Originally posted in "infected" forum but lack of response may mean this forum may be more appropriate.
Copied FRST and Addition txt files below.
I also ran HijackThis and it seems several files that windows needs cannot be found.
Hoping someone can help.
Thanks in advance,
Sally
____________________
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Eileen (administrator) on E-DESKTOP (05-07-2018 11:36:22)
Running from C:\Users\Eileen\Desktop\frst64
Loaded Profiles: Eileen (Available Profiles: Eileen & defaultuser1)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Lenovo Black Silk Input Device Main Program] => C:\Program Files\Lenovo\Lenovo Black Silk USB Keyboard\Pelico.exe [118272 2011-04-19] (Primax Electronics Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2018-05-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [TNIOSDVolumeSync(x64)] => C:\Program Files (x86)\TNIOSDVolumeSync\TNIExec.exe [9728 2012-08-30] (TPV-INVENTA TECHNOLOGY CO., LTD.)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [270680 2012-07-19] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1752408 2012-07-09] (TODO: <公司名>)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-03-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-03-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [PowerPDF Registry Controller] => C:\Program Files (x86)\Nuance\Power PDF\RegistryController.exe [193560 2014-07-07] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance Power PDF Standard-reminder] => "C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\Power PDF Standard\Ereg\Ereg.ini"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [NuanPowerPdf1NPDFLM] => C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe [2971672 2014-07-07] (Nuance Communications, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\Run: [Amazon Cloud Player] => C:\Users\Eileen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\Run: [FileTransferForMobileGo] => C:\Program Files (x86)\Wondershare\MobileGo\MobileGo.exe [5060496 2015-01-21] (Wondershare)
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [24370360 2018-04-10] (Microsoft Corporation)
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2015-08-26]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
Startup: C:\Users\Eileen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-07-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{03559637-80ca-4acb-a4b6-6135bfd59e51}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{863a6840-1336-4c5d-9fd5-a2449d95717b}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-630440515-540695148-88071595-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-630440515-540695148-88071595-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-630440515-540695148-88071595-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-630440515-540695148-88071595-1001 -> DefaultScope {288E7909-C9EC-4BBD-A3CB-D38BF5910535} URL =
SearchScopes: HKU\S-1-5-21-630440515-540695148-88071595-1001 -> {288E7909-C9EC-4BBD-A3CB-D38BF5910535} URL =
SearchScopes: HKU\S-1-5-21-630440515-540695148-88071595-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-02] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Nuance PDF Toolbar Helper -> {940361F8-7F16-4498-AB43-2EFFE0235AFA} -> C:\Program Files (x86)\Nuance\Power PDF\Bin\SZeonIEFavClient.dll [2014-02-27] (Zeon Corporation)
BHO-x32: PlusIEEventHelper Class -> {9D137966-2E29-45C5-9B12-29D5427F8F66} -> C:\Program Files (x86)\Nuance\Power PDF\Bin\PlusIEContextMenu.dll [2014-02-27] (Zeon Corporation)
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {BED78D9C-A025-4FE9-B3BA-27E6D376A3D5} - C:\Program Files (x86)\Nuance\Power PDF\Bin\SZeonIEFavClient.dll [2014-02-27] (Zeon Corporation)
IE Session Restore: HKU\S-1-5-21-630440515-540695148-88071595-1001 -> is enabled.
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Edge:
======
Edge Session Restore: HKU\S-1-5-21-630440515-540695148-88071595-1001 -> is enabled.
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-06-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\Power PDF\bin\nppdf.dll [2014-03-07] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-630440515-540695148-88071595-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Eileen\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-10] (Citrix Online)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.comcast.net/tt2/?cid=tbid10112013
CHR StartupUrls: Default -> "hxxp://www.comcast.net/tt2/?cid=tbid10112013"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default [2018-07-03]
CHR Extension: (Docs) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-29]
CHR Extension: (Google Drive) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (YouTube) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-09-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-10]
CHR Extension: (Gmail) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22]
CHR Extension: (Chrome Media Router) - C:\Users\Eileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-21]
CHR HKU\S-1-5-21-630440515-540695148-88071595-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-20] (Microsoft Corporation)
S2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-15] (Microsoft) [File not signed]
S2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165664 2012-08-23] (Intel Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [384072 2013-10-09] ()
S2 TNISrvc; C:\Program Files (x86)\TNIOSDVolumeSync\TNISrvc.exe [53760 2012-08-30] (TPV-INVENTA TECHNOLOGY CO., LTD.) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-28] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-28] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-23] (Wondershare)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 LEMo602D; C:\WINDOWS\system32\DRIVERS\LEMo602D.sys [24064 2011-04-19] (Primax Electronics Ltd.)
