Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 10 Computer [Solved]

slow redirect

  • This topic is locked This topic is locked

#1
John Aukerman

John Aukerman

    Member

  • Member
  • PipPipPip
  • 229 posts

This Windows 10 computer is running much slower than usual, and on at least one website, a trusted one, a link redirects to a location that hangs the computer and gives me a toll free number to call for help. It claims to be a Microsoft number, but the person answering says "Tech Support," does not work for Microsoft, and wants to connect to my computer to "diagnose the problem." I think I might have some malware!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-07-2019
Ran by jhauk (administrator) on DESKTOP-6JBP3L9 (Dell Inc. Inspiron 3670) (30-07-2019 10:40:36)
Running from C:\Users\jhauk\Desktop
Loaded Profiles: jhauk (Available Profiles: jhauk)
Platform: Windows 10 Home Version 1809 17763.615 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19062.451.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\32.0.11.0\crashpad_handler.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\32.0.11.0\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\32.0.11.0\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\32.0.11.0\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\32.0.11.0\GoogleDriveFS.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3a8cbc27c6d7029f\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3a8cbc27c6d7029f\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_77108672a20718cf\RstMwService.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\laclient.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(McAfee, LLC. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\pef\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\VSCore_19_5\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\csp\3.1.286.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\mmsshost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\modulecore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\DSAPI.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\pcdrwi.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSysSvc64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [834336 2019-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSvc64.exe [1222536 2018-12-05] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWStartup.exe [313064 2018-10-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-02-27] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2177160 2019-06-30] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [77496 2019-03-11] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [2015928 2019-03-11] (Pro Softnet Corporation -> Prosoftnet)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\32.0.11.0\GoogleDriveFS.exe [38275880 2019-06-27] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-07] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\MountPoints2: {132fee6d-68d6-11e9-b9c1-283a4d347e22} - "E:\Setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0198E9C4-F698-4B33-B9AD-D169536351F3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [152112 2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {06B1142B-0C72-4434-9B7C-C4BF16823D39} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-09] (Adobe Inc. -> Adobe)
Task: {08F613EF-2C13-43C5-B1C1-95BA0795A0A2} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.3.102\DADUpdater.exe [4137608 2019-07-25] (McAfee, LLC. -> McAfee, Inc.)
Task: {112039E5-98E0-441B-A466-4D33EC626CCE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208400 2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {2AB14D09-8E5E-4050-AB97-FF38B88744B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {35E9EA14-2BCD-4003-998D-0ABCBF9814E8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1512920 2019-05-24] (Dell Inc. -> Dell Inc.)
Task: {38C5CA0A-172C-4615-A359-C46A83CA3747} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {4C26AFD1-5C37-4F8A-BC2C-27E939578E35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-18] (Google Inc -> Google Inc.)
Task: {4D8D415E-05CA-4035-9C81-FF2379E407FC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [25944 2015-05-07] (Garmin International, Inc. -> )
Task: {5593322D-AF94-43F1-B8E8-13F67E515E3B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {615C6796-E688-4E21-B2A1-4A698F1768E5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4545544 2019-06-04] (McAfee, LLC -> McAfee, LLC.)
Task: {7EF23CDC-36C9-4405-8F3F-4860BFEB1D8D} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [759744 2019-06-11] (McAfee, LLC. -> McAfee, LLC.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {845E8A81-D62C-4750-828B-9BF0FBCBBC87} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-06-04] (McAfee, LLC. -> McAfee, LLC.)
Task: {9D94C351-9B82-46BC-BB95-0FED553E341C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {B856BD0D-AF00-434C-B704-496ACF614423} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [32448 2018-12-04] (Rivet Networks LLC -> DELL)
Task: {BDA1B568-739C-494B-9E83-D6A37DDCFD4F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208400 2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2E1123D-C6A2-406A-A308-AF09222B7D41} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1028256 2019-06-04] (McAfee, LLC. -> McAfee, LLC.)
Task: {F9D9754C-5D02-4531-8BB9-7B3526AF98E5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2248312 2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {FAC8922D-D9DC-481C-B9D8-4AA6D2E54601} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [152112 2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCA6206D-B840-474E-8114-64E82E20DEBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-03-18] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{e6d416ea-722e-4537-9bf4-49c06dbe3514}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001 -> DefaultScope {43B1B2E9-843B-4459-8E32-95BA5A2117FD} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-07-19] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-07-19] (McAfee, LLC -> McAfee, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-12] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2019-06-28] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2019-06-28] (McAfee, LLC. -> McAfee, LLC.)

