02-05 22:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-02-12 16:49 - 2019-01-09 13:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2019-02-12 16:49 - 2019-01-09 13:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2019-02-12 16:49 - 2019-01-09 13:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2019-02-12 16:49 - 2019-01-09 05:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2019-02-12 16:49 - 2019-01-09 01:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2019-02-12 16:49 - 2019-01-09 01:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2019-02-12 16:49 - 2019-01-09 01:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-02-12 16:49 - 2019-01-09 01:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2019-02-12 16:49 - 2019-01-09 01:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2019-02-12 16:49 - 2019-01-09 01:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2019-02-12 16:49 - 2019-01-09 01:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2019-02-12 16:49 - 2019-01-09 01:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe 2019-02-12 16:49 - 2019-01-09 01:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys 2019-02-12 16:49 - 2019-01-09 01:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-02-12 16:49 - 2019-01-09 01:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-02-12 16:49 - 2019-01-09 01:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2019-02-12 16:49 - 2019-01-09 01:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-02-12 16:49 - 2019-01-09 01:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-02-12 16:49 - 2019-01-09 01:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2019-02-12 16:49 - 2019-01-09 01:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2019-02-12 16:49 - 2019-01-09 01:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-02-12 16:49 - 2019-01-09 01:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2019-02-12 16:49 - 2019-01-09 01:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2019-02-12 16:49 - 2019-01-09 01:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe 2019-02-12 16:49 - 2019-01-09 01:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2019-02-12 16:49 - 2019-01-09 01:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2019-02-12 16:49 - 2019-01-09 01:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2019-02-12 16:49 - 2019-01-09 01:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll 2019-02-12 16:49 - 2019-01-09 01:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll 2019-02-12 16:49 - 2019-01-09 01:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll 2019-02-12 16:49 - 2019-01-09 01:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2019-02-12 16:49 - 2019-01-09 01:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-02-12 16:49 - 2019-01-09 01:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2019-02-12 16:49 - 2019-01-09 01:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-02-12 16:49 - 2019-01-09 01:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll 2019-02-12 16:49 - 2019-01-09 01:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll 2019-02-12 16:49 - 2019-01-09 01:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-02-12 16:49 - 2019-01-09 01:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-02-12 16:49 - 2019-01-09 01:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2019-02-12 16:49 - 2019-01-09 01:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll 2019-02-12 16:49 - 2019-01-09 01:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll 2019-02-12 16:49 - 2019-01-09 01:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll 2019-02-12 16:49 - 2019-01-09 01:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-02-12 16:49 - 2019-01-09 01:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-02-12 16:49 - 2019-01-09 01:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-02-12 16:49 - 2019-01-09 01:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-02-12 16:49 - 2019-01-09 01:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2019-02-12 16:49 - 2019-01-09 01:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2019-02-12 16:49 - 2019-01-07 23:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin 2019-02-08 15:10 - 2019-02-08 15:10 - 000117233 _____ C:\Users\SLR\Downloads\plate certification itbsReceipt.pdf 2019-02-07 10:26 - 2019-02-07 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn 2019-02-07 10:24 - 2019-02-07 10:24 - 172010256 _____ (MediaMall Technologies, Inc.) C:\Users\SLR\Downloads\PlayOnSetup.4.5.19.exe 2019-02-07 10:06 - 2019-02-07 10:06 - 000000000 ____D C:\ProgramData\Mozilla ==================== Three months (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-06 17:25 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF 2019-05-06 17:23 - 2018-05-25 10:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-05-06 17:23 - 2017-02-23 18:04 - 000000000 __SHD C:\Users\SLR\IntelGraphicsProfiles 2019-05-06 17:19 - 2018-05-25 10:12 - 000000000 ____D C:\Users\defaultuser0 2019-05-06 17:19 - 2017-12-20 16:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-05-06 17:18 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-05-06 17:18 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\InfusedApps 2019-05-06 17:17 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\registration 2019-05-06 15:38 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-05-06 15:12 - 2019-01-11 13:26 - 000000000 ____D C:\Users\SLR\AppData\LocalLow\Mozilla 2019-05-06 15:09 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-05-06 15:03 - 2018-05-25 10:21 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-05-06 13:22 - 2018-05-25 10:12 - 000000000 ____D C:\Users\SLR 2019-05-06 13:19 - 2018-05-25 10:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-05-06 11:41 - 2018-01-20 18:32 - 000000000 ____D C:\Users\SLR\AppData\Local\Adobe 2019-05-03 12:47 - 2017-12-26 13:58 - 000000000 ____D C:\ProgramData\TEMP 2019-05-03 12:21 - 2018-03-10 15:22 - 000000000 ____D C:\temphb 2019-05-03 12:04 - 2018-03-10 15:16 - 000000000 ____D C:\Users\SLR\Downloads\Hirens.BootCD.15.2 2019-05-02 17:46 - 2017-07-16 15:51 - 000000000 ____D C:\Users\SLR\Downloads\Graphics 2019-05-02 17:43 - 2018-05-26 14:01 - 000000600 _____ C:\Users\SLR\AppData\Roaming\winscp.rnd 2019-05-02 16:34 - 2018-01-20 18:33 - 000000000 ____D C:\ProgramData\Adobe 2019-05-02 16:33 - 2018-08-11 16:46 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2019-05-02 16:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-05-02 14:46 - 2018-05-17 09:27 - 000000000 ___DC C:\WINDOWS\Panther 2019-05-01 17:52 - 2018-05-26 13:48 - 000000000 ____D C:\Program Files (x86)\WinSCP 2019-05-01 17:14 - 2018-07-10 15:28 - 000003942 _____ C:\WINDOWS\System32\Tasks\BlueStacksHelper 2019-05-01 12:13 - 2017-12-20 18:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sda 2019-04-29 15:45 - 2017-12-20 15:52 - 000000000 ____D C:\Users\SLR\AppData\Roaming\Adobe 2019-04-29 11:17 - 2018-11-29 14:50 - 000000000 ____D C:\Users\SLR\AppData\Local\ElevatedDiagnostics 2019-04-28 12:39 - 2018-10-02 11:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It! 2019-04-28 12:37 - 2018-05-28 20:24 - 000000777 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt 2019-04-27 09:14 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-04-24 17:51 - 2017-12-20 16:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2019-04-24 15:53 - 2019-01-11 13:29 - 000000000 ____D C:\Users\SLR\Desktop\Old Firefox Data 2019-04-24 11:45 - 2018-05-25 10:16 - 000004584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2019-04-24 11:44 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-04-24 11:44 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-04-24 11:44 - 2018-02-08 15:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-04-24 11:39 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender 2019-04-24 11:39 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-04-24 11:39 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-04-23 13:31 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-04-23 13:28 - 2017-12-22 14:13 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-04-23 13:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-04-23 13:24 - 2017-12-22 14:13 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-04-23 13:22 - 2018-05-28 19:12 - 000000000 ____D C:\ProgramData\PCDr 2019-04-23 13:21 - 2017-02-16 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2019-04-23 13:20 - 2018-05-28 19:11 - 000000000 ____D C:\ProgramData\SupportAssist ==================== Files in the root of some directories ======= 2018-08-17 13:34 - 2018-10-05 16:08 - 000099384 _____ () C:\Users\SLR\AppData\Roaming\inst.exe 2018-08-17 13:34 - 2018-10-05 16:08 - 000007859 _____ () C:\Users\SLR\AppData\Roaming\pcouffin.cat 2018-08-17 13:34 - 2018-10-05 16:08 - 000001167 _____ () C:\Users\SLR\AppData\Roaming\pcouffin.inf 2018-08-17 13:34 - 2018-10-05 16:08 - 000000055 _____ () C:\Users\SLR\AppData\Roaming\pcouffin.log 2018-08-17 13:34 - 2018-10-05 16:08 - 000082816 _____ (VSO Software) C:\Users\SLR\AppData\Roaming\pcouffin.sys 2019-04-29 11:33 - 2019-04-29 11:33 - 000001194 _____ () C:\Users\SLR\AppData\Roaming\SAS7_000.DAT 2018-05-26 14:01 - 2019-05-02 17:43 - 000000600 _____ () C:\Users\SLR\AppData\Roaming\winscp.rnd 2018-04-23 14:07 - 2018-04-23 14:07 - 000011264 _____ () C:\Users\SLR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-09-27 16:33 - 2018-09-27 16:33 - 000000000 _____ () C:\Users\SLR\AppData\Local\oobelibMkey.log 2019-04-29 18:36 - 2019-04-29 18:36 - 000000218 _____ () C:\Users\SLR\AppData\Local\recently-used.xbel ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================