S3 LEub602D; C:\WINDOWS\system32\DRIVERS\LEub602D.sys [18944 2011-05-17] (Primax Electronics Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-07-04] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112872 2018-07-03] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-07-04] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-04] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103656 2018-07-04] (Malwarebytes)
R1 MpKsl2b55f844; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72FBD205-3703-4CE0-8F50-971792F865EA}\MpKsl2b55f844.sys [58120 2018-07-04] (Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 VMC412; C:\WINDOWS\System32\Drivers\VMC412.sys [241920 2015-06-19] (Vimicro Corporation)
R3 vmuacflt; C:\WINDOWS\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-28] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-28] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-28] (Microsoft Corporation)
R0 WinI2C-DDC; C:\WINDOWS\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-04 08:05 - 2018-07-04 08:05 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-07-03 18:00 - 2018-07-04 05:59 - 000103656 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-07-03 16:40 - 2018-07-04 09:13 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-03 16:40 - 2018-07-04 09:13 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-07-03 16:40 - 2018-07-04 09:13 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-07-03 16:40 - 2018-07-03 16:40 - 000112872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-07-03 16:39 - 2018-07-03 16:39 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-03 16:39 - 2018-07-03 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-03 16:39 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-03 13:38 - 2018-07-03 13:51 - 000000000 ____D C:\AdwCleaner
2018-07-03 13:33 - 2018-07-03 12:34 - 072932496 _____ (Malwarebytes ) C:\Users\Eileen\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5727.exe
2018-07-03 13:33 - 2018-07-03 12:12 - 007395536 _____ (Malwarebytes) C:\Users\Eileen\Downloads\AdwCleaner.exe
2018-07-03 11:07 - 2018-07-03 11:10 - 004161045 _____ C:\Users\Eileen\Desktop\mb-check-results.zip
2018-07-03 10:52 - 2018-07-03 10:52 - 000000000 ____D C:\Users\Eileen\Desktop\mbam-chameleon-3.1.33.0
2018-07-03 10:51 - 2018-07-03 10:30 - 006705178 _____ C:\Users\Eileen\Desktop\mbam-chameleon-3.1.33.0.zip
2018-07-03 10:32 - 2018-07-03 10:32 - 000000000 ____D C:\Users\Eileen\Documents\frst64
2018-07-03 05:16 - 2018-07-03 09:55 - 000000000 ____D C:\Users\Eileen\Desktop\mb-check
2018-07-03 05:15 - 2018-07-05 11:36 - 000000000 ____D C:\Users\Eileen\Desktop\frst64
2018-07-03 04:48 - 2018-07-05 11:36 - 000000000 ____D C:\FRST
2018-07-02 17:44 - 2018-07-02 17:44 - 002412544 _____ (Farbar) C:\Users\Eileen\Downloads\FRST64 (1).exe
2018-07-02 15:57 - 2018-07-04 09:27 - 000324242 _____ C:\WINDOWS\ntbtlog.txt
2018-07-02 14:42 - 2018-07-02 14:42 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-02 14:42 - 2018-07-02 14:42 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-02 14:42 - 2018-07-02 14:42 - 000002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-02 14:42 - 2018-07-02 14:42 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-02 14:42 - 2018-07-02 14:42 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-02 14:42 - 2018-07-02 14:42 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-02 14:42 - 2018-07-02 14:42 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-02 14:42 - 2018-07-02 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-02 14:13 - 2018-07-02 14:13 - 505606674 _____ C:\WINDOWS\MEMORY.DMP
2018-07-02 14:13 - 2018-07-02 14:13 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-02 14:13 - 2018-07-02 14:13 - 000000000 _____ C:\WINDOWS\Minidump\070218-395906-01.dmp
2018-06-22 08:45 - 2018-06-22 08:45 - 000000000 ___HD C:\OneDriveTemp
2018-06-17 21:38 - 2018-06-17 21:39 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-06-17 21:24 - 2018-06-17 21:24 - 004751648 _____ (Microsoft Corporation) C:\Users\Eileen\Downloads\Setup.X86.en-US_O365HomePremRetail_0df8d6bc-c9db-479d-abda-740ea22eb906_TX_PR_.exe
2018-06-17 19:04 - 2018-06-17 19:04 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-06-17 18:55 - 2018-06-08 15:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-17 18:55 - 2018-06-08 05:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-17 18:55 - 2018-06-08 05:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-17 18:55 - 2018-06-08 05:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-17 18:55 - 2018-06-08 05:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-17 18:55 - 2018-06-08 05:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-17 18:55 - 2018-05-20 15:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-17 18:55 - 2018-05-20 12:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-17 18:55 - 2018-05-20 07:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-17 18:55 - 2018-05-20 07:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-17 18:55 - 2018-05-20 07:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-17 18:55 - 2018-05-20 07:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-17 18:54 - 2018-06-08 15:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-17 18:54 - 2018-06-08 15:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-17 18:54 - 2018-06-08 15:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-17 18:54 - 2018-06-08 15:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-17 18:54 - 2018-06-08 14:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-17 18:54 - 2018-06-08 14:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-17 18:54 - 2018-06-08 14:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-17 18:54 - 2018-06-08 14:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-17 18:54 - 2018-06-08 14:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-17 18:54 - 2018-06-08 14:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-17 18:54 - 2018-06-08 14:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-17 18:54 - 2018-06-08 14:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-17 18:54 - 2018-06-08 14:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-17 18:54 - 2018-06-08 14:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-17 18:54 - 2018-06-08 14:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-17 18:54 - 2018-06-08 14:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-17 18:54 - 2018-06-08 14:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-17 18:54 - 2018-06-08 14:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-17 18:54 - 2018-06-08 13:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-17 18:54 - 2018-06-08 12:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-17 18:54 - 2018-06-08 12:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-17 18:54 - 2018-06-08 12:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-17 18:54 - 2018-06-08 12:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-17 18:54 - 2018-06-08 12:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-17 18:54 - 2018-06-08 12:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-17 18:54 - 2018-06-08 12:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-17 18:54 - 2018-06-08 12:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-17 18:54 - 2018-06-08 12:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-17 18:54 - 2018-06-08 12:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-17 18:54 - 2018-06-08 06:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-17 18:54 - 2018-06-08 06:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-17 18:54 - 2018-06-08 06:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-17 18:54 - 2018-06-08 06:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-17 18:54 - 2018-06-08 06:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-17 18:54 - 2018-06-08 06:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-17 18:54 - 2018-06-08 06:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-17 18:54 - 2018-06-08 06:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-17 18:54 - 2018-06-08 05:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-17 18:54 - 2018-06-08 05:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-17 18:54 - 2018-06-08 05:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-17 18:54 - 2018-06-08 05:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-17 18:54 - 2018-06-08 05:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-17 18:54 - 2018-06-08 05:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-17 18:54 - 2018-06-08 05:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-17 18:54 - 2018-06-08 05:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-17 18:54 - 2018-06-08 05:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-17 18:54 - 2018-06-08 05:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-17 18:54 - 2018-06-08 05:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-17 18:54 - 2018-06-08 05:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-17 18:54 - 2018-06-08 05:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-17 18:54 - 2018-06-08 05:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-17 18:54 - 2018-06-08 05:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-17 18:54 - 2018-06-08 05:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-17 18:54 - 2018-06-08 05:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-17 18:54 - 2018-06-08 05:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-17 18:54 - 2018-06-08 05:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-17 18:54 - 2018-06-08 05:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-17 18:54 - 2018-06-08 05:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-17 18:54 - 2018-06-08 05:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-17 18:54 - 2018-06-08 05:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-17 18:54 - 2018-06-08 05:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-17 18:54 - 2018-06-08 05:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-17 18:54 - 2018-06-08 05:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-17 18:54 - 2018-06-08 05:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-17 18:54 - 2018-06-08 05:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-17 18:54 - 2018-06-08 05:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-17 18:54 - 2018-06-08 05:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-17 18:54 - 2018-06-08 05:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-17 18:54 - 2018-06-08 05:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-17 18:54 - 2018-06-08 05:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-17 18:54 - 2018-06-08 05:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-17 18:54 - 2018-06-08 05:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-17 18:54 - 2018-06-08 05:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-17 18:54 - 2018-06-08 05:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-17 18:54 - 2018-06-08 05:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-17 18:54 - 2018-06-08 05:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-17 18:54 - 2018-06-08 05:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-17 18:54 - 2018-06-08 05:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-17 18:54 - 2018-06-08 05:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-17 18:54 - 2018-06-08 05:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-17 18:54 - 2018-06-08 04:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-17 18:54 - 2018-06-08 04:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-17 18:54 - 2018-06-08 04:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-17 18:54 - 2018-06-08 04:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-17 18:54 - 2018-06-08 04:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-17 18:54 - 2018-06-08 04:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-17 18:54 - 2018-06-08 04:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-17 18:54 - 2018-06-08 04:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-17 18:54 - 2018-06-08 04:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-17 18:54 - 2018-06-08 04:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-17 18:54 - 2018-06-08 04:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-17 18:54 - 2018-06-08 04:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-17 18:54 - 2018-06-08 04:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-17 18:54 - 2018-06-08 04:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-17 18:54 - 2018-06-08 04:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-17 18:54 - 2018-06-08 04:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-17 18:54 - 2018-06-08 04:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-17 18:54 - 2018-06-08 04:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-17 18:54 - 2018-06-08 04:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-17 18:54 - 2018-06-08 04:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-17 18:54 - 2018-06-08 04:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-17 18:54 - 2018-06-08 04:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-17 18:54 - 2018-06-08 04:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-17 18:54 - 2018-06-08 04:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-17 18:54 - 2018-06-08 04:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-17 18:54 - 2018-06-08 04:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-17 18:54 - 2018-06-08 04:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-17 18:54 - 2018-06-08 04:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-17 18:54 - 2018-06-08 04:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-17 18:54 - 2018-06-08 04:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-17 18:54 - 2018-06-08 04:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-17 18:54 - 2018-06-08 04:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-17 18:54 - 2018-06-08 04:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-17 18:54 - 2018-06-08 04:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-17 18:54 - 2018-06-06 14:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-17 18:54 - 2018-06-06 00:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-17 18:54 - 2018-05-20 15:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-17 18:54 - 2018-05-20 15:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-17 18:54 - 2018-05-20 15:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-17 18:54 - 2018-05-20 15:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-17 18:54 - 2018-05-20 15:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-17 18:54 - 2018-05-20 15:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-17 18:54 - 2018-05-20 15:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-17 18:54 - 2018-05-20 15:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-17 18:54 - 2018-05-20 14:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-17 18:54 - 2018-05-20 14:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-17 18:54 - 2018-05-20 14:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-17 18:54 - 2018-05-20 13:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-17 18:54 - 2018-05-20 12:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-17 18:54 - 2018-05-20 12:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-17 18:54 - 2018-05-20 08:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-17 18:54 - 2018-05-20 07:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-17 18:54 - 2018-05-20 07:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-17 18:54 - 2018-05-20 07:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-17 18:54 - 2018-05-20 07:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-17 18:54 - 2018-05-20 07:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-17 18:54 - 2018-05-20 07:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-17 18:54 - 2018-05-20 07:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-17 18:54 - 2018-05-20 07:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-17 18:54 - 2018-05-20 07:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-17 18:54 - 2018-05-20 07:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-17 18:54 - 2018-05-20 07:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-17 18:54 - 2018-05-20 07:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-17 18:54 - 2018-05-20 07:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-17 18:54 - 2018-05-20 07:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-17 18:54 - 2018-05-20 07:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-17 18:54 - 2018-05-20 07:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-17 18:54 - 2018-05-20 07:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-17 18:54 - 2018-05-20 07:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-17 18:54 - 2018-05-20 07:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-17 18:54 - 2018-05-20 07:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-17 18:54 - 2018-05-20 07:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-17 18:54 - 2018-05-20 07:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-17 18:54 - 2018-05-20 07:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-17 18:54 - 2018-05-20 07:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-17 18:54 - 2018-05-20 07:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-17 18:54 - 2018-05-20 07:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-17 18:54 - 2018-05-20 07:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-17 18:54 - 2018-05-20 07:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-17 18:54 - 2018-05-20 07:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-17 18:54 - 2018-05-20 07:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-17 18:54 - 2018-05-20 07:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-17 18:54 - 2018-05-20 07:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-17 18:54 - 2018-05-20 07:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-17 18:54 - 2018-05-20 07:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-17 18:54 - 2018-05-20 07:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-17 18:54 - 2018-05-20 07:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-17 18:53 - 2018-06-08 15:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-17 18:53 - 2018-06-08 15:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-17 18:53 - 2018-06-08 14:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-17 18:53 - 2018-06-08 14:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-17 18:53 - 2018-06-08 14:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-17 18:53 - 2018-06-08 14:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-17 18:53 - 2018-06-08 14:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-17 18:53 - 2018-06-08 14:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-17 18:53 - 2018-06-08 14:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-17 18:53 - 2018-06-08 14:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-17 18:53 - 2018-06-08 14:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-17 18:53 - 2018-06-08 14:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-17 18:53 - 2018-06-08 14:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-17 18:53 - 2018-06-08 14:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-17 18:53 - 2018-06-08 14:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-17 18:53 - 2018-06-08 14:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-17 18:53 - 2018-06-08 14:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-17 18:53 - 2018-06-08 14:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-17 18:53 - 2018-06-08 12:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-17 18:53 - 2018-06-08 12:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-17 18:53 - 2018-06-08 12:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-17 18:53 - 2018-06-08 12:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-17 18:53 - 2018-06-08 12:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-17 18:53 - 2018-06-08 12:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-17 18:53 - 2018-06-08 12:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-17 18:53 - 2018-06-08 12:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-17 18:53 - 2018-06-08 12:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-17 18:53 - 2018-06-08 10:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-17 18:53 - 2018-06-08 10:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-17 18:53 - 2018-06-08 06:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-17 18:53 - 2018-06-08 06:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-17 18:53 - 2018-06-08 05:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-17 18:53 - 2018-06-08 05:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-17 18:53 - 2018-06-08 05:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-17 18:53 - 2018-06-08 05:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-17 18:53 - 2018-06-08 05:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-17 18:53 - 2018-06-08 05:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-17 18:53 - 2018-06-08 05:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-17 18:53 - 2018-06-08 05:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-17 18:53 - 2018-06-08 05:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-17 18:53 - 2018-06-08 05:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-17 18:53 - 2018-06-08 05:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-17 18:53 - 2018-06-08 05:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-17 18:53 - 2018-06-08 05:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-17 18:53 - 2018-06-08 05:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-17 18:53 - 2018-06-08 05:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-17 18:53 - 2018-06-08 05:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-17 18:53 - 2018-06-08 05:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-17 18:53 - 2018-06-08 05:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-17 18:53 - 2018-06-08 05:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-17 18:53 - 2018-06-08 05:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-17 18:53 - 2018-06-08 05:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-17 18:53 - 2018-06-08 05:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-17 18:53 - 2018-06-08 05:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-17 18:53 - 2018-06-08 05:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-17 18:53 - 2018-06-08 05:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-17 18:53 - 2018-06-08 05:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-17 18:53 - 2018-06-08 05:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-17 18:53 - 2018-06-08 05:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-17 18:53 - 2018-06-08 05:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-17 18:53 - 2018-06-08 05:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-17 18:53 - 2018-06-08 05:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-17 18:53 - 2018-06-08 05:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-17 18:53 - 2018-06-08 05:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-17 18:53 - 2018-06-08 05:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-17 18:53 - 2018-06-08 05:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-17 18:53 - 2018-06-08 05:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-17 18:53 - 2018-06-08 05:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-17 18:53 - 2018-06-08 05:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-17 18:53 - 2018-06-08 05:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-17 18:53 - 2018-06-08 05:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-17 18:53 - 2018-06-08 05:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-17 18:53 - 2018-06-08 05:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-17 18:53 - 2018-06-08 05:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-17 18:53 - 2018-06-08 05:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-17 18:53 - 2018-06-08 05:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2018-06-17 18:53 - 2018-06-08 05:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-17 18:53 - 2018-06-08 05:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-17 18:53 - 2018-06-08 05:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-17 18:53 - 2018-06-08 05:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-17 18:53 - 2018-06-08 05:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-17 18:53 - 2018-06-08 04:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-17 18:53 - 2018-06-08 04:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-17 18:53 - 2018-06-08 04:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-17 18:53 - 2018-06-08 04:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-17 18:53 - 2018-06-08 04:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-17 18:53 - 2018-06-08 04:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-17 18:53 - 2018-06-08 04:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-17 18:53 - 2018-06-08 04:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-17 18:53 - 2018-06-08 04:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-17 18:53 - 2018-06-08 04:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-17 18:53 - 2018-06-08 04:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-17 18:53 - 2018-06-08 04:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-17 18:53 - 2018-06-08 04:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-17 18:53 - 2018-06-08 04:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-17 18:53 - 2018-06-08 04:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-17 18:53 - 2018-06-08 04:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-17 18:53 - 2018-06-08 04:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-17 18:53 - 2018-06-08 04:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-17 18:53 - 2018-06-08 04:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-17 18:53 - 2018-06-08 04:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-17 18:53 - 2018-06-08 04:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-17 18:53 - 2018-06-08 04:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-17 18:53 - 2018-06-08 04:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-17 18:53 - 2018-06-08 04:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-17 18:53 - 2018-06-08 04:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-17 18:53 - 2018-06-08 04:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-17 18:53 - 2018-06-08 04:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-17 18:53 - 2018-06-08 04:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-17 18:53 - 2018-06-08 04:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-17 18:53 - 2018-06-08 04:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-17 18:53 - 2018-06-08 04:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-17 18:53 - 2018-06-08 04:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-17 18:53 - 2018-06-08 04:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-17 18:53 - 2018-06-08 04:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-17 18:53 - 2018-06-08 04:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-17 18:53 - 2018-06-08 04:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-17 18:53 - 2018-06-08 04:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-17 18:53 - 2018-06-08 04:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-17 18:53 - 2018-06-08 04:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-17 18:53 - 2018-06-08 03:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-17 18:53 - 2018-06-01 19:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-17 18:53 - 2018-06-01 18:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-17 18:53 - 2018-05-24 23:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-17 18:53 - 2018-05-20 15:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-17 18:53 - 2018-05-20 15:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-17 18:53 - 2018-05-20 15:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-17 18:53 - 2018-05-20 14:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-17 18:53 - 2018-05-20 14:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-17 18:53 - 2018-05-20 13:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-17 18:53 - 2018-05-20 12:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-17 18:53 - 2018-05-20 12:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-17 18:53 - 2018-05-20 10:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-17 18:53 - 2018-05-20 07:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-17 18:53 - 2018-05-20 07:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-17 18:53 - 2018-05-20 07:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-17 18:53 - 2018-05-20 07:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-17 18:53 - 2018-05-20 07:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-17 18:53 - 2018-05-20 07:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-17 18:53 - 2018-05-20 07:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-17 18:53 - 2018-05-20 07:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-17 18:53 - 2018-05-20 07:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-17 18:53 - 2018-05-20 07:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-17 18:53 - 2018-05-20 07:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-17 18:53 - 2018-05-20 07:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-17 18:53 - 2018-05-20 07:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-17 18:53 - 2018-05-20 07:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-17 18:53 - 2018-05-20 07:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-17 18:53 - 2018-05-20 07:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-17 18:53 - 2018-05-20 07:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-17 18:53 - 2018-05-20 07:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-17 18:53 - 2018-05-20 07:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-17 18:53 - 2018-05-20 07:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-17 18:53 - 2018-05-20 07:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-17 18:53 - 2018-05-20 07:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-17 18:53 - 2018-05-20 07:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-17 18:53 - 2018-05-20 07:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-17 18:53 - 2018-05-20 07:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-17 18:53 - 2018-05-20 07:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-17 18:53 - 2018-05-20 04:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-17 18:53 - 2018-05-18 13:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-05 11:13 - 2018-05-25 13:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-05 07:26 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-05 06:40 - 2018-05-25 13:42 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EC03D5E5-424C-4FD0-8B66-EC9F97444158}
2018-07-05 06:34 - 2013-08-11 16:34 - 000000000 ___RD C:\Users\Eileen\SkyDrive
2018-07-05 06:07 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-05 06:07 - 2016-05-22 11:01 - 000000000 __SHD C:\Users\Eileen\IntelGraphicsProfiles
2018-07-04 12:56 - 2018-05-25 13:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-04 12:47 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-07-04 10:58 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-04 07:30 - 2013-04-29 04:52 - 000000000 ____D C:\ProgramData\Temp
2018-07-03 16:39 - 2014-02-08 16:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-03 14:42 - 2016-09-19 20:21 - 000000000 ___RD C:\Users\Eileen\Google Drive
2018-07-03 14:36 - 2016-06-19 11:57 - 000000000 ____D C:\Program Files (x86)\Opera
2018-07-03 12:31 - 2018-05-25 13:31 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-03 12:31 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-03 06:37 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-07-02 14:41 - 2013-08-11 17:11 - 000000000 ____D C:\Users\Eileen\Documents\Outlook Files
2018-07-02 14:27 - 2013-04-29 04:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-02 14:15 - 2018-05-25 13:22 - 000000000 ____D C:\Users\Eileen
2018-07-02 14:14 - 2018-05-25 13:19 - 000430480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-02 11:24 - 2013-08-11 16:15 - 000000000 ____D C:\Users\Eileen\Documents\Stock and Mutual Funds
2018-07-02 11:22 - 2013-08-11 16:10 - 000000000 ____D C:\Users\Eileen\Documents\Witricity
2018-07-02 11:10 - 2017-12-28 18:10 - 000000000 ____D C:\Users\Eileen\AppData\Local\Packages
2018-07-01 13:07 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-30 18:40 - 2013-08-11 16:14 - 000000000 ____D C:\Users\Eileen\Documents\Personal
2018-06-28 08:09 - 2018-02-18 18:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-25 16:38 - 2017-09-09 06:20 - 000030545 _____ C:\Users\Eileen\Desktop\Jake.xlsx
2018-06-25 16:22 - 2013-09-28 15:35 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-25 16:22 - 2013-09-28 15:35 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-22 08:45 - 2018-05-25 13:42 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-630440515-540695148-88071595-1001
2018-06-22 08:45 - 2018-05-25 13:22 - 000002413 _____ C:\Users\Eileen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-17 21:38 - 2014-06-23 05:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-06-17 21:26 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-17 21:17 - 2017-12-28 19:12 - 000000000 ___RD C:\Users\Eileen\3D Objects
2018-06-17 21:17 - 2016-02-13 09:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-17 21:13 - 2018-04-12 05:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-17 21:13 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-17 21:13 - 2018-04-11 17:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-17 19:24 - 2015-10-20 17:51 - 000000000 ____D C:\Users\Eileen\Documents\Town Related
2018-06-17 19:23 - 2018-06-03 14:15 - 000000000 ____D C:\Users\Eileen\AppData\Local\D3DSCache
2018-06-17 19:15 - 2013-08-14 19:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-17 19:08 - 2017-10-11 07:20 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-17 19:08 - 2013-08-11 18:30 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-17 19:03 - 2013-08-22 09:25 - 000000167 _____ C:\WINDOWS\win.ini
2018-06-17 19:00 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-17 18:38 - 2018-05-25 13:42 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1466351888
2018-06-17 18:38 - 2017-07-01 02:49 - 000001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-06-06 12:02 - 2013-08-11 16:11 - 000000000 ____D C:\Users\Eileen\Documents\AWIC
2018-06-05 19:29 - 2018-04-11 19:41 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 19:29 - 2018-04-11 19:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-05-20 13:57 - 2015-05-20 13:57 - 006420480 _____ () C:\Program Files (x86)\GUT96D3.tmp
2015-05-15 06:30 - 2015-05-15 06:30 - 000000000 _____ () C:\Program Files (x86)\GUTA254.tmp
2014-06-30 20:29 - 2014-06-30 20:29 - 000038438 _____ () C:\Users\Eileen\AppData\Roaming\Comma Separated Values.ADR
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-25 13:19
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Eileen (05-07-2018 11:54:02)
Running from C:\Users\Eileen\Desktop\frst64
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-25 17:43:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-630440515-540695148-88071595-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-630440515-540695148-88071595-503 - Limited - Disabled)
defaultuser1 (S-1-5-21-630440515-540695148-88071595-1007 - Limited - Enabled) => C:\Users\defaultuser1
Eileen (S-1-5-21-630440515-540695148-88071595-1001 - Administrator - Enabled) => C:\Users\Eileen
Guest (S-1-5-21-630440515-540695148-88071595-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-630440515-540695148-88071595-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-630440515-540695148-88071595-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.04.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version: - SEIKO EPSON Corporation)
Epson WF-3640 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-630440515-540695148-88071595-1001\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.20.1337 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.23 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.42160 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4521.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4521.52 - CyberLink Corp.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10228.20080 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-630440515-540695148-88071595-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nuance Power PDF Hotfix-14219.939.14357 (HKLM-x32\...\{E462B5A4-C4A8-4128-BC3B-14885102B95A}) (Version: 1.00.14357 - Nuance Communications, Inc.)
Nuance Power PDF Standard (HKLM\...\{5AFCB425-2921-48C9-BF51-7F85CCF6AE33}) (Version: 1.00.7470 - Nuance Communications, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Opera Stable 53.0.2907.99 (HKLM-x32\...\Opera 53.0.2907.99) (Version: 53.0.2907.99 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.16.2 - Quicken)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synology Data Replicator 3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
TNIOSDVolumeSync (HKLM-x32\...\{86B9BBB1-B06B-4B31-9D0A-634B41598251}) (Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.) Hidden
TNIOSDVolumeSync (HKLM-x32\...\InstallShield_{86B9BBB1-B06B-4B31-9D0A-634B41598251}) (Version: 1.0.0.3 - TPV-INVENTA TECHNOLOGY CO., LTD.)
Toolkit 6 (HKLM-x32\...\{E2E8BDDE-6F1B-4A5D-870D-2748DA79360C}) (Version: - )
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Update for Skype for Business 2015 (KB4022170) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4F70C8C6-F2BE-4892-81EF-019021C921DD}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4022170) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4F70C8C6-F2BE-4892-81EF-019021C921DD}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4022170) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{4F70C8C6-F2BE-4892-81EF-019021C921DD}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Wondershare MobileGo ( Version 7.0.0 ) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 7.0.0 - Wondershare)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-630440515-540695148-88071595-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-630440515-540695148-88071595-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Eileen\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [NPDF.ShellExtension] -> {03DDC0E5-AF08-40a2-85B9-FEDF1F4A780C} => C:\Program Files (x86)\Nuance\Power PDF\ShellExt.dll [2014-03-14] (Nuance Communications, Inc.)
ContextMenuHandlers1: [Nuance.SMFCDirectShellExt] -> {B080A0B4-C3ED-4E09-B92C-66D5829AA764} => C:\Program Files (x86)\Nuance\Power PDF\bin\SDirectShellExt.dll [2014-03-07] (Zeon International Investment Corp. )
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {076D9185-9630-4E5A-BAD0-38E6A1CDC020} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {08103E79-73C7-4823-BBF4-7D70F4765D69} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0B99CC2E-73C2-4CC4-8F8A-BBBBCE3005F3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {122DE633-3EB6-46EE-9CFA-B991C6734403} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {14ECEBDC-63E9-461D-AB43-78EB996D6C0B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-02] (Microsoft Corporation)
Task: {1A596F03-3F2D-4C23-9F34-FAEECAFF51A7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {1B0D28D6-4DA3-4A40-A22F-6B2833B3D5BA} - System32\Tasks\Lenovo\Lenovo-10909 => C:\ProgramData\Lenovo-10909.vbs [2013-04-29] () <==== ATTENTION
Task: {21940071-4AF1-45DE-8496-E0A046D47379} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {22F3EB0E-DDE3-41A0-8726-A101142AFCFA} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-02] (Microsoft Corporation)
Task: {26B6CE8C-1042-4900-ADD6-300F16EABC09} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {26B92F36-E7C6-4FCF-B365-CAB7FA3183D8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-02] (Microsoft Corporation)
Task: {3117125A-EC8E-4ADC-99CB-01E67E7CAB79} - System32\Tasks\EPSON WF-3640 Series Update {7CC07B56-87CD-4E0A-AEEF-B92355107547} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {382FEDFE-6B97-4780-99B1-9C44FE10FBC9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {43A5385A-9EC3-4BFE-8683-47AF62DE9331} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4EAD892E-975B-4DAB-96B1-FEFA53A6A6D5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5174D414-B3C3-407E-8305-9F2657F2840F} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {5606E8FA-85B6-458B-A4AF-7AA27F8508DD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {561E6941-0458-4546-8FE4-5A1F65525410} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {57DEF8FA-6C0B-4CFD-A7EE-B5A9E45CFCC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {64CCCB80-DD14-41D6-8330-57F7AA42D2A5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {70C4EF20-A225-42A6-9B54-59B0EF44770A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {77889142-CC9D-4C7A-A974-92014C71C15C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7BEFD493-56CA-4A25-B3D9-6D00CE48E012} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {7E8D9781-F7A9-44DF-A6CF-64CE78632472} - System32\Tasks\GoogleUpdateTaskMachineCore1d0932677a524bb => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {86E0C915-7297-4C08-86DD-000CB8E48D22} - System32\Tasks\EPSON WF-3640 Series Invitation {7CC07B56-87CD-4E0A-AEEF-B92355107547} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {88EC32C9-FD66-46AD-BE35-5CB88FA47DCF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {89072908-E3C9-41C9-A12C-34139264588F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8FD6FA62-A451-4214-A97B-05B6D5ED7C2C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9233D77F-ED38-43EB-9ED2-3564E51B62CF} - System32\Tasks\EPSON WF-3640 Series Invitation {D1556E81-E2B2-4EB9-9F8D-B01DD88F6E2D} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {94C4C13B-2A6F-486F-90F8-495920C812DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A30BF129-A4E7-401D-BB0F-84873C6E7E00} - \WPD\SqmUpload_S-1-5-21-630440515-540695148-88071595-1001 -> No File <==== ATTENTION
Task: {AC111476-1E27-453A-B44C-296C22FD5E85} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {ACBDC2F7-9CEE-4646-B6C2-E0BA1896083C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AD3EFDAC-736F-420B-BB73-F3DDAE1CA97C} - System32\Tasks\Opera scheduled Autoupdate 1466351888 => C:\Program Files (x86)\Opera\launcher.exe [2018-06-12] (Opera Software)
Task: {B2833D33-9556-47DE-837E-6C2975B21EA1} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {B8FAD2EC-570E-4184-8ED1-CB86DD258DD8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BE090EC9-5260-4B34-8C78-7E3766A13C2C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C105EA77-5682-4DF9-AD99-1BB7CED5CEBA} - System32\Tasks\Lenovo\Lenovo-10971 => C:\ProgramData\Lenovo-10971.vbs [2013-04-29] () <==== ATTENTION
Task: {CEA4DF81-DA29-493B-BF19-4E9681ECCF93} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {D6EC1A54-E867-4ACE-A7F0-DFC4A0C307A0} - System32\Tasks\EPSON WF-3640 Series Update {D1556E81-E2B2-4EB9-9F8D-B01DD88F6E2D} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {F258EC76-8136-4B40-B151-166887725ED9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F37076E3-4BFD-41A5-A07F-D4BCCBC50240} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-02] (Microsoft Corporation)
Task: {F5B541FA-E155-4DBB-8E08-111E25D79D7A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {F6DBAC56-BAF4-4155-87A4-BABC2D1061C8} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {7CC07B56-87CD-4E0A-AEEF-B92355107547}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {D1556E81-E2B2-4EB9-9F8D-B01DD88F6E2D}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {7CC07B56-87CD-4E0A-AEEF-B92355107547}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{7CC07B56-87CD-4E0A-AEEF-B92355107547} /F:UpdateWORKGROUP\E-DESKTOP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {D1556E81-E2B2-4EB9-9F8D-B01DD88F6E2D}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE:/EXE:{D1556E81-E2B2-4EB9-9F8D-B01DD88F6E2D} /F:UpdateWORKGROUP\E-DESKTOP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-11 19:34 - 2018-04-11 19:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 19:34 - 2018-04-11 19:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-17 18:54 - 2018-06-08 04:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2013-04-29 04:41 - 2012-10-22 17:22 - 001199648 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:F9CFE070 [548]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-630440515-540695148-88071595-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Eileen\SkyDrive\Pictures\Camera Roll\WP_20150506_008.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKLM\...\StartupApproved\Run: => "Lenovo Black Silk Input Device Main Program"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "TNIOSDVolumeSync(x86)"
HKLM\...\StartupApproved\Run32: => "Lenovo Dynamic Brightness System"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "Nuance Power PDF Standard-reminder"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "PowerPDF Registry Controller"
HKLM\...\StartupApproved\Run32: => "NuanPowerPdf1NPDFLM"
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\StartupApproved\Run: => "Fitbit Connect"
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\StartupApproved\Run: => "FileTransferForMobileGo"
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\StartupApproved\Run: => "HP ENVY 4520 series (NET)"
HKU\S-1-5-21-630440515-540695148-88071595-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C9303A31-212C-4E68-B5B6-CC6B2733BB2E}] => (Allow) C:\Program Files (x86)\Opera\53.0.2907.68\opera.exe
FirewallRules: [{62CAB5E6-F567-418B-8ECE-E33F35506E9B}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{835AD916-75CB-4A8A-9706-29AC82011921}] => (Allow) LPort=5357
FirewallRules: [{4DC8E39F-FED2-4FC4-8C85-E355F259E30A}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe
FirewallRules: [{0033F2BC-8092-4B8B-BA91-0BDB2CD8ABA8}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe
FirewallRules: [{C317D5E5-FB00-47EB-BC89-9AAFE2F10C57}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe
FirewallRules: [{CF3C2EE0-DACA-4FA7-ADF0-8D8DA9A92364}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe
FirewallRules: [{D35B5FFA-6B74-4F2F-817D-FB4CA3D9F0B4}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe
FirewallRules: [{7FEF7D5F-F97C-4081-B36B-8C80E8D0C6AD}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NPDFCreate.exe
FirewallRules: [{37D8815F-3521-4674-AD20-E04F2CC29C7B}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NPDFCreate.exe
FirewallRules: [{777C8288-3DD4-40A7-8AA8-B729A788BF5C}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe
FirewallRules: [{055EE460-AE15-44F2-A443-53B1DE7E413A}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe
FirewallRules: [{BB606136-0221-4F1E-A557-06EE1F468E6C}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFAssist.exe
FirewallRules: [{5538DB31-3289-4E17-9E34-4E20F1BD72C9}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFAssist.exe
FirewallRules: [{B1FD5282-2929-4D63-A311-D916C5186218}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{B7B8EE9C-8674-4E54-A2D0-76D2B1087936}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{DD8B51B6-DBC1-4859-9119-FC58A6558008}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{883FF103-D1CF-4E24-8993-2F1AEF3BD12B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{EDB5FF8D-E2CD-4483-868A-23CAF5D80782}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FBB23E4C-1C1A-4B2A-8116-5BD89070530E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A2F6A250-0250-47CF-B720-D53E4568B703}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{41E05031-A078-48A4-9273-A4018009BBB6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{232BD30D-9368-44A7-897D-88A772D61602}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A38DFECC-647F-4836-AAD1-626988E5BBB8}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{277BDB30-F75D-4AED-B6CC-8F5B089C82D5}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{EF88E24A-CF77-49F6-95F7-AF6EF4DEEC13}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{523BBC75-1575-42E3-9E76-7F96DBAB5B2A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{AB38CFF4-FA64-4AEB-8703-1E73ADB58E75}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{F0054096-CFD2-43CF-B423-E0281DE09493}C:\program files (x86)\synology data replicator 3\backup.exe] => (Allow) C:\program files (x86)\synology data replicator 3\backup.exe
FirewallRules: [TCP Query User{47B2F45B-F80C-497E-A7F6-D58179D0ECA8}C:\program files (x86)\synology data replicator 3\backup.exe] => (Allow) C:\program files (x86)\synology data replicator 3\backup.exe
FirewallRules: [UDP Query User{F27341AC-27BC-4153-95B3-F616FFAECB98}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [TCP Query User{7C2DCACA-8BA9-4B0C-B9CC-8A98998C027A}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{59E55213-DA17-4614-9CBC-B7A4DF04562F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C91A75D1-A79F-428C-AAD0-030BCA3ECEFF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9D30F5DC-6ADA-4778-9BE7-16BDE0D406FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{12ABAE4F-5730-453C-BFA2-EDD621A6EA21}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{A9CB4867-DFA5-488F-87BA-420E5BC58604}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [TCP Query User{2FF39C47-3235-44FD-A97F-977EED2121AB}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{94B089ED-8623-4647-A905-66B7A4D25811}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A7730720-E02A-4846-B532-EF3A6075D804}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C5D13991-B4E0-4A47-912A-D58AE9B45F98}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B71B5881-6560-4036-8E84-A571A0E00FA4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{1A25C1E8-C6C4-4C07-9ACF-E3B27B9608F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0D3B8703-5213-4307-9965-074EC14CEF9D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BA53196C-1EE1-4304-B38E-43F550A210CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E310FB6E-06F0-47A6-9C1C-7D395E270BC6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B71CBA79-8C92-43A9-BB89-A07E8ECB50E1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{7AC7CF39-A412-4523-84C3-73E07A52C642}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{32F62841-744E-479A-BA42-BD88B69FE0D7}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{54BD226A-ABA0-45D9-98AE-99F6A020ADD1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{0037E6AA-6BA5-42B5-86CD-8ACD8B62FED1}] => (Allow) C:\Users\Eileen\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E90FE555-7C98-4F68-BF2F-B4662650B703}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69DBA0E0-A6A5-4E31-9A7E-90534AD56005}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA9D4BC8-F8C7-4FB6-954E-274743B583CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1D7591AB-CD1C-49A4-88BC-EF04B6D8EC25}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E453467B-86A7-4700-9691-ACF6149B3B1E}] => (Allow) C:\Program Files (x86)\Opera\53.0.2907.99\opera.exe
FirewallRules: [{2B2E316C-2BEA-421D-B4CF-2AA3708892B1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D7DED652-3A9C-483B-9EC8-313CEA94AFA1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
04-07-2018 17:53:17 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/05/2018 12:00:12 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (07/05/2018 12:00:12 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (07/05/2018 12:00:11 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (07/05/2018 12:00:11 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (07/05/2018 12:00:11 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (07/05/2018 12:00:10 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (07/05/2018 12:00:10 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (07/05/2018 07:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17134.112, time stamp: 0xecd85e98
Faulting module name: VimicroAPOX64.dll, version: 334.7.2.6, time stamp: 0x4f631264
Exception code: 0xc0000005
Fault offset: 0x000000000000b508
Faulting process id: 0x1738
Faulting application start time: 0x01d41452cd6d1ae6
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\VimicroAPOX64.dll
Report Id: 5ef19c21-d201-4d59-ae41-1e262e0fe129
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (07/05/2018 08:39:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/05/2018 06:35:42 AM) (Source: DCOM) (EventID: 10010) (User: E-DESKTOP)
Description: The server {58598185-CF77-4407-B011-0C8282EF681F} did not register with DCOM within the required timeout.
Error: (07/05/2018 06:34:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Downloaded Maps Manager service terminated unexpectedly. It has done this 1 time(s).
Error: (07/05/2018 06:07:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (07/05/2018 06:07:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Error: (07/05/2018 06:06:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (07/05/2018 06:06:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Error: (07/05/2018 06:06:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-07-04 17:25:55.768
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {30A496DB-1EF1-4107-A20A-FB522765A489}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-04 15:44:38.962
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {71A0CF4B-50EB-4627-8E8F-11C3D8A0468E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-03 10:57:06.652
Description:
Controlled Folder Access blocked C:\Windows\System32\svchost.exe from making changes to memory.
Detection time: 2018-07-03T14:57:06.652Z
Path: \Device\HarddiskVolume1
Process Name: C:\Windows\System32\svchost.exe
Signature Version: 1.271.328.0
Engine Version: 1.1.15000.2
Product Version: 4.18.1806.18062
Date: 2018-07-03 10:33:42.052
Description:
C:\Users\Eileen\Documents\frst64\FRST64.exe has been blocked from modifying %userprofile%\Documents\frst64\ by Controlled Folder Access.
Detection time: 2018-07-03T14:33:42.051Z
Path: %userprofile%\Documents\frst64\
Process Name: C:\Users\Eileen\Documents\frst64\FRST64.exe
Signature Version: 1.271.328.0
Engine Version: 1.1.15000.2
Product Version: 4.18.1806.18062
Date: 2018-07-03 10:32:08.717
Description:
C:\Windows\System32\notepad.exe has been blocked from modifying %desktopdirectory%\frst64\ by Controlled Folder Access.
Detection time: 2018-07-03T14:32:08.717Z
Path: %desktopdirectory%\frst64\
Process Name: C:\Windows\System32\notepad.exe
Signature Version: 1.271.328.0
Engine Version: 1.1.15000.2
Product Version: 4.18.1806.18062
Date: 2018-07-04 13:25:58.202
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.420.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-07-03 06:35:05.863
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.328.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-07-03 05:03:08.087
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.328.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-07-02 17:55:42.614
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.328.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-07-02 16:36:02.836
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.328.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x80070643
Error description: Fatal error during installation.
CodeIntegrity:
===================================
Date: 2018-07-04 07:15:31.227
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-04 07:15:29.255
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-04 07:14:25.502
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-04 07:07:49.865
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-04 07:04:16.996
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-04 07:03:15.095
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-04 07:02:57.823
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-04 05:47:25.033
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 43%
Total physical RAM: 3982.1 MB
Available physical RAM: 2266.46 MB
Total Virtual: 7566.1 MB
Available Virtual: 5885.09 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:904.42 GB) (Free:782.91 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{99d76798-e49e-44c1-aabc-fcaffe589c61}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.6 GB) NTFS
\\?\Volume{8a98ded2-781f-4dac-8454-02cdb9fd0f17}\ () (Fixed) (Total:0.83 GB) (Free:0.45 GB) NTFS
\\?\Volume{4dd549be-7079-40fe-9834-21cf75e29cb8}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:12.35 GB) NTFS
\\?\Volume{75486228-630d-48e3-a23b-71748e0fd3a1}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 985CD7B4)
Partition: GPT.
==================== End of Addition.txt ============================