FireFox:
========
FF DefaultProfile: ou4ydgfb.default-1553941110074
FF ProfilePath: C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074 [2019-07-30]
FF Homepage: Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074 -> hxxps://www.facebook.com/?sk=h_chr|hxxps://mail.google.com/mail/u/0/#inbox|hxxps://calendar.google.com/calendar/r/day?tab=mc
FF Extension: (Facebook Container) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\@contain-facebook.xpi [2019-07-08]
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\[email protected] [2019-07-30] [UpdateUrl:hxxps://www.fbpurity.com/FF-FBP-Ext-Updates.json]
FF Extension: (FunKrazyGames) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\{8d9fbceb-756f-417a-a691-de9a2c1c5648}.xpi [2019-07-22] [UpdateUrl:hxxps://browser-addon.s3.amazonaws.com/prod/funkrazygames/updates.json]
FF Extension: (SearchOurGames ads) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\{d51b14e2-4c5f-4601-b2b6-af8b572171cc}.xpi [2019-07-25] [UpdateUrl:hxxps://browser-addon.s3.amazonaws.com/prod/searchourgames/updates.json]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-07-19]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2019-07-25] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2019-06-28] (McAfee, LLC. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.) [File not signed]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2019-06-28] (McAfee, LLC. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-29] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-29] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://calendar.google.com/calendar/r?tab=mc","hxxps://www.facebook.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://bcedopgbjnjfngcejdmkppbcmcgndpkg/newtab/quicknewtabpage.html"
CHR DefaultSearchURL: Default -> hxxps://www.searchencrypt.com/encsearch?q={searchTerms}
CHR DefaultSearchKeyword: Default -> se
CHR DefaultSuggestURL: Default -> hxxps://www.searchencrypt.com/encsuggest?q={searchTerms}
CHR Profile: C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default [2019-07-30]
CHR Extension: (Slides) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-18]
CHR Extension: (Docs) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-18]
CHR Extension: (Google Drive) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-18]
CHR Extension: (Satellite Earth) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcedopgbjnjfngcejdmkppbcmcgndpkg [2019-07-25]
CHR Extension: (YouTube) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-18]
CHR Extension: (Sheets) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-18]
CHR Extension: (Search Encrypt) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnlabkgljnlaidbnocfhgdeajcgmahml [2019-07-09]
CHR Extension: (MapsDrivingDirections) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdjloakmpghjjkijglfmonejilicedl [2019-05-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-03-18]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-18]
CHR Extension: (Gmail) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\jhauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [416064 2018-04-24] (Qualcomm Atheros -> Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc. -> McAfee, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2019-02-28] (Dell Inc -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3363824 2019-02-28] (Dell Inc -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2019-02-28] (Dell Inc -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\DSAPI.exe [1050952 2019-05-29] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc -> Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] (Dell Inc -> )
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [715784 2015-05-07] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
S4 HfcDisableService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_77108672a20718cf\HfcDisableService.exe [1860784 2019-02-27] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfsService; C:\WINDOWS\System32\iaStorAfsService.exe [2834096 2019-02-27] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [258744 2019-03-11] (Pro Softnet Corporation -> Prosoftnet)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [775904 2018-09-14] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [705760 2018-09-14] (Intel® Trust Services -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [218176 2018-11-16] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [899264 2019-07-19] (McAfee, LLC -> McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_19_5\McApExe.exe [747384 2019-06-19] (McAfee, LLC. -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [455584 2017-09-27] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.286.0\\McCSPServiceHost.exe [2226608 2019-06-13] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [376992 2019-04-26] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [609920 2019-04-26] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [542240 2019-04-26] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1700272 2019-06-04] (McAfee, LLC. -> McAfee, LLC.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1361888 2019-06-13] (McAfee, LLC. -> McAfee, Inc.)
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-12-04] (Rivet Networks LLC -> CloudBees, Inc.)
R2 RstMwService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_77108672a20718cf\RstMwService.exe [2115760 2019-02-27] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [834336 2019-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-12-04] (Rivet Networks LLC -> Rivet Networks)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39896 2019-05-24] (Dell Inc. -> Dell Inc.)
R2 WavesSysSvc; C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo75de.inf_amd64_5ff36f834a6d461a\WavesSysSvc64.exe [884616 2018-12-05] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-06-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGo\DriverInstall.exe [107624 2018-12-13] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4322768 2018-11-15] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77360 2019-05-15] (McAfee, Inc. -> McAfee, LLC)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [40824 2019-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R1 googledrivefs2713; C:\WINDOWS\System32\DRIVERS\googledrivefs2713.sys [123736 2019-05-20] (Google LLC -> Google, Inc.)
R3 HfAudio; C:\WINDOWS\System32\drivers\HfAudio.sys [91200 2018-10-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc. -> McAfee, Inc.)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1018328 2019-02-27] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [73904 2019-02-27] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [523336 2019-05-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [380976 2019-05-15] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [86144 2019-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518192 2019-05-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [991792 2019-05-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [565080 2019-05-02] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108888 2019-05-02] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [118320 2019-05-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254000 2019-05-15] (McAfee, Inc. -> McAfee, LLC)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010656 2017-11-20] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [424384 2018-02-27] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 ScrHIDDriver2; C:\WINDOWS\System32\drivers\ScrHIDDriver2.sys [75800 2018-10-05] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-12-04] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-30 10:40 - 2019-07-30 10:42 - 000034919 _____ C:\Users\jhauk\Desktop\FRST.txt
2019-07-30 10:39 - 2019-07-30 10:40 - 000000000 ____D C:\FRST
2019-07-30 10:38 - 2019-07-30 10:38 - 002096128 _____ (Farbar) C:\Users\jhauk\Desktop\FRST64.exe
2019-07-30 10:33 - 2019-07-30 10:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-07-30 07:20 - 2019-07-30 07:20 - 001148139 _____ C:\Users\jhauk\Documents\aukerman20190730 (2019-07-30).rmgb
2019-07-30 07:16 - 2019-07-30 10:42 - 004630528 _____ C:\Users\jhauk\Documents\aukerman20190730.rmgc
2019-07-30 07:16 - 2019-07-30 07:16 - 000000489 _____ C:\Users\jhauk\Documents\aukerman20190730.LST
2019-07-29 07:00 - 2019-07-29 07:14 - 000000000 ____D C:\ProgramData\Garmin
2019-07-29 07:00 - 2019-07-29 07:01 - 000000000 ____D C:\Users\jhauk\AppData\Local\Garmin_Ltd._or_its_subsid
2019-07-29 07:00 - 2019-07-29 07:00 - 000000000 ____D C:\Users\jhauk\AppData\Roaming\Garmin
2019-07-29 07:00 - 2019-07-29 07:00 - 000000000 ____D C:\Program Files\DIFX
2019-07-29 06:59 - 2019-07-29 07:00 - 000000000 ____D C:\Program Files (x86)\Garmin
2019-07-29 06:59 - 2019-07-29 06:59 - 000003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2019-07-29 06:59 - 2019-07-29 06:59 - 000001965 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2019-07-29 06:59 - 2019-07-29 06:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2019-07-25 01:09 - 2019-05-02 23:28 - 000565080 _____ (McAfee LLC.) C:\WINDOWS\SMSS-PFRO7e19.tmp
2019-07-25 01:08 - 2019-07-25 01:08 - 000003316 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2019-07-25 01:06 - 2019-05-15 16:46 - 000523336 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeaack.sys
2019-07-25 01:06 - 2019-05-15 16:46 - 000118320 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeplk.sys
2019-07-25 01:06 - 2019-04-26 12:02 - 000542240 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe
2019-07-22 06:58 - 2019-07-22 06:58 - 004593298 _____ C:\Users\jhauk\Desktop\Succession planning NP WebAdvisors Dec 2018 v2.pptx
2019-07-21 07:19 - 2019-07-21 07:19 - 000001787 _____ C:\Users\jhauk\Downloads\Untitled9780525555353 (2).acsm
2019-07-20 06:36 - 2019-07-22 05:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-07-19 06:40 - 2019-07-19 06:40 - 000001787 _____ C:\Users\jhauk\Downloads\Untitled9780525555353.acsm
2019-07-19 06:40 - 2019-07-19 06:40 - 000001787 _____ C:\Users\jhauk\Downloads\Untitled9780525555353 (1).acsm
2019-07-18 07:06 - 2019-07-18 07:06 - 000000000 ____D C:\Users\jhauk\AppData\Local\4kdownload.com
2019-07-18 07:05 - 2019-07-18 07:05 - 000000966 _____ C:\Users\jhauk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2019-07-18 07:05 - 2019-07-18 07:05 - 000000000 ____D C:\Program Files\4KDownload
2019-07-18 06:04 - 2019-07-18 06:04 - 000000000 ____D C:\Users\jhauk\AppData\Local\Deployment
2019-07-18 06:04 - 2019-07-18 06:04 - 000000000 ____D C:\Users\jhauk\AppData\Local\Apps\2.0
2019-07-18 06:04 - 2019-07-18 06:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-07-18 06:04 - 2019-07-18 06:04 - 000000000 ____D C:\Program Files\Common Files\Adobe
2019-07-18 06:04 - 2019-07-18 06:04 - 000000000 ____D C:\Program Files\Adobe
2019-07-18 06:03 - 2019-07-18 06:03 - 000000000 ____D C:\Program Files\Logitech
2019-07-11 00:05 - 2019-07-11 00:05 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1015540938-3996997567-1391499832-1001
2019-07-11 00:05 - 2019-07-11 00:05 - 000002369 _____ C:\Users\jhauk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-10 08:58 - 2019-07-10 08:58 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 019012096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 012243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 008900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 007727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 005115384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 004880896 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 003738624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 002469432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 002323688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-07-10 08:58 - 2019-07-10 08:58 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-07-10 08:58 - 2019-07-10 08:58 - 002013696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 001266192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-10 08:58 - 2019-07-10 08:58 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2019-07-10 08:58 - 2019-07-10 08:58 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000798736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-07-10 08:58 - 2019-07-10 08:58 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000747568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2019-07-10 08:58 - 2019-07-10 08:58 - 000743216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2019-07-10 08:58 - 2019-07-10 08:58 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000687896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2019-07-10 08:58 - 2019-07-10 08:58 - 000673520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2019-07-10 08:58 - 2019-07-10 08:58 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-10 08:58 - 2019-07-10 08:58 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-10 08:58 - 2019-07-10 08:58 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-07-10 08:58 - 2019-07-10 08:58 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2019-07-10 08:58 - 2019-07-10 08:58 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2019-07-10 08:58 - 2019-07-10 08:58 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2019-07-10 08:58 - 2019-07-10 08:58 - 000092592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-10 08:58 - 2019-07-10 08:58 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-10 08:58 - 2019-07-10 08:58 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-10 08:57 - 2019-07-10 08:58 - 012938752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 023454208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 022115472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 009683472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 007876096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 006925312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 006545304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 006308232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 005587976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 005566464 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 005561312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 005528064 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 005297664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 003818416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 003636224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 003630592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 003427328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 003385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 003081728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 002982400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 002871816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 002778760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 002714624 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 002701000 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 002693120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 002626872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 002278784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 002073472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 002050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001966904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001837136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001794048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001721352 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001702088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-10 08:57 - 2019-07-10 08:57 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001477648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001472808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001465464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001427592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001345168 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-10 08:57 - 2019-07-10 08:57 - 001316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001259520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 001162320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001159168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001125416 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001075712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001038336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000998928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000964608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000828728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000810504 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000807480 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000804744 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000771584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000730936 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000660032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000652528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000637968 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000553992 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000514136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000464912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 000439096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 000431416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-07-10 08:57 - 2019-07-10 08:57 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000397688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000351432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000333128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.shareexperience.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000279920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000219448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-10 08:57 - 2019-07-10 08:57 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000157024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000149232 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000137864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000121896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000071696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-07-10 08:57 - 2019-07-10 08:57 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-10 08:57 - 2019-07-10 08:57 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2019-07-10 08:56 - 2019-07-10 08:57 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 007687784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 004351448 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 003335216 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 002766136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-10 08:56 - 2019-07-10 08:56 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 002593336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 002085376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 001676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 001662480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 001321784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-07-10 08:56 - 2019-07-10 08:56 - 001208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 001199616 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 001052984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-07-10 08:56 - 2019-07-10 08:56 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 001043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2019-07-10 08:56 - 2019-07-10 08:56 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000987736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000895552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000871784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000865272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000850992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-10 08:56 - 2019-07-10 08:56 - 000799776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000770096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000768224 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000731104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-10 08:56 - 2019-07-10 08:56 - 000680176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-07-10 08:56 - 2019-07-10 08:56 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-07-10 08:56 - 2019-07-10 08:56 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000511504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000506408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000482104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2019-07-10 08:56 - 2019-07-10 08:56 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000423480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000310288 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000298296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-07-10 08:56 - 2019-07-10 08:56 - 000294000 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-10 08:56 - 2019-07-10 08:56 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000241944 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2019-07-10 08:56 - 2019-07-10 08:56 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-07-10 08:56 - 2019-07-10 08:56 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-07-10 08:56 - 2019-07-10 08:56 - 000197832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2019-07-10 08:56 - 2019-07-10 08:56 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000141216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000117720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-07-10 08:56 - 2019-07-10 08:56 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2019-07-10 08:56 - 2019-07-10 08:56 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2019-07-10 08:56 - 2019-07-10 08:56 - 000036360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-10 08:56 - 2019-07-10 08:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-07-10 08:56 - 2019-07-10 08:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-07-10 08:56 - 2019-07-10 08:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-07-10 08:56 - 2019-07-10 08:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-07-10 08:56 - 2019-07-10 08:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-07-10 08:56 - 2019-07-10 08:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-07-10 08:56 - 2019-07-10 08:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-07-10 08:56 - 2019-07-10 08:56 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-07-09 06:44 - 2019-07-09 06:44 - 004863032 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-07-06 09:36 - 2019-07-06 09:36 - 010588523 _____ C:\Users\jhauk\Documents\FUNK (2019-07-06).rmgb
2019-07-06 07:39 - 2019-07-06 07:40 - 000267821 _____ C:\Users\jhauk\Documents\ACKERMAN (2019-07-06).rmgb
2019-07-06 07:38 - 2019-07-06 07:38 - 009888703 _____ C:\Users\jhauk\Documents\menges (2019-07-06).rmgb
2019-07-06 07:38 - 2019-07-06 07:38 - 000269590 _____ C:\Users\jhauk\Documents\renner (2019-07-06).rmgb
2019-07-06 07:37 - 2019-07-06 07:37 - 002242471 _____ C:\Users\jhauk\Documents\leehouse (2019-07-06).rmgb
2019-07-06 07:37 - 2019-07-06 07:37 - 000286953 _____ C:\Users\jhauk\Documents\hladmitchell (2019-07-06).rmgb
2019-07-06 07:37 - 2019-07-06 07:37 - 000259010 _____ C:\Users\jhauk\Documents\huff (2019-07-06).rmgb
2019-07-06 07:37 - 2019-07-06 07:37 - 000241343 _____ C:\Users\jhauk\Documents\rand (2019-07-06).rmgb
2019-07-06 07:35 - 2019-07-29 10:59 - 001932288 _____ C:\Users\jhauk\Documents\woodrum.rmgc
2019-07-06 07:35 - 2019-07-06 07:35 - 000000457 _____ C:\Users\jhauk\Documents\woodrum.LST
2019-07-06 07:35 - 2019-07-06 07:35 - 000000359 _____ C:\Users\jhauk\Documents\renner.LST
2019-07-06 07:34 - 2019-07-29 10:59 - 001466368 _____ C:\Users\jhauk\Documents\renner.rmgc
2019-07-06 07:34 - 2019-07-29 10:59 - 001362944 _____ C:\Users\jhauk\Documents\rand.rmgc
2019-07-06 07:34 - 2019-07-06 07:34 - 000000357 _____ C:\Users\jhauk\Documents\rand.LST
2019-07-06 07:33 - 2019-07-29 10:59 - 035849216 _____ C:\Users\jhauk\Documents\menges.rmgc
2019-07-06 07:33 - 2019-07-06 07:33 - 000000359 _____ C:\Users\jhauk\Documents\menges.LST
2019-07-06 07:32 - 2019-07-29 10:58 - 007145472 _____ C:\Users\jhauk\Documents\leehouse.rmgc
2019-07-06 07:32 - 2019-07-29 10:58 - 001427456 _____ C:\Users\jhauk\Documents\huff.rmgc
2019-07-06 07:32 - 2019-07-06 07:32 - 000000428 _____ C:\Users\jhauk\Documents\leehouse.LST
2019-07-06 07:32 - 2019-07-06 07:32 - 000000357 _____ C:\Users\jhauk\Documents\huff.LST
2019-07-06 07:31 - 2019-07-29 10:58 - 001537024 _____ C:\Users\jhauk\Documents\hladmitchell.rmgc
2019-07-06 07:31 - 2019-07-06 07:31 - 000000365 _____ C:\Users\jhauk\Documents\hladmitchell.LST
2019-07-06 07:23 - 2019-07-06 07:41 - 000314951 _____ C:\Users\jhauk\Documents\gordon (2019-07-06).rmgb
2019-07-06 07:23 - 2019-07-06 07:23 - 000000359 _____ C:\Users\jhauk\Documents\gordon.LST
2019-07-06 07:22 - 2019-07-29 10:56 - 001619968 _____ C:\Users\jhauk\Documents\gordon.rmgc
2019-07-04 16:59 - 2019-07-04 16:59 - 000266935 _____ C:\Users\jhauk\Documents\ACKERMAN (2019-07-04).rmgb

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-30 10:42 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-30 10:34 - 2019-03-18 10:16 - 000000000 ____D C:\ProgramData\IDrive
2019-07-30 10:33 - 2019-03-18 09:43 - 000000000 ____D C:\Users\jhauk\AppData\LocalLow\Mozilla
2019-07-30 10:33 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2019-07-30 10:32 - 2019-03-18 12:25 - 000000000 ____D C:\Users\jhauk\AppData\Local\D3DSCache
2019-07-30 10:30 - 2019-04-03 13:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-30 10:30 - 2019-04-03 12:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-30 10:19 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-30 10:11 - 2019-04-03 12:55 - 000842664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-30 09:59 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\Registration
2019-07-30 09:57 - 2019-04-03 13:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-07-30 09:56 - 2018-11-21 03:36 - 000000000 ____D C:\Program Files (x86)\McAfee
2019-07-30 07:39 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-30 07:15 - 2019-04-08 06:46 - 039351296 _____ C:\Users\jhauk\Documents\FUNK.rmgc
2019-07-30 06:46 - 2019-04-09 06:11 - 000000000 ____D C:\Users\jhauk\Desktop\to post
2019-07-30 06:14 - 2018-09-15 02:09 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2019-07-30 00:54 - 2019-03-18 18:50 - 000000000 ____D C:\Users\jhauk\Documents\Bren
2019-07-29 10:51 - 2019-03-19 17:02 - 001378304 _____ C:\Users\jhauk\Documents\ACKERMAN.rmgc
2019-07-29 06:59 - 2018-11-21 03:26 - 000000000 ____D C:\ProgramData\Package Cache
2019-07-29 02:31 - 2019-06-25 05:53 - 000000000 ____D C:\Users\Public\Logi
2019-07-25 07:52 - 2018-11-21 03:36 - 000000000 ____D C:\ProgramData\McAfee
2019-07-25 05:57 - 2019-03-18 09:26 - 000000000 ____D C:\Users\jhauk\AppData\Local\Packages
2019-07-25 01:09 - 2018-11-21 03:36 - 000000000 ____D C:\Program Files\Common Files\mcafee
2019-07-25 01:07 - 2018-09-15 03:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-24 07:04 - 2019-03-19 05:21 - 000000000 ____D C:\Users\Aukerman\Desktop\John
2019-07-23 10:10 - 2019-04-03 13:02 - 000003710 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2019-07-22 05:38 - 2019-03-18 09:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-20 21:54 - 2019-03-18 09:43 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-07-20 11:51 - 2019-03-18 09:28 - 000000000 ____D C:\Users\jhauk\AppData\Local\PlaceholderTileLogoFolder
2019-07-19 05:56 - 2019-03-20 13:53 - 000000000 ____D C:\Users\jhauk\AppData\Local\ElevatedDiagnostics
2019-07-18 07:09 - 2019-03-18 18:57 - 000000000 ____D C:\Users\jhauk\Desktop\John
2019-07-16 22:46 - 2019-03-18 09:35 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-16 00:42 - 2019-03-27 11:34 - 000000000 ____D C:\Users\jhauk\Desktop\Lou Ann - Choruses; Print-Scan to jpg, print to pdf
2019-07-15 22:33 - 2019-03-18 10:09 - 000002094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive File Stream.lnk
2019-07-15 00:36 - 2019-04-03 12:46 - 000000000 ____D C:\Users\jhauk
2019-07-12 23:10 - 2019-04-02 08:43 - 000000000 ____D C:\Program Files\Microsoft Office
2019-07-11 05:15 - 2019-03-18 09:26 - 000000000 ___RD C:\Users\jhauk\3D Objects
2019-07-11 05:15 - 2018-11-21 04:09 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-11 05:14 - 2019-05-11 07:46 - 000464648 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-11 00:29 - 2018-09-15 02:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-07-11 00:28 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-11 00:28 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-11 00:28 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-11 00:28 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-11 00:28 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-07-11 00:28 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-11 00:28 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-11 00:28 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-11 00:28 - 2018-09-15 02:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-11 00:05 - 2019-03-18 09:31 - 000000000 ___RD C:\Users\jhauk\OneDrive
2019-07-10 09:07 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-10 09:05 - 2019-03-19 06:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-10 09:02 - 2019-03-19 06:00 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-09 06:44 - 2019-04-03 13:02 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-09 06:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-09 06:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-04 06:20 - 2019-03-18 12:14 - 000000000 ____D C:\Users\jhauk\AppData\Roaming\Audacity
2019-07-03 07:20 - 2019-03-18 18:51 - 000000000 ____D C:\Users\jhauk\Documents\John
2019-07-01 06:20 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories ================

2003-11-10 16:27 - 2003-11-10 16:26 - 000376884 _____ () C:\Program Files\image001.bmp

==================== FLock ================

2019-04-03 12:43 C:\Recovery

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-07-2019
Ran by jhauk (30-07-2019 10:42:53)
Running from C:\Users\jhauk\Desktop
Windows 10 Home Version 1809 17763.615 (X64) (2019-04-03 17:03:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1015540938-3996997567-1391499832-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1015540938-3996997567-1391499832-503 - Limited - Disabled)
Guest (S-1-5-21-1015540938-3996997567-1391499832-501 - Limited - Disabled)
jhauk (S-1-5-21-1015540938-3996997567-1391499832-1001 - Administrator - Enabled) => C:\Users\jhauk
WDAGUtilityAccount (S-1-5-21-1015540938-3996997567-1391499832-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.8 (HKLM\...\{2FA2F521-494C-4E8F-8C30-3D3E81590413}) (Version: 4.8.0.2852 - Open Media LLC)
AceMoney (HKLM-x32\...\AceMoney_is1) (Version:  - MechCAD Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
ANT Drivers Installer x64 (HKLM\...\{3C776B0F-D46B-492A-A1A2-D413FA432AA6}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP970 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.)
Dell Digital Delivery Service (HKLM-x32\...\{DD47FCB3-5038-40CE-A02A-85F51BA03F37}) (Version: 3.6.1012.0 - Dell Products, LP)
Dell Mobile Connect Drivers (HKLM\...\{04DF02C6-E3D7-4D26-A44C-6F8A2E218D2C}) (Version: 1.3.6844 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{806422F1-FC4E-4D7C-8855-05748AEFC031}) (Version: 3.2.2.119 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{2B2C47D2-F037-4C03-B599-07D7AFE8DD54}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8ce1a5ae-856e-4b8e-a0e8-27dd7a209276}) (Version: 3.3.0.4943 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{7994281D-063E-4A04-9F18-76732CF6765F}) (Version: 3.3.0.4943 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{2cabaef5-a71d-4331-8ba5-16ab64ffc2bb}) (Version: 3.3.0.4943 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{70E9F8CC-A23E-4C25-B292-C86C1821587C}) (Version: 3.0.1 - Dell, Inc.)
Elevated Installer (HKLM-x32\...\{536854BE-161A-45E3-8119-9C5170622594}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{2D202D2F-C6F4-4D96-A93F-3BDA7519DE5D}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{cc3a3e9f-5960-4162-9538-497b3a82b52e}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{48EDC72D-3A74-4F6C-9DD2-B8DF3E63B4AB}) (Version: 4.0.20.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 32.0.11.0 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
IDrive Version - 6.7 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
Intel® Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel® Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.5017 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.4.1011 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C81FD018-F151-460F-B4F9-0D58039503E2}) (Version: 17.2.4.9002 - Intel Corporation)
Jihosoft Phone Transfer version 3.4.2.0 (HKLM-x32\...\{116B8806-B959-4600-8591-35E60440BD3D}_is1) (Version: 3.4.2.0 - HONGKONG JIHO CO., LIMITED)
Logitech Options (HKLM\...\LogiOptions) (Version: 7.14.70 - Logitech)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R20 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.0.80 - McAfee, LLC.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11727.20244 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)
MusicTime Deluxe (HKLM-x32\...\MusicTime Deluxe 4.0.4) (Version: 4.0.4 - Passport)
MusicTime Deluxe 3.5.5 (HKLM-x32\...\MusicTime Deluxe 3.5.5) (Version:  - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11727.20244 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.3.15 - Qualcomm Atheros)
Qualcomm WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8642 - Realtek Semiconductor Corp.)
RootsMagic 3.2.1.1 (HKLM-x32\...\RootsMagic_is1) (Version:  - RootsMagic, Inc.)
RootsMagic 7.5.9.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.5.9.0 - RootsMagic, Inc.)
SmartByte Drivers and Services (HKLM\...\{01F01829-4C5A-41B0-8198-0BDD02B34C47}) (Version: 2.0.643 - Rivet Networks)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Wondershare TunesGo ( Version 9.7.3 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 9.7.3 - Wondershare)

Packages:
=========
Audacity 2 -> C:\Program Files\WindowsApps\42109FactoriaDatacenter.Audacity2_2.3.2.0_neutral__zaf1c6h4vqsbt [2019-05-29] (Repackagerexpress.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1550.4.0_x86__kgqvnymyfvs32 [2019-07-16] (king.com)
Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_5.0.0.3_x86__m9bz608c1b9ra [2019-06-11] (Nordcurrent)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.17.0_x64__htrsf667h5kn2 [2018-11-21] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.36.0_x64__htrsf667h5kn2 [2019-04-11] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_2.0.8168.0_x64__0vhbc3ng4wbp0 [2019-05-01] (Screenovate Technologies)
Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.2.5.0_x64__htrsf667h5kn2 [2019-05-29] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_3.0.160.0_x64__htrsf667h5kn2 [2019-03-18] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.1.0_x64__xbfy0k16fey96 [2019-06-08] (Dropbox Inc.)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-03-18] (Fitbit)
Free Instant Youtube Downloader -> C:\Program Files\WindowsApps\356E5ED5.FreeInstantYoutubeDownloader_1.5.0.0_x64__n9erwrkheyjxe [2019-07-18] (Prospera Software Inc.) [MS Ad]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-23] (Apple Inc.)
Libby, by OverDrive -> C:\Program Files\WindowsApps\2FA138F6.LibbybyOverDrive_1.4.2.0_x64__daecb9042jmvt [2019-07-20] (OverDrive Inc.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-03-18] (LinkedIn)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Corporation) [MS Ad]
McAfee Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_1.4.3.0_x64__wafk5atnkzcwy [2019-03-18] (McAfee Inc.)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.4.2725.0_x86__mcezb6ze687jp [2019-03-18] (CYBERLINK CORPORATION.)
Meme-Generator -> C:\Program Files\WindowsApps\8840NaveenCS.Meme-Generator_3.3.0.0_neutral__20e0kv46hk748 [2019-04-27] (Naveen CS)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-18] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-18] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2019-03-18] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.1.249.0_x64__htrsf667h5kn2 [2019-04-30] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-06-26] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-03-25] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.9.0_x64__nfy108tqq3p12 [2019-03-18] (Thumbmunkeys Ltd) [MS Ad]
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2019-03-18] (Plex)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.1.9506.0_x86__mcezb6ze687jp [2019-03-18] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_8.0.8908.0_x86__mcezb6ze687jp [2019-03-18] (CYBERLINK CORPORATION.)
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2019-03-18] (CYBERLINK CORPORATION.)
SHARE.it -> C:\Program Files\WindowsApps\30608Paradox.SHAREit81_1.7.18.0_x64__ghshvk1r7eapp [2019-04-30] (SHAREit Technologies Co.Ltd) [MS Ad]
Slack -> C:\Program Files\WindowsApps\91750D7E.Slack_4.0.1.0_x64__8she8kybcnzg4 [2019-07-28] (Slack Technologies Inc.)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_2.5.713.0_x64__rh07ty8m5nkag [2019-04-23] (Rivet Networks LLC)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.5.14.0_x64__8wekyb3d8bbwe [2019-07-03] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell -> C:\Program Files\WindowsApps\WavesAudio.WavesMaxxAudioProforDell_1.1.131.0_x64__fh4rh281wavaa [2019-03-18] (Waves Audio)
Zalo Desktop -> C:\Program Files\WindowsApps\VNGOnline.Zalofordesktop_18.11.2.0_x64__z59ddpn1nx8g0 [2019-04-30] (VNG Online)
ZAPYA -> C:\Program Files\WindowsApps\EBAC32FB.ZAPYA_1.2.6.0_x86__7pjp2xjm0bc9w [2019-04-30] (邻动(北京)技术有限公司)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2019-02-25] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2019-02-25] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2019-02-25] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2019-02-25] () [File not signed]
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-06-28] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2019-02-25] () [File not signed]
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2019-02-25] () [File not signed]
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\32.0.11.0\drivefsext.dll [2019-06-27] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\cui_component.inf_amd64_0219cc1c7085a93f\igfxDTCM.dll [2018-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-06-28] (McAfee, LLC. -> McAfee, LLC.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-03-18 10:16 - 2019-02-25 16:34 - 000601600 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2019-03-18 10:16 - 2019-02-25 16:34 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2019-06-25 20:37 - 2019-06-25 20:37 - 000144896 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\libssh2.dll
2019-06-25 20:37 - 2019-06-25 20:37 - 000077824 _____ () [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\zlib.dll
2015-05-07 14:58 - 2015-05-07 14:58 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Device Interaction Service\XercesLib.dll
2011-08-30 08:06 - 2011-08-30 08:06 - 000267776 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNBLM4.DLL
2019-03-19 05:52 - 2012-08-30 11:18 - 000252416 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2019-03-18 09:21 - 2011-08-30 08:06 - 000084992 _____ (CANON INC.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\CNBPP4.DLL
2015-05-07 14:58 - 2015-05-07 14:58 - 000233472 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Device Interaction Service\ANT_WrappedLib.dll
2015-05-07 14:58 - 2015-05-07 14:58 - 003258880 _____ (Garmin International) [File not signed] C:\Program Files (x86)\Garmin\Device Interaction Service\legacyio.dll
2015-05-07 14:58 - 2015-05-07 14:58 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Device Interaction Service\XMLdll.dll
2019-02-25 14:15 - 2019-02-25 14:15 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2019-03-18 10:16 - 2019-02-25 16:34 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll
2018-12-04 12:10 - 2018-12-04 12:10 - 000100864 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2015-05-07 14:58 - 2015-05-07 14:58 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Device Interaction Service\DSI_SiUSBXp_3_1.DLL
2019-06-25 20:37 - 2019-06-25 20:37 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBCURL.dll
2019-03-19 17:12 - 2014-04-16 07:35 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\RootsMagic 7\libeay32.dll
2019-03-19 17:12 - 2014-04-16 07:35 - 000336384 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\RootsMagic 7\ssleay32.dll
2019-06-25 20:37 - 2019-06-25 20:37 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\LIBEAY32.dll
2019-06-25 20:37 - 2019-06-25 20:37 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\ProgramData\Logishrd\LogiOptions\Software\Current\laclient\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 19:38 - 2018-04-11 19:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jhauk\Desktop\2019 May at South Haven Beach.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "DellMobileConnectWelcome"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\StartupApproved\Run: => "Zalo"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{482CD256-9F6B-400E-B563-E6821169580F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C2006FCD-AD51-45E0-B4A4-B874E7474F91}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{979A3321-62D5-4541-AC7E-D9DEB4C01C80}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{9C957B72-520A-4384-BB0E-2897820A7E85}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{F41D3CF7-8B60-4778-A299-FA0C9309D066}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{89D65443-584D-48DC-A38E-6BE9F80BDDA4}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_2.0.8168.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{3CCD0D2F-7B41-449B-8767-825E9AFF193B}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_2.0.8168.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{A3F24A6B-461A-4EAC-8867-92FD454D1FDA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7B8AACDC-29DB-443B-ABAB-62995E0F4977}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5CFA8C87-6918-475D-9E41-95647A28B7E8}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{1D63943E-EDFB-4ACF-BBB8-AEBFD0635202}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B118687B-34EE-4BCC-BCE5-9150D8631A67}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{571C2CEB-25F9-42C4-A6F0-4EFE94CFAD8B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{92066FAD-8CC9-441D-8C27-3181DD538E10}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{29F33122-D095-43EC-8188-84E788DC3BF8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C0DC438-0552-4063-B7E4-E06593660811}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{814FCDD4-8CE4-4722-9547-4BCBF65092ED}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2F817C7-1D48-454D-8E82-2F45E06AAF31}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

29-07-2019 08:17:48 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2019 10:33:13 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (07/30/2019 10:33:13 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (07/30/2019 10:33:12 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (07/30/2019 10:33:12 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (07/30/2019 10:33:11 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (07/30/2019 10:33:11 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (07/30/2019 10:33:10 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.

Error: (07/30/2019 10:33:10 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.


System errors:
=============
Error: (07/30/2019 10:33:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2019 10:33:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2019 10:30:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2019 10:30:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2019 10:30:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:03:42 AM on ‎7/‎30/‎2019 was unexpected.

Error: (07/30/2019 10:14:01 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-6JBP3L9)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-6JBP3L9\jhauk SID (S-1-5-21-1015540938-3996997567-1391499832-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2019 10:06:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2019 10:06:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2019-06-13 07:07:30.659
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\Installer\MSIAD2E.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. 2.13.0 05/29/2019
Motherboard: Dell Inc. 0H4VK7
Processor: Intel® Core™ i3-8100 CPU @ 3.60GHz
Percentage of memory in use: 77%
Total physical RAM: 8006.97 MB
Available physical RAM: 1823.11 MB
Total Virtual: 10054.97 MB
Available Virtual: 2973.27 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.05 GB) (Free:755.98 GB) NTFS
Drive g: (Google Drive File Stream) (Fixed) (Total:917.05 GB) (Free:718.18 GB) FAT32

\\?\Volume{ddeb6c84-810c-46a1-aec6-44f8c7ccad3a}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.55 GB) NTFS
\\?\Volume{df0a5467-a661-4a6f-af6f-55c9d5055271}\ (Image) (Fixed) (Total:11.66 GB) (Free:0.22 GB) NTFS
\\?\Volume{5da840b2-c364-4272-bd43-d66afc350687}\ (DELLSUPPORT) (Fixed) (Total:1.07 GB) (Free:0.48 GB) NTFS
\\?\Volume{7f86ac07-f133-4645-b879-12d32c99ea96}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.56 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 926B0D78)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 674 posts
Hi John Aukerman, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not run any fixes or tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 4 days, it will be closed.
    • If your topic is closed and you still need assistance, send me or any Moderator a Private Message with a link to your topic.
  • If you have questions at any time during the cleanup, feel free to ask.
---------------------------------------------------
I noticed you have disabled some startup items using msconfig. msconfig is designed to be used for temporary/troubleshooting issues, and is not recommended as a startup manager.

MSConfig - Normal Startup
  • Press the Windows key + R.
  • Type msconfig in the Run box and press Enter.
  • MSConfig will open. Select the Normal Startup radio button and click Apply > OK.
  • Restart your computer to apply the changes.
---------------------------------------------------
Uninstall a Chrome Extension
  • Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
  • Click the trash can icon next to the following extension(s):
    Search Encrypt
    MapsDrivingDirections
  • A confirmation dialog will appear. Click Remove.
---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\MountPoints2: {132fee6d-68d6-11e9-b9c1-283a4d347e22} - "E:\Setup.exe"
    GroupPolicy: Restriction ? <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001 -> DefaultScope {43B1B2E9-843B-4459-8E32-95BA5A2117FD} URL =
    FF Extension: (FunKrazyGames) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\{8d9fbceb-756f-417a-a691-de9a2c1c5648}.xpi [2019-07-22] [UpdateUrl:hxxps://browser-addon.s3.amazonaws.com/prod/funkrazygames/updates.json]
    FF Extension: (SearchOurGames ads) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\{d51b14e2-4c5f-4601-b2b6-af8b572171cc}.xpi [2019-07-25] [UpdateUrl:hxxps://browser-addon.s3.amazonaws.com/prod/searchourgames/updates.json]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
    CHR NewTab: Default ->  Not-active:"chrome-extension://bcedopgbjnjfngcejdmkppbcmcgndpkg/newtab/quicknewtabpage.html"
    CHR DefaultSearchURL: Default -> hxxps://www.searchencrypt.com/encsearch?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> se
    CHR DefaultSuggestURL: Default -> hxxps://www.searchencrypt.com/encsuggest?q={searchTerms}
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    CMD: Bitsadmin /Reset /Allusers
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
---------------------------------------------------

Please copy and paste any requested logs into your reply unless requested otherwise.

In your next reply, please include:
  • Fixlog.txt
  • AdwCleaner[S0*].txt
  • Let me know how the computer is doing.

  • 0

#3
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

I followed all instructions. FRST.exe Fix hung, but it did create a txt file. Here it is:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-07-2019 01
Ran by jhauk (30-07-2019 15:52:57) Run:1
Running from C:\Users\jhauk\Desktop
Loaded Profiles: jhauk (Available Profiles: jhauk)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\...\MountPoints2: {132fee6d-68d6-11e9-b9c1-283a4d347e22} - "E:\Setup.exe"
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1015540938-3996997567-1391499832-1001 -> DefaultScope {43B1B2E9-843B-4459-8E32-95BA5A2117FD} URL =
FF Extension: (FunKrazyGames) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\{8d9fbceb-756f-417a-a691-de9a2c1c5648}.xpi [2019-07-22] [UpdateUrl:hxxps://browser-addon.s3.amazonaws.com/prod/funkrazygames/updates.json]
FF Extension: (SearchOurGames ads) - C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\{d51b14e2-4c5f-4601-b2b6-af8b572171cc}.xpi [2019-07-25] [UpdateUrl:hxxps://browser-addon.s3.amazonaws.com/prod/searchourgames/updates.json]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
CHR NewTab: Default ->  Not-active:"chrome-extension://bcedopgbjnjfngcejdmkppbcmcgndpkg/newtab/quicknewtabpage.html"
CHR DefaultSearchURL: Default -> hxxps://www.searchencrypt.com/encsearch?q={searchTerms}
CHR DefaultSearchKeyword: Default -> se
CHR DefaultSuggestURL: Default -> hxxps://www.searchencrypt.com/encsuggest?q={searchTerms}
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
CMD: Bitsadmin /Reset /Allusers

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{132fee6d-68d6-11e9-b9c1-283a4d347e22} => removed successfully
HKLM\Software\Classes\CLSID\{132fee6d-68d6-11e9-b9c1-283a4d347e22} => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-1015540938-3996997567-1391499832-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\{8d9fbceb-756f-417a-a691-de9a2c1c5648}.xpi => moved successfully
C:\Users\jhauk\AppData\Roaming\Mozilla\Firefox\Profiles\ou4ydgfb.default-1553941110074\Extensions\{d51b14e2-4c5f-4601-b2b6-af8b572171cc}.xpi => moved successfully
"HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
"Chrome NewTab" => removed successfully
"Chrome DefaultSearchURL" => not found
"Chrome DefaultSearchKeyword" => not found
"Chrome DefaultSuggestURL" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found

========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.

Unable to cancel {2110191C-3094-4346-B737-9F3A3DEC2DD0}.
Unable to cancel {D5696F15-FD68-49A1-AAD7-24880E2CC53A}.
0 out of 2 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 63147217 B
Java, Flash, Steam htmlcache => 196 B
Windows/system/drivers => 3521091 B
Edge => 1818545 B
Chrome => 486222738 B
 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-07-22.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-30-2019
# Duration: 00:00:11
# OS:       Windows 10 Home
# Scanned:  35810
# Detected: 24


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.DellDigitalDelivery
Preinstalled.DellSupportAssistAgent
Preinstalled.DellUpdateforWindows10
Preinstalled.SmartByte          



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 Computer is still running slow. Has not opened any bogus windows in the couple of minutes since running these instructions.


  • 0

#4
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 674 posts
Hi John Aukerman,

Looks like the fix was stuck on emptying temporary files. Please do this...

---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    EmptyTemp:
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt

  • 0

#5
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

I did what you said. I highlighted the code and pressed Ctrl + C on my keyboard. This copied the code onto the clipboard. But you never told me to paste it anywhere........????

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by jhauk (31-07-2019 12:22:09) Run:2
Running from C:\Users\jhauk\Desktop
Loaded Profiles: jhauk (Available Profiles: jhauk)
Boot Mode: Normal
==============================================

fixlist content:
*****************
EmptyTemp:

*****************


=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21120074 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 151439 B
Edge => 0 B
Chrome => 305782232 B
Firefox => 877051697 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 13709460 B
systemprofile32 => 0 B
LocalService => 29900 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
jhauk => 361913939 B

RecycleBin => 14130526982 B
EmptyTemp: => 14.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:25:34 ====


  • 0

#6
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 674 posts
Hi John Aukerman,

Looks like the fix ran successfully this time.
How is the computer doing?
  • 0

#7
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

It's running faster. And it's not going to bogus websites when I click on trusted links anymore. It appears that we have corrected the problem. Thank you very much!


  • 0

#8
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 674 posts
Hi,

If all is well:

The following will remove the tools we used as well as reset system restore points:

---------------------------------------------------
KpRm

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
----------------------------------------------------
Some tips to keep your computer safe on the Internet

Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

How to create a strong password
----------------------------------------------------
Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
----------------------------------------------------
Here are some articles about how to keep your computer safe on the internet -

Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

Answers to common security questions - Best Practices - by quietman7

COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

PC Safety and Security - What Do I Need? - Tech Support Forum
----------------------------------------------------

Safe surfing :)
  • 0

#9
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

# Run at 8/2/2019 6:49:53 AM
# KpRm (Kernel-panik) version 1.7.3
# Website https://kernel-panik.me/tool/kprm/
# Run by jhauk from C:\Users\jhauk\Desktop
# Computer Name: DESKTOP-6JBP3L9
# OS: Windows 10 X64 (17763)

- Create Registry Backup -

  [OK] Registry Backup: C:\KPRM\backup\2019-08-02-06-49

- Search Tools -


  ## AdwCleaner
     [OK] C:\Users\jhauk\Desktop\AdwCleaner.exe deleted (1)
     [OK] C:\AdwCleaner deleted (1)

  ## FRST
     [OK] C:\Users\jhauk\Desktop\Addition.txt deleted (1)
     [OK] C:\Users\jhauk\Desktop\Fixlog.txt deleted (1)
     [OK] C:\Users\jhauk\Desktop\FRST-OlderVersion deleted (1)
     [OK] C:\Users\jhauk\Desktop\FRST.txt deleted (1)
     [OK] C:\Users\jhauk\Desktop\FRST64.exe deleted (1)
     [OK] C:\FRST deleted (1)

- Restore Default System Settings -

  [OK] Flush DNS
  [OK] Reset WinSock
  [OK] Hide Hidden file.
  [OK] Show Extensions for known file types
  [OK] Hide protected operating system files

- Restore UAC Default Value -

  [OK] Set ConsentPromptBehaviorAdmin with default (5) value
  [OK] Set ConsentPromptBehaviorUser with default (3) value
  [OK] Set EnableInstallerDetection with default (0) value
  [OK] Set EnableLUA with default (1) value
  [OK] Set EnableSecureUIAPaths with default (1) value
  [OK] Set EnableUIADesktopToggle with default (0) value
  [OK] Set EnableVirtualization with default (1) value
  [OK] Set FilterAdministratorToken with default (0) value
  [OK] Set PromptOnSecureDesktop with default (1) value
  [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear All System Restore Points -

    ~ [OK] RP named Scheduled Checkpoint created at 07/29/2019 12:17:48 deleted

  [OK] All system restore points have been successfully deleted

- Create New System Restore Point -

  [OK] Enable System Restore
  [OK] System Restore Point created

- Display All System Restore Point -

    ~ [I] RP named KpRm created at 08/02/2019 10:51:15 found
 


  • 0

#10
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

QUESTION: Would you recommend Windows 10 firewall or McAffee firewall?


  • 0

#11
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 674 posts
Hi John Aukerman,

The Windows 10 firewall is adequate protection for most home computers. More information can be found here:

https://www.howtogee...nd-when-you-do/
https://www.us-cert....s/tips/ST04-004
  • 0

#12
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

Thanks


  • 0

#13
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 674 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: slow, redirect

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP