Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How to Remove "Santivirus"?

Started by guyshahar , Mar 18 2020 07:52 AM

  • Please log in to reply

#16
RKinner
Posted 19 March 2020 - 04:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Didn't work.  We need to run it in Safe Mode.  Make sure you have a password assigned to your login.  I found out the hard way that safe mode does not allow PIN numbers to be used to login.

 

Then

Download the previous Fixlist again but don't run FRST yet.

 

search for:

 

msconfig

 

hit Enter

 

Under the Boot tab, check

Safe Mode

also check Network.  Then OK. 

 

Reboot and it should start up in Safe Mode

 

Now right click on FRST and Run As Admin and click Fix.

 

If it won't run then try MBAM (while still in Safe Mode):

https://www.malwarebytes.com/

click on Free Download and Save the file then Right click and Run As Admin.  Follow the instructions, decline any free trials.


  • 0

Advertisements

#17
guyshahar
Posted 21 March 2020 - 12:30 PM

guyshahar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Thanks.  Sorry for the delay, it took me a while to get this to work.  I've done it now and the fixlog is below.  Do I need to do a regular scan again?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-03-2020
Ran by Guy Shahar (21-03-2020 18:20:41) Run:3
Running from C:\Users\Guy Shahar\Desktop
Loaded Profiles: Guy Shahar (Available Profiles: Guy Shahar)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAntivirusSvc
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAntivirusIC
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SANTIVIRUSKD
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\SAntivirus
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Segurazo
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAntivirus
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Segurazo
Unlock: C:\Program Files (x86)\SAntivirus\SAntivirusKD.sys 
Unlock: C:\Program Files (x86)\SAntivirus\SAntivirusIC.exe
Unlock: C:\Program Files (x86)\SAntivirus\SAntivirusKD.sys
Unlock: C:\Program Files (x86)\SAntivirus
Unlock: C:\Program Files (x86)\Segurazo
Unlock: C:\ProgramData\Segurazo
Unlock: C:\Users\Guy Shahar\AppData\Roaming\segurazoclient
Unlock: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segurazo
Unlock: C:\ProgramData\SAntivirus
Unlock: C:\Users\Guy Shahar\AppData\Roaming\SAntivirusclient
Unlock: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
C:\Program Files (x86)\SAntivirus\SAntivirusKD.sys 
C:\Program Files (x86)\SAntivirus\SAntivirusIC.exe
C:\Program Files (x86)\SAntivirus\SAntivirusKD.sys
C:\Program Files (x86)\SAntivirus
C:\Program Files (x86)\Segurazo
C:\ProgramData\Segurazo
C:\Users\Guy Shahar\AppData\Roaming\segurazoclient
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segurazo
C:\ProgramData\SAntivirus
C:\Users\Guy Shahar\AppData\Roaming\SAntivirusclient
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
S2 SAntivirusSvc; C:\Program Files (x86)\SAntivirus\SAntivirusService.exe [154320 2020-01-22] (Digital Communications Inc -> Digital Com. Incorporated) <==== ATTENTION
S2 SAntivirusIC; C:\Program Files (x86)\SAntivirus\SAntivirusIC.exe -service [X] <==== ATTENTION
R1 SANTIVIRUSKD; C:\Program Files (x86)\SAntivirus\SAntivirusKD.sys [90096 2020-01-22] (Digital Communications Inc. -> Digital Comm. Inc) <==== ATTENTION
C:\Program Files (x86)\SAntivirus
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAntivirusSvc => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAntivirusIC => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SANTIVIRUSKD => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\SAntivirus => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Segurazo => not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAntivirus => not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Segurazo => not found
"C:\Program Files (x86)\SAntivirus\SAntivirusKD.sys" => was unlocked
"C:\Program Files (x86)\SAntivirus\SAntivirusIC.exe" => not found
"C:\Program Files (x86)\SAntivirus\SAntivirusKD.sys" => was unlocked
"C:\Program Files (x86)\SAntivirus" => was unlocked
"C:\Program Files (x86)\Segurazo" => not found
"C:\ProgramData\Segurazo" => not found
"C:\Users\Guy Shahar\AppData\Roaming\segurazoclient" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segurazo" => not found
"C:\ProgramData\SAntivirus" => was unlocked
"C:\Users\Guy Shahar\AppData\Roaming\SAntivirusclient" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus" => was unlocked
C:\Program Files (x86)\SAntivirus\SAntivirusKD.sys => moved successfully
"C:\Program Files (x86)\SAntivirus\SAntivirusIC.exe" => not found
"C:\Program Files (x86)\SAntivirus\SAntivirusKD.sys" => not found
C:\Program Files (x86)\SAntivirus => moved successfully
"C:\Program Files (x86)\Segurazo" => not found
"C:\ProgramData\Segurazo" => not found
"C:\Users\Guy Shahar\AppData\Roaming\segurazoclient" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segurazo" => not found
C:\ProgramData\SAntivirus => moved successfully
"C:\Users\Guy Shahar\AppData\Roaming\SAntivirusclient" => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus => moved successfully
SAntivirusSvc => service not found.
SAntivirusIC => service not found.
SANTIVIRUSKD => service not found.
"C:\Program Files (x86)\SAntivirus" => not found
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic.
The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 18:21:02 ====

  • 0

#18
RKinner
Posted 21 March 2020 - 12:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

This one looked like it worked so please do FRST scan in regular mode.  (You may have to go into msconfig and uncheck the Safe Boot option.)


  • 0

#19
guyshahar
Posted 21 March 2020 - 02:36 PM

guyshahar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Here's the first log - 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-03-2020
Ran by Guy Shahar (administrator) on MAINPC (ASUS All Series) (21-03-2020 20:32:20)
Running from C:\Users\Guy Shahar\Desktop
Loaded Profiles: Guy Shahar (Available Profiles: Guy Shahar)
Platform: Windows 10 Home Version 1909 18363.720 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\93.4.273\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\93.4.273\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\93.4.273\QtWebEngineProcess.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Guy Shahar\AppData\Local\FluxSoftware\Flux\flux.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Guy Shahar\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Guy Shahar\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12003.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20022.11011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1571696 2015-06-03] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3951968 2019-07-09] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-10-12] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [Creative SB Monitoring Utility] => C:\WINDOWS\system32\sbavmon.dll [109056 2009-12-16] (Creative Technology Ltd -> Creative Technology Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261248 2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Guy Shahar\AppData\Local\Microsoft\Teams\Update.exe [1790064 2019-10-08] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\Run: [f.lux] => C:\Users\Guy Shahar\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\Run: [Chromium] => "c:\users\guy shahar\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\Run: [GoToMeeting] => C:\Users\Guy Shahar\AppData\Local\GoToMeeting\16786\g2mstart.exe [32256 2020-02-07] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [807936 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-19] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-06-04]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2020-01-09]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
Startup: C:\Users\Guy Shahar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-03-31]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Guy Shahar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-10-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03DA5649-C92E-4D04-9D42-044991797C93} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [1920976 2019-10-04] (NVIDIA Corporation -> )
Task: {128A3FDB-16FD-4DF0-BAF9-AC49247075E6} - System32\Tasks\G2MUpdateTask-S-1-5-21-1258771959-4100150369-3783693462-1001 => C:\Users\Guy Shahar\AppData\Local\GoToMeeting\17052\g2mupdate.exe [32256 2020-03-05] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {1E7EE413-D317-42A0-994C-F4725643EA77} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {25B03FDB-AA23-4ECA-B1ED-BEE27CFB93D5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {283736A9-3BCB-492F-AD75-9870D4EBFBE8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [1456128 2018-12-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {29B033F4-211A-43A6-98C5-B9BA28DBE160} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {2C9FFEA6-AEB6-4864-AC26-B5CEDED32519} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18233016 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36DA2903-698B-4815-99D8-EB49E25A9B5A} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-10-12] (Corel Corporation -> Corel Corporation)
Task: {3B688D7B-5E42-49B0-9E23-2EBA8B1B7B46} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {46991CAF-B059-419B-86B1-275EA0321C41} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {5246579F-BEC0-4A2C-B4F4-64E8DD73BD4C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
Task: {5D48299D-94F8-4C13-AF53-3BB37695DBEC} - System32\Tasks\eM Client Database Backup => C:\Program Files (x86)\eM Client\DbBackup.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {71382832-9293-4263-B6D4-BE5A348DF3BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7B4C381B-8904-4023-8E63-9D720FA62A60} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1443424 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {9C5EF71C-4A3A-4342-8997-F93CDA8A6E76} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-10-12] (Corel Corporation -> Corel Corporation)
Task: {BABCF63C-F585-4290-9C21-AFA3C5D496BE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF97B741-6942-44A2-A14C-17ADB419781D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-12-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {C52EE8F2-B48A-40FF-8867-F882931F9321} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C83AE583-E12D-49C1-A8A8-50497C4171A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D258265A-6451-4462-A352-749AE3B03BDB} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {E104C8BB-7EFC-403D-B922-B22C944E9F78} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {E4F86168-018A-4541-A869-44BA2F825E23} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {E9F6AAFF-163C-483F-A478-47CE0BB45FCF} - System32\Tasks\G2MUploadTask-S-1-5-21-1258771959-4100150369-3783693462-1001 => C:\Users\Guy Shahar\AppData\Local\GoToMeeting\17052\g2mupload.exe [32256 2020-03-05] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {EA8E2CAB-D30B-43B4-B7A1-9DE0518F8CA3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F00C11E7-14B9-406F-B887-5F0D638C017A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3894664 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
Task: {FDB22A56-FE0D-4AAA-BD63-CC2A1C53296D} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-10-12] (Corel Corporation -> Corel Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5b3211df-d9d5-4c53-b946-55ad196be21d}: [NameServer] 208.67.220.220,4.2.2.1
Tcpip\..\Interfaces\{5b3211df-d9d5-4c53-b946-55ad196be21d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{65a23976-c53c-40d3-b0fb-67c8da4e75f0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{a24f859e-6faa-4bcb-91d5-aff0e4575706}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{b708b654-cb8a-4501-a2ba-115805f23884}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001 -> {17F48CE4-C0AE-4D79-8AEE-E4393EA3C31B} URL = hxxp://www.goal-nav.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2020-02-04] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-07] (Microsoft Corporation -> Microsoft Corporation)
 
Edge: 
======
DownloadDir: C:\Users\Guy Shahar\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001 -> file:///C:/Users/Guy%20Shahar/Dropbox/Homepage/homepage.html#
Edge Session Restore: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001 -> is enabled.
 
FireFox:
========
FF DefaultProfile: tyjyvun0.default
FF ProfilePath: C:\Users\Guy Shahar\AppData\Roaming\Mozilla\Firefox\Profiles\tyjyvun0.default [2020-03-21]
FF NewTab: Mozilla\Firefox\Profiles\tyjyvun0.default -> about:newtab
FF Session Restore: Mozilla\Firefox\Profiles\tyjyvun0.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\tyjyvun0.default -> hxxps://wellnessmama.com
FF Extension: (Grammarly for Firefox) - C:\Users\Guy Shahar\AppData\Roaming\Mozilla\Firefox\Profiles\tyjyvun0.default\Extensions\[email protected] [2019-12-22]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Guy Shahar\AppData\Roaming\Mozilla\Firefox\Profiles\tyjyvun0.default\Extensions\[email protected] [2020-02-27]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Guy Shahar\AppData\Roaming\Mozilla\Firefox\Profiles\tyjyvun0.default\Extensions\[email protected] [2020-03-10]
FF Extension: (Avast Online Security) - C:\Users\Guy Shahar\AppData\Roaming\Mozilla\Firefox\Profiles\tyjyvun0.default\Extensions\[email protected] [2020-03-06]
FF Extension: (YouTube High Definition) - C:\Users\Guy Shahar\AppData\Roaming\Mozilla\Firefox\Profiles\tyjyvun0.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2019-07-10]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2020-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] (Adobe Systems Incorporated -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1258771959-4100150369-3783693462-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Guy Shahar\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-10-16] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-1258771959-4100150369-3783693462-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\Guy Shahar\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1258771959-4100150369-3783693462-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\Guy Shahar\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default [2020-03-21]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://twitter.com; hxxps://web.skype.com; hxxps://www.facebook.com
CHR HomePage: Default -> file:///E:/Dropbox/Homepage/homepage.html
CHR StartupUrls: Default -> "file:///C:/Documents%20and%20Settings/Administrator/My%20Documents/Guy%20Documents/IT/Homepage/homepage.html","hxxps://global.americanexpress.com/myca/intl/acctsumm/emea/accountSummary.do?request_type=&Face=en_GB","hxxp://www.bbc.co.uk/news/10318089","hxxp://www.bbc.co.uk/programmes/b012rb06#segments","hxxp://www.youtube.com/watch?v=8N_tupPBtWQ&feature=related","hxxps://mail.google.com/mail/#inbox","hxxps://spreadsheets.google.com/spreadsheet/ccc?hl=en_GB&key=pR38LoMRhvCzIbS5mN_bqXw&hl=en_GB#gid=0","hxxp://www.pampers.co.uk/en_GB/born-to-play","hxxp://www.linkedin.com/profile/view?id=129473322&goback=%2Epiv_I2964967556*42_129473322_kzHF_*1","hxxp://www.bounty.com/understanding-tantrums","hxxp://www.psychologytoday.com/topics/autism","hxxp://www.ronienten.com/autistic-spectrum-disorders/","hxxp://www.annakennedyonline.com/anna_kennedy.aspx","hxxp://www.alertprogram.com/quotes.php","hxxp://www.google.co.uk/search?rlz=1C1ASUT_enGB399GB399&sourceid=chrome&ie=UTF-8&q=defeat+autism+now","hxxp://www.noamalgam.com/nourishinghope.html","hxxp://www.autism.com/pro_seminars.asp","chrome-extension://jlhhfpkknmekjlfgcnagjkehkfcclabf/bbc_one.html","hxxp://www.msn.com/?pc=AV01","file:///C:/Users/guy50/Dropbox/Public/Homepage/homepage.html","file:///C:/Users/guy50/Dropbox/Public/Homepage/homepage.html","hxxp:www.fidonav.com","hxxp://www.goal-nav.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Translate) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-18]
CHR Extension: (uBlock - #1 Adblock Tool for Chrome) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\adkfgdipgpojicddmeecncgapbomhjjl [2019-09-01]
CHR Extension: (Adblocker for Chrome - NoAds) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\alplpnakfeabeiebipdmaenpmbgknjce [2020-03-13]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2020-01-05]
CHR Extension: (YouTube) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-08]
CHR Extension: (Flash Player) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmimdmkleccdoghpgdhaahkelfhjfhgm [2020-03-17]
CHR Extension: (Pushbullet) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2020-01-24]
CHR Extension: (FB Video Downloader - Save Facebook Video) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckejccmofmjkdecnfdahjkjlimflokok [2017-11-26]
CHR Extension: (High Contrast) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-11-09]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2019-10-30]
CHR Extension: (Google Calendar) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-08-16]
CHR Extension: (SearchPreview) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2020-03-13]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-03-13]
CHR Extension: (IE Tab) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2020-01-17]
CHR Extension: (Video Adblocker for Youtube™ Extension) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2019-04-28]
CHR Extension: (My IP Address) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpiocdfbmaildaffkjkhpmibnpmbkek [2015-11-02]
CHR Extension: (CloudConvert) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2016-12-04]
CHR Extension: (Bitly | Unleash the power of the link) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2019-11-27]
CHR Extension: (Extensity) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmflmamggggndanpgfnpelongoepncg [2019-05-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-03-21]
CHR Extension: (Black carbon + silver metal) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2015-07-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Ads Killer Adblocker Plus) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbllmbdjgcalkoimdfcpknbjgnhjclg [2019-04-28]
CHR Extension: (Gmail) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-08]
CHR Extension: (Chrome Media Router) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-20]
CHR Extension: (easyfundraising Donation Reminder) - C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfknkdmhngcjepkalkhgpmhpolandfp [2020-02-20]
CHR Profile: C:\Users\Guy Shahar\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2015-12-12] (ASUSTeK Computer Inc. -> )
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57536 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11091224 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-04-05] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-23] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-14] (Malwarebytes Inc -> Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation -> NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\NisSrv.exe [3630832 2019-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\MsMpEng.exe [103168 2019-09-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-12-12] (ASUSTeK Computer Inc. -> )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37864 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205576 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [271120 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206608 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [64272 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279360 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42976 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175400 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110560 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84056 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848672 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [458584 2020-03-12] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235184 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316256 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-07-08] (Emsisoft Ltd -> Emsisoft GmbH)
R3 ksaud; C:\WINDOWS\system32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd -> Creative Technology Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-06] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-03-21] (Malwarebytes Inc -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_db678424d2641c3d\nvlddmkm.sys [22094728 2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 rt2870; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2095816 2013-07-01] (Mediatek Inc. -> Ralink Technology, Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2019-09-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-09-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [346336 2019-09-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-09-16] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-03-21 20:32 - 2020-03-21 20:33 - 000045307 _____ C:\Users\Guy Shahar\Desktop\FRST.txt
2020-03-21 18:33 - 2020-03-21 10:55 - 152061594 _____ C:\Users\Guy Shahar\Desktop\2008-10-12 - Not Even A Drop In The Ocean (27 mins) - Copy.m4v
2020-03-21 18:26 - 2020-03-21 18:26 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-03-21 18:20 - 2020-03-21 18:21 - 000005160 _____ C:\Users\Guy Shahar\Desktop\Fixlog.txt
2020-03-21 18:20 - 2020-03-21 18:20 - 000000000 ____D C:\Users\Guy Shahar\Desktop\FRST-OlderVersion
2020-03-21 18:17 - 2020-03-21 18:17 - 000000000 ____D C:\WINDOWS\pss
2020-03-21 18:15 - 2020-03-21 18:23 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-03-21 18:06 - 2020-03-21 18:18 - 000405678 _____ C:\WINDOWS\ntbtlog.txt
2020-03-21 16:18 - 2020-03-21 16:18 - 005505660 _____ C:\Users\Guy Shahar\Desktop\VIRUS-PROTECTION.pdf
2020-03-20 22:28 - 2020-03-20 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-03-20 19:10 - 2020-03-20 19:10 - 000000539 _____ C:\Users\Guy Shahar\Desktop\Instructions.txt
2020-03-20 19:04 - 2020-03-20 19:05 - 014422190 _____ C:\Users\Guy Shahar\Desktop\Scarlatti Sonata in F minor   Yevgeny Sudbin  piano.mp4
2020-03-20 18:55 - 2020-03-20 18:55 - 012850562 _____ C:\Users\Guy Shahar\Desktop\Domenico Scarlatti Sonata F Minor K 466.mp4
2020-03-20 18:09 - 2020-03-20 18:09 - 008190529 _____ C:\Users\Guy Shahar\Desktop\Vladimir Horowitz plays Scarlatti K 466.mp4
2020-03-19 18:19 - 2020-03-19 18:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-03-19 18:19 - 2020-03-19 18:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-03-19 18:19 - 2020-03-19 18:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-03-19 18:19 - 2020-03-19 18:19 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-03-19 17:53 - 2020-03-19 17:53 - 003693162 _____ C:\Users\Guy Shahar\Desktop\TEMPLATE - Powerpoint.pptx
2020-03-19 15:42 - 2020-03-11 00:06 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2dp.sys
2020-03-19 12:52 - 2020-03-21 18:20 - 002279936 _____ (Farbar) C:\Users\Guy Shahar\Desktop\FRST64 (2).exe
2020-03-19 12:36 - 2020-03-19 12:36 - 002279936 _____ (Farbar) C:\Users\Guy Shahar\Downloads\FRST64 (1).exe
2020-03-19 10:01 - 2020-03-19 10:02 - 003255040 _____ (Fast Stub ) C:\Users\Guy Shahar\Downloads\aTube_Catcher_1980083886.exe
2020-03-19 10:00 - 2020-03-19 10:00 - 012455413 _____ C:\Users\Guy Shahar\Desktop\Dmitry Shishkin – D Scarlatti 'Sonata in F minor' K 466 (Chopin and his Europe).mp4
2020-03-18 13:45 - 2020-03-21 20:33 - 000000000 ____D C:\FRST
2020-03-18 13:44 - 2020-03-18 13:44 - 002279936 _____ (Farbar) C:\Users\Guy Shahar\Downloads\FRST64.exe
2020-03-17 22:58 - 2020-03-17 22:58 - 000000000 ____D C:\WINDOWS\Panther
2020-03-17 09:34 - 2020-03-17 09:34 - 000001318 _____ C:\Users\Guy Shahar\Desktop\200402 - Autistic Burnout.docx - Shortcut.lnk
2020-03-16 14:14 - 2020-03-16 14:14 - 000001037 _____ C:\Users\Guy Shahar\Downloads\DonationReport_3WCGD55SE7_20200316.csv
2020-03-15 20:16 - 2020-03-16 14:33 - 000000159 ___RH C:\WINDOWS\ctfile.rfc
2020-03-15 20:16 - 2009-12-08 15:52 - 000230912 _____ C:\WINDOWS\system32\APOMgr64.DLL
2020-03-15 20:16 - 2009-12-08 15:50 - 000177664 _____ C:\WINDOWS\SysWOW64\APOMngr.DLL
2020-03-15 20:16 - 2009-11-30 18:54 - 000089088 _____ C:\WINDOWS\system32\CmdRtr64.DLL
2020-03-15 20:16 - 2009-11-30 18:53 - 000073728 _____ C:\WINDOWS\SysWOW64\CmdRtr.DLL
2020-03-15 19:02 - 2020-03-15 19:02 - 000000000 ____D C:\Users\Guy Shahar\AppData\Local\eLicenser
2020-03-15 13:37 - 2020-03-21 19:00 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-03-15 13:37 - 2020-03-21 19:00 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-03-15 13:37 - 2020-03-15 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-03-15 13:37 - 2020-03-15 13:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-03-15 13:37 - 2020-03-15 13:37 - 000000000 ____D C:\Program Files\Speccy
2020-03-15 13:37 - 2020-03-15 13:37 - 000000000 ____D C:\Program Files\CCleaner
2020-03-13 22:01 - 2020-03-15 20:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-03-13 20:05 - 2020-03-13 20:05 - 000000000 ____D C:\Users\Guy Shahar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2020-03-13 20:05 - 2020-03-13 20:05 - 000000000 ____D C:\Program Files\HandBrake
2020-03-13 16:49 - 2020-03-13 16:49 - 000002052 _____ C:\Users\Guy Shahar\Desktop\200311 - Without Guy.mp4 - Shortcut.lnk
2020-03-13 10:21 - 2020-03-13 10:21 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-03-13 10:21 - 2020-03-13 10:21 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-03-13 10:21 - 2020-03-13 10:21 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-03-13 10:21 - 2020-03-13 10:21 - 006520776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-03-13 10:21 - 2020-03-13 10:21 - 004563416 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-03-13 10:21 - 2020-03-13 10:21 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-03-13 10:21 - 2020-03-13 10:21 - 001398584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-03-13 10:21 - 2020-03-13 10:21 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-03-13 10:21 - 2020-03-13 10:21 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-03-13 10:21 - 2020-03-13 10:21 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-03-13 10:21 - 2020-03-13 10:21 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 025900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 022635008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 018027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 011607552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 009711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 007755776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 007259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 006436352 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 006084344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 005911040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 005112832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 004855808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 004580352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 004348408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 004129648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 003971808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 003819520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 003799552 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 003488768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 003371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 003243296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 002956688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002875904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 002773568 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002768440 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-03-11 00:07 - 2020-03-11 00:07 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-03-11 00:07 - 2020-03-11 00:07 - 002740736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directml.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002698040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002315680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002259872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002224952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002087376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002072664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 002021888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001999952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001985104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001867816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001835128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001770552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001665416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001555904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001490640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001484600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001482040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001283600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-03-11 00:07 - 2020-03-11 00:07 - 001282944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001273856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001264128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001260480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001218632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001190912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001108040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001088000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001054376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001031680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001007672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000983896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000935040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000929144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000877232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000796904 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000776488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000769552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000757632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000741392 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000734720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetup.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbc32.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000669496 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000668296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000661816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000636848 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxs.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000627216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000605896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbc32.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000551824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxs.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000510768 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000478792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-03-11 00:07 - 2020-03-11 00:07 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000457016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2020-03-11 00:07 - 2020-03-11 00:07 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000320312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacEncoder.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcomapi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000260920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000248064 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacEncoder.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000234984 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000221200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000213984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000165504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000164776 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000136328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000133944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\profapi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000130112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000120560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GraphicsCapture.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000102760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profapi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000098104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000089616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000089568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000068408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceReactivation.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000063288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmRes.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000042336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000042296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afunix.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmprovhost.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxstrace.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxstrace.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Drivers\afunix.sys
2020-03-11 00:07 - 2020-03-11 00:07 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msauserext.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000019768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msauserext.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MUILanguageCleanup.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LangCleanupSysprepAction.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmplpxy.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchTM.exe
2020-03-11 00:07 - 2020-03-11 00:07 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCertResources.dll
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-03-11 00:07 - 2020-03-11 00:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-03-11 00:06 - 2020-03-11 00:07 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 007905784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 004622280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 004471296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 004140544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 004048896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 003728896 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 003587896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 003552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 003260928 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 003143168 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 002870272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 002808832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 002715648 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 002522112 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 002474496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 002289152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 002157056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001972536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 001885184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001823232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-03-11 00:06 - 2020-03-11 00:06 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001657120 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001581056 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001513040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 001481216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 001396152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-03-11 00:06 - 2020-03-11 00:06 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 001092096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001071184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000945384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000908504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000833616 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000802304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000642216 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2020-03-11 00:06 - 2020-03-11 00:06 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000531768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-03-11 00:06 - 2020-03-11 00:06 - 000522384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000429880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000355000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Acx01000.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000306696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountCloudAP.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000250896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000224056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000222520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000208696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000201744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000199992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000183608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000180232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000174392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000151568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000141840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000131896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000128312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000120048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2020-03-11 00:06 - 2020-03-11 00:06 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000066336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlrmdr.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000056632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAProfileNotificationHandler.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000048256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2020-03-11 00:06 - 2020-03-11 00:06 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000030008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000029712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tbs.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000028936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000019984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelide.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpnotify.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000016912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys
2020-03-11 00:06 - 2020-03-11 00:06 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchTM.exe
2020-03-11 00:06 - 2020-03-11 00:06 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2020-03-11 00:06 - 2020-03-11 00:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUserRes.dll
2020-03-10 23:59 - 2020-03-10 23:59 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-03-10 23:59 - 2020-03-10 23:59 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-02-27 00:22 - 2020-02-25 10:46 - 000368056 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-02-25 10:46 - 2020-02-25 10:46 - 000235184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-02-25 10:46 - 2020-02-25 10:46 - 000175400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-02-23 18:25 - 2020-03-16 23:45 - 000005119 _____ C:\Users\Guy Shahar\Desktop\PREFECTS - Website  Core Training - Shortcut.lnk
2020-02-23 12:37 - 2020-02-23 12:37 - 050135902 _____ C:\Users\Guy Shahar\Desktop\Hildur Guonadottir - Leyfou Ljosinu.mp4
2020-02-21 18:39 - 2020-02-21 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2020-02-21 17:44 - 2020-02-21 17:44 - 047685043 _____ C:\Users\Guy Shahar\Desktop\right-from-the-start-toolkit (Guide from ambitious-about-autism).pdf
2020-02-21 14:05 - 2020-03-15 20:16 - 000465880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-03-21 20:33 - 2014-03-31 17:43 - 000000000 ____D C:\Users\Guy Shahar\AppData\Roaming\vlc
2020-03-21 20:28 - 2019-09-16 17:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-03-21 20:28 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-03-21 19:00 - 2020-01-20 19:13 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-03-21 19:00 - 2020-01-09 12:18 - 000002690 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2020-03-21 19:00 - 2020-01-09 12:18 - 000002688 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2020-03-21 19:00 - 2020-01-09 12:18 - 000002688 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2020-03-21 19:00 - 2019-12-07 11:06 - 000002798 _____ C:\WINDOWS\system32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-21 19:00 - 2019-09-16 18:03 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-21 19:00 - 2019-09-16 18:03 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-21 19:00 - 2019-09-16 18:03 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1258771959-4100150369-3783693462-1001
2020-03-21 19:00 - 2019-09-16 18:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-03-21 18:55 - 2019-09-16 18:03 - 000003276 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-1258771959-4100150369-3783693462-1001
2020-03-21 18:55 - 2019-09-16 18:03 - 000003180 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-1258771959-4100150369-3783693462-1001
2020-03-21 18:31 - 2019-09-16 17:59 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-03-21 18:31 - 2019-03-19 04:50 - 000000000 ____D C:\WINDOWS\INF
2020-03-21 18:27 - 2018-05-15 21:23 - 000000000 ____D C:\Users\Guy Shahar\AppData\Local\AVAST Software
2020-03-21 18:25 - 2019-09-16 18:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-03-21 18:25 - 2017-07-08 07:20 - 000000000 ____D C:\ProgramData\NVIDIA
2020-03-21 18:24 - 2019-03-19 04:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-03-21 18:08 - 2018-06-04 07:31 - 000000000 ____D C:\Users\Guy Shahar\AppData\Local\D3DSCache
2020-03-21 17:46 - 2017-02-08 10:21 - 000000000 ____D C:\Users\Guy Shahar\AppData\Local\CrashDumps
2020-03-21 17:15 - 2014-12-03 18:06 - 000000000 ____D C:\Users\Guy Shahar\AppData\Roaming\HandBrake
2020-03-21 16:35 - 2015-07-13 12:25 - 000000000 ____D C:\Users\Guy Shahar\AppData\Roaming\dvdcss
2020-03-21 15:22 - 2019-09-16 18:03 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-03-21 00:12 - 2019-09-16 17:51 - 000000000 ____D C:\Users\Guy Shahar
2020-03-21 00:12 - 2016-11-18 01:18 - 000000000 ____D C:\Users\Guy Shahar\AppData\LocalLow\Mozilla
2020-03-20 23:58 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-20 23:58 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-03-20 22:28 - 2017-08-23 20:53 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-03-20 18:09 - 2014-04-01 08:53 - 000000000 ____D C:\Users\Guy Shahar\AppData\Roaming\AIMP3
2020-03-19 20:16 - 2016-07-21 15:17 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-03-19 15:38 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-03-18 12:28 - 2018-09-20 16:16 - 000000000 ____D C:\Users\Guy Shahar\AppData\Roaming\MightyText
2020-03-17 23:07 - 2020-01-20 19:13 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-03-17 22:59 - 2016-07-21 15:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-03-17 21:03 - 2019-09-16 17:51 - 000002418 _____ C:\Users\Guy Shahar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-15 20:18 - 2014-03-31 17:58 - 000000000 ____D C:\Program Files (x86)\NCH Software
2020-03-15 20:16 - 2015-02-26 21:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-03-15 19:26 - 2017-08-23 20:53 - 000000000 ____D C:\Users\Guy Shahar\AppData\Local\Dropbox
2020-03-15 19:02 - 2014-03-31 17:58 - 000000000 ____D C:\ProgramData\NCH Software
2020-03-15 19:01 - 2014-03-31 18:57 - 000000000 ____D C:\ProgramData\AVAST Software
2020-03-15 19:00 - 2015-07-02 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2020-03-15 19:00 - 2014-03-31 16:33 - 000000000 ____D C:\Users\Guy Shahar\AppData\Roaming\Adobe
2020-03-15 18:59 - 2017-10-18 14:19 - 000000000 ____D C:\Program Files (x86)\Anvsoft
2020-03-15 18:59 - 2017-08-04 14:04 - 000000000 ____D C:\ProgramData\Apple
2020-03-15 18:56 - 2014-03-31 17:58 - 000000000 ____D C:\Users\Guy Shahar\AppData\Roaming\NCH Software
2020-03-15 18:46 - 2018-07-28 12:28 - 000000000 ____D C:\Users\Guy Shahar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2020-03-15 14:26 - 2015-02-26 21:50 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-03-14 16:51 - 2020-01-23 08:48 - 000000000 ____D C:\Users\Guy Shahar\AppData\LocalLow\IGDump
2020-03-14 16:15 - 2019-07-06 09:18 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-03-14 16:15 - 2019-07-06 09:18 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-03-13 12:28 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-03-13 12:28 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-03-13 10:23 - 2017-12-10 21:12 - 000000000 ____D C:\Users\Guy Shahar\AppData\Local\Packages
2020-03-12 17:44 - 2014-03-31 18:57 - 000458584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-03-11 00:39 - 2015-09-16 18:51 - 000000000 ___RD C:\Users\Guy Shahar\3D Objects
2020-03-11 00:39 - 2014-03-31 17:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-03-11 00:37 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-03-11 00:37 - 2019-03-19 04:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-03-11 00:37 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-03-11 00:37 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-03-11 00:37 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-03-11 00:37 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-03-11 00:37 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-03-11 00:37 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-03-11 00:37 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-03-11 00:37 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-03-11 00:37 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\servicing
2020-03-11 00:13 - 2014-01-23 16:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-03-11 00:11 - 2014-01-23 16:24 - 121542864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-03-08 00:20 - 2018-11-23 10:30 - 000000000 ____D C:\Users\Guy Shahar\AppData\Local\GoToMeeting
2020-03-07 12:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-03-01 15:43 - 2018-05-14 14:36 - 000000000 ____D C:\Users\Guy Shahar\AppData\Local\PlaceholderTileLogoFolder
2020-02-28 19:10 - 2016-05-25 05:09 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-02-27 00:22 - 2019-03-19 04:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-02-25 10:46 - 2019-02-19 20:22 - 000279360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2020-02-25 10:46 - 2019-01-18 10:29 - 000271120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-02-25 10:46 - 2019-01-17 22:17 - 000206608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-02-25 10:46 - 2019-01-17 22:17 - 000064272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-02-25 10:46 - 2019-01-17 22:17 - 000037864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-02-25 10:46 - 2018-10-23 06:27 - 000042976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-02-25 10:46 - 2018-07-17 19:57 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-02-25 10:46 - 2017-11-21 20:41 - 000205576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-02-25 10:46 - 2014-03-31 18:57 - 000848672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-02-25 10:46 - 2014-03-31 18:57 - 000316256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-02-25 10:46 - 2014-03-31 18:57 - 000110560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-02-25 10:46 - 2014-03-31 18:57 - 000084056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-02-24 23:10 - 2019-02-14 14:31 - 000002289 _____ C:\Users\Guy Shahar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoToWebinar.lnk
2020-02-24 23:10 - 2018-12-06 18:40 - 000001439 _____ C:\Users\Guy Shahar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoToMeeting.lnk
2020-02-22 19:01 - 2014-03-31 19:08 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2020-02-22 19:01 - 2014-03-31 19:07 - 000000000 ____D C:\Program Files\Paint.NET
2020-02-20 17:03 - 2019-11-06 13:18 - 000000000 ____D C:\WINDOWS\Minidump
 
==================== Files in the root of some directories ========
 
2015-08-28 21:09 - 2015-08-28 21:09 - 000000000 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-08-31 14:34 - 2018-08-31 14:34 - 000083414 _____ () C:\Users\Guy Shahar\AppData\Roaming\ExpressZip.dmp
2014-04-06 17:13 - 2014-04-06 17:13 - 000001167 _____ () C:\Users\Guy Shahar\AppData\Roaming\trace_FilterInstaller.1.txt
2014-04-06 17:13 - 2015-03-23 13:00 - 000000905 _____ () C:\Users\Guy Shahar\AppData\Roaming\trace_FilterInstaller.txt
2014-04-06 17:13 - 2015-03-23 13:00 - 000000000 _____ () C:\Users\Guy Shahar\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2018-08-26 15:26 - 2018-08-26 15:26 - 000000000 ____H () C:\Users\Guy Shahar\AppData\Local\BITA17A.tmp
2020-01-23 08:32 - 2020-01-23 08:32 - 000000000 _____ () C:\Users\Guy Shahar\AppData\Local\BITA995.tmp
2014-04-06 15:54 - 2014-04-06 15:54 - 000000058 _____ () C:\Users\Guy Shahar\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2019-10-08 09:15 - 2019-10-08 09:15 - 000000759 _____ () C:\Users\Guy Shahar\AppData\Local\recently-used.xbel
2019-01-31 12:14 - 2019-01-31 12:14 - 000000000 _____ () C:\Users\Guy Shahar\AppData\Local\{1610C08C-1D7B-4D23-821F-1FB0186364A2}
2018-08-26 15:24 - 2018-08-26 15:25 - 000000000 _____ () C:\Users\Guy Shahar\AppData\Local\{BE049EE1-465D-4DB6-AC53-228222B119BE}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

#20
guyshahar
Posted 21 March 2020 - 02:37 PM

guyshahar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Here's the second log - 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-03-2020
Ran by Guy Shahar (21-03-2020 20:34:05)
Running from C:\Users\Guy Shahar\Desktop
Windows 10 Home Version 1909 18363.720 (X64) (2019-09-16 18:04:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1258771959-4100150369-3783693462-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1258771959-4100150369-3783693462-503 - Limited - Disabled)
Guest (S-1-5-21-1258771959-4100150369-3783693462-501 - Limited - Disabled)
Guy Shahar (S-1-5-21-1258771959-4100150369-3783693462-1001 - Administrator - Enabled) => C:\Users\Guy Shahar
HomeGroupUser$ (S-1-5-21-1258771959-4100150369-3783693462-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1258771959-4100150369-3783693462-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 30.0.0.107 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1324, 15.11.2013 - AIMP DevTeam)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.4.0000 - Asmedia Technology)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.1.2397 - AVAST Software)
BBCiPlayerDownloads (HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\bbciplayerdownloads) (Version: 2.11.2 - British Broadcasting Corporation)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.3.0.14 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.1.0.27 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.64 - Piriform)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 93.4.273 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2133 - Steinberg Media Technologies GmbH)
Evernote v. 6.23.2 (HKLM-x32\...\{31AEDDE0-47C9-11EA-AE6E-005056951CAD}) (Version: 6.23.2.8859 - Evernote Corp.)
f.lux (HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\Flux) (Version:  - f.lux Software LLC)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.7.0.29455 - Foxit Software Inc.)
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.19.0.107 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.149 - Google LLC)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.9.0.17052 (HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\GoToMeeting) (Version: 10.9.0.17052 - LogMeIn, Inc.)
Grammarly (HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\GrammarlyForWindows) (Version: 1.4.23 - Grammarly)
HandBrake 1.3.1 (HKLM-x32\...\HandBrake) (Version: 1.3.1 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Metatron Technology Product Manager (HKLM-x32\...\{55406FAA-B26A-9405-628D-E22CE086A46D}) (Version: 255.08.05 - Global Coherence Technologies, LLC) Hidden
Metatron Technology Product Manager (HKLM-x32\...\MetatronTechnologyProductManager.317ED9C8436CBF519F687E899338C0D9D0D34851.1) (Version: 2010.08.05 - Global Coherence Technologies, LLC)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12527.20278 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.12527.20278 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Support and Recovery Assistant for Office 365 (HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\dacae1bed46e81d5) (Version: 16.0.2456.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MightyText (HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\MightyText) (Version: 4.3.0 - MightyText)
Movie Maker (HKLM-x32\...\{8C22A294-DBBA-445F-B55C-E26817CCFE69}) (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD76542A-5AD9-481C-9CA8-756F84A8FEAF}) (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 74.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 74.0 (x64 en-GB)) (Version: 74.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.1.1 - Mozilla)
Mozilla Thunderbird 68.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.1.1 (x86 en-US)) (Version: 68.1.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 432.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{15BCA3AB-444B-4AC5-A04F-F2AD0F7AD3EC}) (Version: 4.2.10 - dotPDN LLC)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 200317 - Kakao Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SAntivirus Realtime Protection Lite (HKLM-x32\...\SAntivirus) (Version: 1.0.21.18 - Digital Com. Inc) <==== ATTENTION
Screenshot Captor 4.16.1 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
Skype version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TextPad 7 (HKLM\...\{6A86F18E-5464-449D-A82D-667974747F38}) (Version: 7.2.0 - Helios)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.29 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.68 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 24.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24125}) (Version: 24.0.13650 - Corel Corporation)
Yamaha USB-MIDI Driver (HKLM\...\{71E75F05-930E-41BA-BDBC-15E3134DD45B}) (Version: 3.1.3.1 - Yamaha Corporation) Hidden
Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{71E75F05-930E-41BA-BDBC-15E3134DD45B}) (Version: 3.1.3.1 - Yamaha Corporation)
Zoom (HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\ZoomUMX) (Version: 4.5 - Zoom Video Communications, Inc.)
 
Packages:
=========
ASUS Welcome -> C:\Program Files\WindowsApps\B9ECED6F.ASUSWelcome_1.0.1.0_x64__qmba6cd70vzyy [2015-08-27] (ASUSTeK COMPUTER INC.)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20583.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-02-27] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-24] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-24] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x64__8wekyb3d8bbwe [2020-03-07] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-25] (Netflix, Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0 [2020-03-13] (Spotify AB) [Startup Task]
Trello -> C:\Program Files\WindowsApps\FogCreekSoftware.Trello_1.1.6.5_neutral__defsc33n7q7k2 [2014-10-08] (Fog Creek Software)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001_Classes\CLSID\{04271989-C4D2-001A-C5EF-BBCCA1D154FE} -> [OneDrive - Transforming Autism] => E:\1Drive\OneDrive - Transforming Autism [2019-06-08 14:31]
CustomCLSID: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001_Classes\CLSID\{04271989-C4D2-71C2-5D41-9E219CCF1177} -> [Transforming Autism] => E:\1Drive\Transforming Autism [2017-09-27 09:59]
CustomCLSID: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Guy Shahar\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Guy Shahar\AppData\Local\GoToMeeting\16786\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\shellext64.dll (Helios Software Solutions Ltd -> Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => E:\Dropbox [2020-03-15 19:12]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [2014-04-01] (AIMP DevTeam) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-10-12] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [2014-04-01] (AIMP DevTeam) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-10-12] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.36.0.dll [2020-03-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-10-12] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers1_S-1-5-21-1258771959-4100150369-3783693462-1001: [TextPad] -> {8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54} => C:\Program Files\TextPad 7\System\shellext64.dll [2014-02-14] (Helios Software Solutions Ltd -> Helios Software Solutions)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Guy Shahar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd
 
==================== Loaded Modules (Whitelisted) =============
 
2017-07-08 07:20 - 2020-03-21 18:25 - 000027136 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-06-04 17:47 - 2013-07-23 14:08 - 000193024 _____ () [File not signed] C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2014-06-04 17:47 - 2013-06-17 13:04 - 001411072 _____ () [File not signed] C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2020-03-15 20:16 - 2009-12-08 15:52 - 000230912 _____ () [File not signed] C:\WINDOWS\SYSTEM32\APOMgr64.DLL
2020-03-15 20:16 - 2009-11-30 18:54 - 000089088 _____ () [File not signed] C:\WINDOWS\SYSTEM32\CmdRtr64.DLL
2014-04-01 08:53 - 2014-04-01 08:53 - 000590848 _____ (AIMP DevTeam) [File not signed] C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll
2019-02-21 21:00 - 2019-02-21 21:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-03-25 17:23 - 2015-06-03 21:05 - 001903232 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2014-03-25 17:23 - 2015-06-03 21:04 - 001571696 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\WINDOWS\system32\nvspcap64.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\sharepoint.com -> hxxps://transformingautism-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2020-03-19 15:35 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\gs\gs9.27\lib;C:\Program Files\gs\gs9.27\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Guy Shahar\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\symbol - indigo border.png
DNS Servers: 208.67.220.220 - 4.2.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D4A42ECC54CE31449758306E321FF9D1"
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\StartupApproved\Run: => "eM Client"
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_11CBC87E9284806025DF0C67B290DA37"
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\StartupApproved\Run: => "GoToMeeting"
HKU\S-1-5-21-1258771959-4100150369-3783693462-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DB5081A2-6DAC-42A6-8569-D9354E790CAA}] => (Allow) C:\Users\Guy Shahar\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{1E1CF271-2F4E-4794-A976-8166DA8B25D6}] => (Allow) C:\Users\Guy Shahar\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{FA810B84-DD60-4AC6-97FA-E327FD246496}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{559245AF-C7E0-45F7-9BB2-E019790B7ACF}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{55F58DED-44CA-43A9-A766-DE71D57B7497}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7C654DFB-7148-4517-91FC-556D2BEE1B6E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B33358A-B5A6-4974-BA2F-C6276E5770A6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AD1BE75F-D63F-4AC4-BC9D-405717CE9967}] => (Allow) LPort=1900
FirewallRules: [{1D104796-4459-4CD2-A276-F989B8BF6C74}] => (Allow) LPort=2869
FirewallRules: [{A0D7441C-E619-4A6B-BCBE-FC3E68CC0017}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FB2602E1-3175-4004-A5BE-0E3E762113C0}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe No File
FirewallRules: [TCP Query User{F6D1CE09-5D64-4404-886E-8A9D93E97665}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe No File
FirewallRules: [{23F51BAE-BBF0-4E86-B246-83C498DB499C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3B7ACB16-7D65-437F-91A8-48C3743B8186}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{232BA66B-7A9A-4A3B-B1E3-EF84C45A538B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E57E477A-1718-4EEE-8743-FCE02E8C0D65}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe No File
FirewallRules: [{35655971-9C92-4708-8E1D-99E3DF7D84EC}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe No File
FirewallRules: [{9E04B396-A6B0-4379-A6A5-7C9754DA83D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6A74E0C-F87E-46B6-8767-3C8845AFD872}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{B228A464-9485-4CFF-82CB-97CB7B8FDBD4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{D5B2FF9F-1629-4F81-A153-AF6A6580A907}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{2B0888A4-C5E4-45B1-8804-0F75D01EB750}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [UDP Query User{4A7A1007-FCD7-4D49-8B5D-B7E2315F6BCF}C:\users\guy shahar\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\guy shahar\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [TCP Query User{03E4D47C-C83C-475C-A28A-6FD8203C1F03}C:\users\guy shahar\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\guy shahar\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [TCP Query User{088AACAA-36AE-477A-90A3-749FB286100C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{E64C91C3-D2C5-47FB-83FB-5A1AFA409C54}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [TCP Query User{0FADC442-C61B-4071-ACDC-30A4847ED136}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe No File
FirewallRules: [UDP Query User{B4696AFE-1242-46EF-878D-9D32592BA731}C:\users\guy shahar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guy shahar\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [TCP Query User{89170BBE-D574-47DE-AF93-503C8B2356B8}C:\users\guy shahar\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guy shahar\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [UDP Query User{5B77BBBE-15AA-41A6-A383-44558A6FB5EA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{91458543-C217-437C-84F2-4E351C912A4D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5F112197-B12F-4AAE-9A17-E38576F4A52B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BA451EF7-0B39-4EC4-A709-B1F63B1662FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{B591CA2A-FE38-4F17-AB14-38DEBE2A7CD3}C:\users\guy shahar\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\guy shahar\appdata\roaming\dropbox\bin\dropbox.exe No File
FirewallRules: [TCP Query User{9132F1D8-C7FC-4445-B3D7-DECF3D135137}C:\users\guy shahar\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\guy shahar\appdata\roaming\dropbox\bin\dropbox.exe No File
FirewallRules: [UDP Query User{91344C2E-08AC-46C2-98C5-B5595A7FFA9F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin No File
FirewallRules: [TCP Query User{F665B888-C353-46CC-A782-8EE2669F8BD6}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin No File
FirewallRules: [{00488D7D-E627-481E-8C7A-61AD5A6BC39B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6220BCAF-875F-4979-B675-3518F065C705}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{034B2E24-91FC-424E-A74E-CF82C32F7D56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe No File
FirewallRules: [{FEE18479-7B37-41A0-ACA3-113F869708F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe No File
FirewallRules: [{B488F013-0E55-4633-BC9C-341464E4CD6B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2091D657-B642-4E8B-BDF2-116717A731D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FA52BAAD-2C27-408A-B9D2-565D80FC4DB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1A46357D-68BD-4AB3-87BC-1D1B3CC0664C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{76C80B44-8DE8-44FA-B4B3-2E1F7FF2CB6F}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe No File
FirewallRules: [{6D40139D-53F0-452B-B55A-925A2BE2DE50}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe No File
FirewallRules: [TCP Query User{DEEBAC35-E57C-4094-A593-02DEB5888D8B}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{985C7FEB-0A31-4D8D-B7F1-F62CA9A6E71B}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{92C1B9ED-F355-4024-85B4-D839C24996D5}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe No File
FirewallRules: [{7B644440-A994-4997-B8BF-E971DBCFE9C7}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe No File
FirewallRules: [UDP Query User{262B2832-19E3-46CF-80DB-1237D5CDCB80}C:\program files (x86)\microsoft office\root\office16\lync.exe] => (Block) C:\program files (x86)\microsoft office\root\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{993D3C25-3264-426C-810B-A99F0A3D7E80}C:\users\guy shahar\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\guy shahar\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{AF397E4B-0A99-4DF9-AE93-4A928CA387E3}C:\users\guy shahar\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\guy shahar\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDA0D38F-D772-4531-B253-F07326DFB107}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{356510B8-C5DB-42BB-83F1-6B09DEF4D014}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{19166CA0-FA2B-4517-8091-934C252D0DC9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EFA04689-1901-4B6D-90C4-AAC33B1D161D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0D49E2BF-274B-43F8-8F14-D4E1DA49ECEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{92704232-88B7-440A-8EF0-4B4F8B6F3B57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A2533F44-73EC-4E22-8589-87A5B589AC2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3557C5FC-3D8B-499D-BC6F-030BCA2D075B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B3DB7D90-6A68-4C07-BCDB-93C27C0015AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.128.721.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B63CDAE4-C32B-42D3-8E08-953B45DE549C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{ADF6D232-90BB-4D70-BC35-51E00679DD46}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:110.93 GB) (Free:27.76 GB) (25%)
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/21/2020 06:26:22 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/21/2020 06:26:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID: 2008, ProfSvc PID: 1440.
 
Error: (03/21/2020 06:25:59 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (Can't create NSS process. [203]).
 
Error: (03/21/2020 06:25:59 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: An error has occurred (Failed to create process. [2]).
 
Error: (03/21/2020 06:23:19 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (03/21/2020 06:29:13 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (03/21/2020 06:24:23 PM) (Source: DCOM) (EventID: 10005) (User: MAINPC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/21/2020 06:24:17 PM) (Source: DCOM) (EventID: 10005) (User: MAINPC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/21/2020 06:24:13 PM) (Source: DCOM) (EventID: 10005) (User: MAINPC)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
 
Error: (03/21/2020 06:24:13 PM) (Source: DCOM) (EventID: 10005) (User: MAINPC)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
Error: (03/21/2020 06:24:12 PM) (Source: DCOM) (EventID: 10005) (User: MAINPC)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
 
Error: (03/21/2020 06:24:09 PM) (Source: DCOM) (EventID: 10005) (User: MAINPC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (03/21/2020 06:24:05 PM) (Source: DCOM) (EventID: 10005) (User: MAINPC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
CodeIntegrity:
===================================
 
Date: 2020-03-21 20:31:56.912
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-03-21 20:31:56.910
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-03-21 20:31:10.377
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-03-21 20:31:10.373
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-03-21 20:31:09.873
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-03-21 20:31:09.856
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-03-21 20:29:58.056
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-03-21 20:29:58.053
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 0904 01/06/2014
Motherboard: ASUSTeK COMPUTER INC. B85M-G
Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 36%
Total physical RAM: 16322.29 MB
Available physical RAM: 10331.18 MB
Total Virtual: 18754.29 MB
Available Virtual: 11393.07 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:110.93 GB) (Free:27.76 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:98.52 GB) NTFS
 
\\?\Volume{0b28b878-b42f-11e3-8257-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS
\\?\Volume{af007d27-0000-0000-0000-30d11b000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: AF007D27)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=533 MB) - (Type=27)
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3B8EE9E4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#21
RKinner
Posted 21 March 2020 - 02:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Look like we got it that time.  It still shows in the installed program list but there is no sign of it in the FRST log.  How is it running now?  Any problems?

 

Are you using the Click to Run Microsoft Office?  If I remember correctly you have to pay an annual fee to use it.  If you are not using it I would uninstall it as it is causing errors.  If you can't uninstall it I can remove it with a fixlist.


  • 0

#22
guyshahar
Posted 21 March 2020 - 03:01 PM

guyshahar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Brilliant - thank you.  When I went to uninstall it, it said it had probably already been uninstalled and removed it from the list.

 

I do use Microsoft Office, but I don't know what "Click to Run" is on it.  Is it different to the normal Office?


  • 0

#23
RKinner
Posted 22 March 2020 - 08:45 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Click to run is an awful idea of MS.  You don't get the files installed and everything has to be done in the cloud so it takes a lot of bandwidth.  MS likes it because you have to subscribe to it and pay them lots of money.  Many PC makers preinstall it.  I think it works for 30 days then you have to subscribe.

 

Run the fixlist as before.  No need to reboot or post the fixlog.  After you run it if you go to Control Panel, Programs and Features you should see three entries for

Office 16 Click-to-Run

 

Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden

These can be uninstalled.  In addition there are 5 tasks usually associated with Office 16 Click-to-Run:

 

Task: {25B03FDB-AA23-4ECA-B1ED-BEE27CFB93D5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B4C381B-8904-4023-8E63-9D720FA62A60} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1443424 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {46991CAF-B059-419B-86B1-275EA0321C41} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BABCF63C-F585-4290-9C21-AFA3C5D496BE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24600440 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4F86168-018A-4541-A869-44BA2F825E23} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)

 

 

I could let the fixlist remove the tasks but since you have another version of office I think it would be better if you just disabled the tasks manually in case your new office uses them too then you can go back in and Enable them if it complains.

 

Search for:

task scheduler

hit Enter

click on the arrow in front of Task Scheduler Library

click on the arrow in front of Microsoft

click on the arrow in front of Windows

Click on Office and look in the next pane.  Find each of the tasks (in bold above) and right click and Disable.  The first & 4th tasks have click to run or C2R in their names so I am sure of them.  The others refer to Office16 which should be different from Office 365 but if you want to leave them enabled it probably won't hurt anything.

 

Reboot then Run a FRST scan and post the logs when done.

Attached Files


  • 0

#24
guyshahar
Posted 23 March 2020 - 06:30 AM

guyshahar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Thanks, have got as far as uninstalling the 3 programs you mention, but my office apps (Word, Excel, etc) no longer open.  I haven't uninstalled Office have I?


  • 0

#25
RKinner
Posted 23 March 2020 - 06:59 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

It's possible I guess.

 

Let's try a repair

 

https://www.groovypo...5-installation/

 

I would go straight to the online repair option and bypass the quick one.


  • 0

Advertisements

#26
guyshahar
Posted 23 March 2020 - 12:13 PM

guyshahar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

Yes, I've got them back now - thank you!!


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP