Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help my computer may be infected [Solved]


  • This topic is locked This topic is locked

#1
njlock

njlock

    Member

  • Member
  • PipPipPip
  • 353 posts

I have been having issues with one of my (I have 2 pc's in a work network) it has been locking up and been very slow lately, and getting worse.

I noticed in my startup programs an executable- twdsuilaunch.exe that a google search says could be the cause?

I'd appreciate any help!!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-04-2020
Ran by dave (administrator) on DESKTOP-NOQBE2R (Dell Inc. Inspiron 3668) (27-04-2020 10:11:37)
Running from C:\Users\dave\Downloads
Loaded Profiles: dave (Available Profiles: dave)
Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
( () [File not signed])  [File is in use ] \\DESKTOP-NOQBE2R\jess2017C\INTEGRA\ULTIMATE.EXE
() [File not signed] C:\Program Files (x86)\Common Files\Dinkum\Dinkum2.exe
(Acclivity LLC -> Acclivity Group LLC) C:\AccountEdgePro2013\AccountEdge.exe <2>
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\95.4.441\QtWebEngineProcess.exe <2>
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\MemfilesService.exe
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\x64ProcessAssistSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <22>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d670acc8ae8e7e44\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d670acc8ae8e7e44\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d670acc8ae8e7e44\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d670acc8ae8e7e44\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® RMT -> Intel Corporation) C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12624.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.120.4062.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe <6>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1402\DSAPI.exe
(Pro Softnet Corporation -> ) C:\Program Files (x86)\IDriveWindows\id_diskimage.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9192960 2017-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [960896 2017-03-27] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [89032 2019-03-11] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [78176 2020-03-23] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1979232 2020-03-23] (Pro Softnet Corporation -> Prosoftnet)
HKU\S-1-5-21-903512225-1228206131-3529009998-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [45488 2020-04-10] (Glarysoft LTD -> Glarysoft Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.122\Installer\chrmstp.exe [2020-04-23] (Google LLC -> Google LLC)
BootExecute: autocheck autochk *  
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {11DF5987-EE83-4997-B987-92D210F6E0C4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {182C41FA-F125-4396-9560-419C2AEE391E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {21E0E878-F5B8-40A5-9D9D-C2C1D2522BC6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2BA8D212-12CE-42DB-8A13-DF25050003C2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {379CA9E1-DA3E-4B84-BB6E-50DB08935552} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {400A01BF-E908-4393-BD39-31E386377BDA} /quiet /qn
Task: {379CA9E1-DA3E-4B84-BB6E-50DB08935552} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {3B80F716-4EAD-43B6-80D8-98A0CCF35463} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1553880 2020-03-12] (Dell Inc. -> Dell Inc.)
Task: {3D86C8C9-9477-4B2F-8AD0-1A4A57EC82A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-23] (Google Inc -> Google Inc.)
Task: {631A59E8-3C47-4002-BF5D-B60BFF25A1AE} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [32448 2018-12-04] (Rivet Networks LLC -> DELL)
Task: {6B9B456D-A277-42B6-AC57-5F74F30F9C8E} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [236464 2020-04-10] (Glarysoft LTD -> Glarysoft Ltd)
Task: {783A84D7-FD38-4C68-A52A-FA4026DDDA86} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel® Trusted Connect Service -> Intel® Corporation)
Task: {79AD4906-5666-42B1-9BFC-225780C409B2} - System32\Tasks\EPSON WF-3620 Series Update {70D40A16-8C8E-4F82-A923-C97C0809061A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: {860BEE39-41A0-43BD-B79B-ADFE8B80D398} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8D536032-D68E-4655-ACEB-3B2F01EBF0C9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {9156528A-BC33-40C7-B192-A577DAC47485} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {9C60FD77-FFBB-47A0-B561-B5359825D420} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [138160 2020-04-10] (Glarysoft LTD -> Glarysoft Ltd)
Task: {B1DF3CEA-6D5A-47B8-984C-6B391735F796} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C93DAD17-F81E-4E63-ADD6-DD6E6E1AE2C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {E00A67EC-4993-4A4C-AB35-834E79616656} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0D1F741-0BA3-4D9F-BFA5-BAE933F6F279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-23] (Google Inc -> Google Inc.)
Task: {E3A15CBC-BFC1-47CE-B199-A75001A0E8DE} - System32\Tasks\EPSON WF-3620 Series Invitation {70D40A16-8C8E-4F82-A923-C97C0809061A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: {EFA1C977-CEAB-44FF-A4A7-A3E4666E02F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-26] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {70D40A16-8C8E-4F82-A923-C97C0809061A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {70D40A16-8C8E-4F82-A923-C97C0809061A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{70D40A16-8C8E-4F82-A923-C97C0809061A} /F:UpdateWORKGROUP\DESKTOP-NOQBE2R$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP NOQBE2R
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{24920986-f7fe-4a64-92f0-e073718dfee4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{44a67ac9-7127-4b63-8ad7-a9c8f9b83199}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-903512225-1228206131-3529009998-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-903512225-1228206131-3529009998-1001 -> DefaultScope {8DEC968B-E959-4CFA-842C-E983D75A388E} URL = 
SearchScopes: HKU\S-1-5-21-903512225-1228206131-3529009998-1001 -> {8DEC968B-E959-4CFA-842C-E983D75A388E} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default [2020-04-27]
CHR Notifications: Default -> hxxps://sdrm.nastfsecurityregistry.org; hxxps://us.letgo.com; hxxps://www.ae.com; hxxps://www.bestbullysticks.com; hxxps://www.hometalk.com; hxxps://www.netflix.com
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.google.com/"
CHR Extension: (Slides) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Entanglement Web App) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-09-23]
CHR Extension: (Docs) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-23]
CHR Extension: (Spider Solitaire) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcopgabdbdohekgeabpbfhledmdahkpe [2018-06-22]
CHR Extension: (Splendid) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd [2017-09-23]
CHR Extension: (YouTube) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-23]
CHR Extension: (Autopen - Email Signatures) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmjcoiohflenpehfaalahocpmacjloof [2017-09-23]
CHR Extension: (Google Play Music) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2020-04-24]
CHR Extension: (Sheets) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Authy Chrome Extension) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgenkpocbhhddlgkjnfghpjanffonno [2018-10-24]
CHR Extension: (Authy) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2020-04-03]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2020-03-13]
CHR Extension: (Google Docs Offline) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-24]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-04-17]
CHR Extension: (Cisco Webex Extension) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-07-11]
CHR Extension: (Poppit!) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-09-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-18]
CHR Extension: (Add Email Signature - WiseStamp) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg [2020-03-13]
CHR Extension: (Gmail) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-13]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [382928 2019-09-23] (Qualcomm Atheros -> Windows ® Win 7 DDK provider)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2017-12-06] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10626648 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-06] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-02-06] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [244280 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3339824 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [271416 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-05-02] (Dell Inc -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1402\DSAPI.exe [965104 2020-03-19] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc -> Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [293528 2018-10-20] (Dell Inc -> Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36024 2020-02-14] (Dell Inc -> )
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [368992 2020-03-23] (Pro Softnet Corporation -> Prosoftnet)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 IRMTService; C:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe [182384 2016-08-12] (Intel® RMT -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-14] (Malwarebytes Inc -> Malwarebytes)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [46632 2017-04-17] (Dell Inc -> Dell)
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-12-04] (Rivet Networks LLC -> CloudBees, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2114248 2018-12-04] (Rivet Networks LLC -> Rivet Networks)
R2 srvDinkum2; C:\Program Files (x86)\Common Files\Dinkum\Dinkum2.exe [456704 2014-12-07] () [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38360 2020-03-12] (Dell Inc. -> Dell Inc.)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-04-16] (Microsoft) [File not signed]
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [415112 2017-03-27] (Waves Inc -> Waves Audio Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-04-16] (Microsoft) [File not signed]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318648 2016-08-29] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-30] (Microsoft Corporation) [File not signed]
R4 DBUtil_2_3; C:\WINDOWS\TEMP\DBUtil_2_3.Sys [14840 2020-04-27] (Dell Inc. -> )
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [35704 2019-12-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-04-22] (Malwarebytes Corporation -> Malwarebytes)
S1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [28936 2019-08-05] (Glarysoft LTD -> Glarysoft Ltd)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc. -> McAfee, Inc.)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [906160 2019-03-11] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-04-22] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-04-27] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-04-27] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-04-22] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [124560 2020-04-22] (Malwarebytes Inc -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-23] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-05] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [120008 2018-12-04] (Rivet Networks LLC -> Rivet Networks, LLC.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-03-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-03-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-26] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-27 10:11 - 2020-04-27 10:15 - 000028687 _____ C:\Users\dave\Downloads\FRST.txt
2020-04-27 10:10 - 2020-04-27 10:13 - 000000000 ____D C:\FRST
2020-04-27 10:08 - 2020-04-27 10:08 - 002283008 _____ (Farbar) C:\Users\dave\Downloads\FRST64.exe
2020-04-27 09:54 - 2020-04-27 09:54 - 000017052 _____ C:\Users\dave\Downloads\57 CORBIN INV 8903.pdf
2020-04-27 09:14 - 2020-04-27 09:38 - 000000000 ____D C:\Users\dave\AppData\LocalLow\IGDump
2020-04-27 09:14 - 2020-04-27 09:14 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-04-27 09:14 - 2020-04-27 09:14 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-04-24 13:02 - 2020-04-24 13:02 - 000017338 _____ C:\Users\dave\Downloads\59 Courthouse Place IV#8901.pdf
2020-04-24 12:43 - 2020-04-24 12:43 - 000623962 _____ C:\Users\dave\Downloads\KKA.pdf
2020-04-22 14:28 - 2020-04-22 14:28 - 000016475 _____ C:\Users\dave\Downloads\KODAK 60 NEWARK INV H8897.pdf
2020-04-22 14:21 - 2020-04-22 14:21 - 000016511 _____ C:\Users\dave\Downloads\KODAK 1123 HUDSON INV H8898.pdf
2020-04-22 14:16 - 2020-04-22 14:16 - 001599158 _____ C:\Users\dave\Downloads\cc auth form (5).pdf
2020-04-22 01:50 - 2020-04-22 01:50 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-04-22 01:50 - 2020-04-22 01:50 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-04-22 01:50 - 2020-04-22 01:50 - 000124560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-04-21 16:16 - 2020-04-21 16:16 - 000017204 _____ C:\Users\dave\Downloads\80-82 Bloomfield St INV#8897.pdf
2020-04-21 15:36 - 2020-04-21 15:36 - 000017046 _____ C:\Users\dave\Downloads\premio 3551.pdf
2020-04-20 10:12 - 2020-04-20 10:12 - 000420183 _____ C:\Users\dave\Downloads\4th qtr 2019_2020_04_20_10-03-17-160_AM.pdf
2020-04-17 18:49 - 2020-04-17 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-04-14 19:26 - 2020-04-14 19:26 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-14 19:26 - 2020-04-14 19:26 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-14 19:26 - 2020-04-14 19:26 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-14 19:25 - 2020-04-14 19:26 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-14 19:25 - 2020-04-14 19:25 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-14 19:25 - 2020-04-14 19:25 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-14 19:25 - 2020-04-14 19:25 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-14 19:25 - 2020-04-14 19:25 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-14 19:25 - 2020-04-14 19:25 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-14 19:25 - 2020-04-14 19:25 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-14 19:25 - 2020-04-14 19:25 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-14 19:25 - 2020-04-14 19:25 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-14 19:25 - 2020-04-14 19:25 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-14 19:25 - 2020-04-14 19:25 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-14 19:25 - 2020-04-14 19:25 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-14 19:25 - 2020-04-14 19:25 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-14 19:25 - 2020-04-14 19:25 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-14 19:25 - 2020-04-14 19:25 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-14 19:25 - 2020-04-14 19:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-14 19:24 - 2020-04-14 19:25 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-14 19:24 - 2020-04-14 19:24 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-14 19:24 - 2020-04-14 19:24 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-14 19:24 - 2020-04-14 19:24 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-14 19:24 - 2020-04-14 19:24 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-14 19:02 - 2020-04-14 19:04 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-14 19:02 - 2020-04-14 19:04 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-14 08:19 - 2020-04-14 08:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-04-14 08:19 - 2020-04-14 08:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-04-14 08:19 - 2020-04-14 08:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-04-14 08:19 - 2020-04-14 08:19 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-04-10 09:39 - 2020-04-10 09:39 - 000090121 _____ C:\Users\dave\Downloads\20200331-statements-9418-.pdf
2020-04-08 15:14 - 2020-04-08 15:14 - 000001264 _____ C:\Users\Public\Desktop\IDrive.lnk
2020-04-08 15:14 - 2020-04-08 15:14 - 000001264 _____ C:\ProgramData\Desktop\IDrive.lnk
2020-04-08 15:14 - 2020-04-08 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2020-04-08 09:51 - 2020-04-08 09:51 - 000011682 _____ C:\Users\dave\Downloads\COACH HOUSE.pdf
2020-04-07 16:32 - 2020-04-07 16:32 - 000017441 _____ C:\Users\dave\Downloads\LASERSHIP INSTALL CUS LK.pdf
2020-04-07 11:05 - 2020-04-07 11:05 - 000056361 _____ C:\Users\dave\Downloads\work_order_4059_1.pdf
2020-04-03 13:12 - 2020-04-03 13:12 - 017852168 _____ (Glarysoft Ltd) C:\Users\dave\Downloads\gup5setup (1).exe
2020-04-02 14:08 - 2019-10-14 03:38 - 001082888 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-04-02 14:08 - 2019-10-14 03:38 - 001082888 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-04-02 14:08 - 2019-10-14 03:38 - 000940552 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-04-02 14:08 - 2019-10-14 03:38 - 000940552 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-04-02 14:08 - 2019-10-14 03:38 - 000853768 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-04-02 14:08 - 2019-10-14 03:38 - 000853768 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-04-02 14:08 - 2019-10-14 03:38 - 000711432 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-04-02 14:08 - 2019-10-14 03:38 - 000711432 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-04-02 14:08 - 2019-10-14 03:38 - 000284472 _____ C:\WINDOWS\system32\igfxCPL.cpl
2020-04-02 14:08 - 2019-10-14 03:38 - 000212672 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2020-04-02 14:08 - 2019-10-14 03:38 - 000184360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2020-04-02 14:08 - 2019-10-14 03:38 - 000169208 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2020-04-02 14:08 - 2019-10-14 03:38 - 000142048 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2020-04-02 14:08 - 2019-10-14 03:38 - 000136928 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2020-04-02 14:08 - 2019-10-14 03:38 - 000121360 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-04-02 14:08 - 2019-10-14 03:38 - 000108040 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-27 10:09 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-27 10:04 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-27 09:55 - 2018-03-10 10:46 - 000000000 ____D C:\integra
2020-04-27 09:54 - 2019-06-15 10:45 - 000008069 _____ C:\WINDOWS\BRRBCOM.INI
2020-04-27 09:53 - 2017-09-28 13:09 - 000000000 ____D C:\Users\dave\AppData\Local\CutePDF Writer
2020-04-27 09:28 - 2017-09-23 13:01 - 000000000 ____D C:\AccountEdgePro2013
2020-04-27 09:23 - 2019-08-05 14:37 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2020-04-27 09:19 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Registration
2020-04-27 09:17 - 2019-09-30 18:57 - 000842668 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-27 09:14 - 2017-09-23 10:39 - 000000000 __SHD C:\Users\dave\IntelGraphicsProfiles
2020-04-27 09:13 - 2019-09-30 19:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-27 09:13 - 2019-09-30 18:39 - 000460200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-27 09:11 - 2019-03-19 00:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-27 09:11 - 2018-12-04 10:59 - 000000000 ____D C:\ProgramData\IDrive
2020-04-27 09:07 - 2019-09-30 18:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-27 06:38 - 2019-09-30 19:10 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{A14F91AF-1918-4632-9135-0AF121FB8309}
2020-04-27 05:25 - 2019-06-15 11:25 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2020-04-24 21:10 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-24 21:10 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-23 19:50 - 2017-09-23 10:49 - 000002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-23 19:50 - 2017-09-23 10:49 - 000002319 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-23 19:50 - 2017-09-23 10:49 - 000002319 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-22 14:26 - 2020-01-06 12:28 - 000000000 ____D C:\Users\dave\Documents\SCANS 2020
2020-04-22 01:50 - 2019-07-22 09:44 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-04-19 14:21 - 2017-07-04 01:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-04-17 18:49 - 2018-02-06 12:57 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-04-17 08:45 - 2017-09-23 10:43 - 000000000 ___RD C:\Users\dave\OneDrive
2020-04-17 05:04 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-17 05:04 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-17 05:04 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-17 05:04 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-17 05:04 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-17 05:04 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-14 19:30 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-13 10:22 - 2019-09-30 19:10 - 000003288 _____ C:\WINDOWS\system32\Tasks\GlaryInitialize 5
2020-04-13 10:22 - 2019-08-05 14:39 - 000001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2020-04-13 10:22 - 2019-08-05 14:39 - 000001208 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2020-04-13 10:22 - 2019-08-05 14:39 - 000001208 _____ C:\ProgramData\Desktop\Glary Utilities 5.lnk
2020-04-08 16:22 - 2018-02-06 13:03 - 000000000 ___RD C:\Users\dave\Dropbox
2020-04-08 15:14 - 2018-12-04 10:59 - 000000000 ____D C:\Program Files (x86)\IDriveWindows
2020-04-07 08:47 - 2019-09-30 19:10 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-903512225-1228206131-3529009998-1001
2020-04-07 08:47 - 2019-09-30 18:47 - 000002413 _____ C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-03 09:08 - 2018-06-20 17:41 - 000000000 ____D C:\ProgramData\Packages
2020-04-03 08:44 - 2017-07-04 01:22 - 000000000 ____D C:\ProgramData\PCDr
2020-04-03 08:41 - 2018-02-13 18:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-04-02 21:03 - 2017-10-09 16:16 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-04-02 14:11 - 2017-07-04 01:28 - 000000000 ____D C:\Program Files\Intel
2020-04-02 14:10 - 2017-07-04 01:27 - 000000000 ____D C:\ProgramData\Intel
 
==================== Files in the root of some directories ========
 
2018-02-03 13:38 - 2018-02-03 13:38 - 000007612 _____ () C:\Users\dave\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2020
Ran by dave (27-04-2020 10:18:20)
Running from C:\Users\dave\Downloads
Windows 10 Home Version 1903 18362.778 (X64) (2019-09-30 23:12:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-903512225-1228206131-3529009998-500 - Administrator - Disabled)
dave (S-1-5-21-903512225-1228206131-3529009998-1001 - Administrator - Enabled) => C:\Users\dave
DefaultAccount (S-1-5-21-903512225-1228206131-3529009998-503 - Limited - Disabled)
Guest (S-1-5-21-903512225-1228206131-3529009998-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-903512225-1228206131-3529009998-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AccountEdge ODBC Connect v13 US (HKLM-x32\...\{DE8AC07B-5D5B-4D76-9BF8-8A54A21E87E4}) (Version: 13.0.0 - Acclivity Software) Hidden
AccountEdge ODBC Connect v13 US (HKLM-x32\...\InstallShield_{DE8AC07B-5D5B-4D76-9BF8-8A54A21E87E4}) (Version: 13.0.0 - Acclivity Software)
AccountEdge Payroll Form Viewer (HKLM-x32\...\{91BD7D88-8C2C-4652-872D-CE9DF7E03508}) (Version: 12.4.5 - Acclivity Software, Inc.) Hidden
AccountEdge Payroll Form Viewer (v4) (HKLM-x32\...\InstallShield_{91BD7D88-8C2C-4652-872D-CE9DF7E03508}) (Version: 12.4.5 - Acclivity Software, Inc.)
AccountEdge Pro 2013 (v22) (HKLM-x32\...\{3B9BB60F-0A20-40D4-940F-D721E62DC34F}) (Version: 2013 - Acclivity Software, Inc.) Hidden
AccountEdge Pro 2013 (v22) (HKLM-x32\...\InstallShield_{3B9BB60F-0A20-40D4-940F-D721E62DC34F}) (Version: 2013 - Acclivity Software, Inc.)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{0473af6f-6d5b-448f-8410-50c98e43ed00}) (Version: 4.3.1.1 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{F9F653E2-4490-471B-BF2C-A8CFF2C68AED}) (Version: 4.3.1.1 - Brother Industries, Ltd.) Hidden
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{14657F88-BF4A-44EF-97C1-CE8BC7B23580}) (Version: 5.0.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{BBBFD3EB-232A-4018-99CA-C638EAB1B9B7}) (Version: 1.0.33.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{D0F69DE9-EE0B-4A7A-8248-6D5EC97D171C}) (Version: 1.0.23.0 - Brother Industries Ltd.) Hidden
ControlCenter4 (HKLM-x32\...\{41EAC89B-B9AF-4C0C-813E-E5813548A8E4}) (Version: 4.6.17.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dell Customer Connect (HKLM-x32\...\{4D0D1313-C0BF-4092-944A-129C8469F794}) (Version: 1.4.17.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{4B38FF9D-7308-411D-93BF-CCF259B476ED}) (Version: 3.5.2013.0 - Dell Products, LP)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{0CB75726-FC62-4609-B5DA-0031E64F771B}) (Version: 3.0.128.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{17F0E5C2-638A-4645-A341-03E9C2FDCFF4}) (Version: 3.4.5.366 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{5832D99C-C9C6-437F-861C-43ED6333956F}) (Version: 4.1.0.6828 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{48253a97-70d4-4166-9a2b-80b3bb2fcc75}) (Version: 4.1.0.6828 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}) (Version: 4.0.1.5857 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.1.1 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DeviceDetect (HKLM-x32\...\{97BCFAD0-8BC5-480B-ADA2-F54809F48267}) (Version: 1.4.1.0 - Brother Industries Ltd.) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 95.4.441 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden
Glary Utilities PRO 5.140 (HKLM-x32\...\Glary Utilities 5) (Version: 5.140.0.166 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.122 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
IDrive version 6.7.3.10 (HKLM-x32\...\IDrive_is1) (Version: 6.7.3.10 - Pro Softnet Corp)
InstaCode (HKLM-x32\...\{27B1EB20-36B9-11DF-6784-088ACD3A18BE}) (Version: 2017.10.09 - WH Software Ltd)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7263 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.6.1044 - Intel Corporation)
Intel® Ready Mode Technology (HKLM\...\{E7173746-C254-4F4E-ACCB-D6BD55E76EFE}) (Version: 1.1.70.527 - Intel Corporation)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9134.0 - Waves Audio Ltd.) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12624.20466 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-903512225-1228206131-3529009998-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20466 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
PC-FAXReceive (HKLM-x32\...\{9C609AF4-9CC1-45F0-B954-29DF7DD40329}) (Version: 1.8.004.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{FD9C7169-7728-477A-91D1-AF3822CE494F}) (Version: 3.7.5.1 - Brother Industries Ltd.) Hidden
PowerENGAGE (HKLM-x32\...\{400A01BF-E908-4393-BD39-31E386377BDA}) (Version: 3.2.16 - Aviata, Inc.) Hidden
Product Registration (HKLM\...\{0CB75726-FC62-4609-B5DA-0031E64F771B}) (Version: 3.0.128.0 - Dell Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8105 - Realtek Semiconductor Corp.)
RemoteSetup (HKLM-x32\...\{FAB8A30A-B074-48F9-9D73-5E9A757403F8}) (Version: 3.10.2.0 - Brother Industries Ltd.) Hidden
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
SmartByte Drivers and Services (HKLM\...\{01F01829-4C5A-41B0-8198-0BDD02B34C47}) (Version: 2.0.643 - Rivet Networks)
SoftwareUpdateNotification (HKLM-x32\...\{C2430580-570A-48D4-BF61-FA55E35BD052}) (Version: 1.0.8.0 - Brother Insutries Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{917FA52F-AFA9-46C0-BEE0-895B29160631}) (Version: 1.22.7.0 - Brother Insutries Ltd.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Driver Package - Silicon Laboratories Inc. (silabser) Ports  (11/26/2018 10.1.4.2290) (HKLM\...\092CD1EBB4520E02673EE1FDD2E3D66266DAB607) (Version: 11/26/2018 10.1.4.2290 - Silicon Laboratories Inc.)
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.8.5.0_x86__kgqvnymyfvs32 [2020-04-08] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.166.400.0_x86__kgqvnymyfvs32 [2020-04-17] (king.com)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.5.4.0_x64__htrsf667h5kn2 [2020-03-19] (Dell Inc)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.0.0.8_x86__h6adky7gbf63m [2020-04-21] (Gameloft SE)
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2019-07-30] (Keeper Security Inc)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.7.1.1_x86__h6adky7gbf63m [2020-04-14] (Gameloft SE)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy [2020-02-26] (McAfee LLC.)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.4028.0_x86__mcezb6ze687jp [2020-04-03] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.4030.0_x64__8wekyb3d8bbwe [2020-04-14] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.6005.0_x64__8wekyb3d8bbwe [2020-04-16] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-11] (Netflix, Inc.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-06-13] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2017-09-23] (Plex)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.1.9506.0_x86__mcezb6ze687jp [2018-11-23] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_8.0.8908.0_x86__mcezb6ze687jp [2018-06-01] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-08-17] (CYBERLINK CORPORATION.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0 [2020-04-23] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-903512225-1228206131-3529009998-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
CustomCLSID: HKU\S-1-5-21-903512225-1228206131-3529009998-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\dave\Dropbox [2018-02-06 13:03]
ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-03-09] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-03-09] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2020-03-09] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-03-28] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-03-09] () [File not signed]
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-03-28] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-03-09] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2020-03-09] () [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d670acc8ae8e7e44\igfxDTCM.dll [2019-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2020-03-28] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Authy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=gaedmjdfmmahhbjefcbgaolhhanlaolb
ShortcutWithArgument: C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) =============
 
2012-09-12 15:33 - 2012-09-12 15:33 - 000213504 _____ ( (Acclivity Group LLC) [File not signed])  [File is in use ] C:\AccountEdgePro2013\ASFoundation.dll
2012-05-10 14:09 - 2012-05-10 14:09 - 000161280 _____ ( (Acclivity Group LLC) [File not signed])  [File is in use ] C:\AccountEdgePro2013\ObsoleteBridge.dll
2010-08-03 14:43 - 2010-08-03 14:43 - 002371335 _____ () [File not signed] C:\AccountEdgePro2013\CoreFoundation.dll
2009-08-25 10:48 - 2009-08-25 10:48 - 000311808 _____ () [File not signed] C:\AccountEdgePro2013\xerces-depdom_2_8.dll
2018-12-04 10:59 - 2020-03-09 14:16 - 005034496 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2018-12-04 10:59 - 2020-03-09 14:16 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2019-06-15 10:45 - 2017-06-20 14:17 - 000089600 _____ () [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2019-06-15 10:45 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2011-09-13 16:03 - 2011-09-13 16:03 - 000248832 _____ (Acclivity Group LLC) [File not signed] C:\AccountEdgePro2013\asctrm.dll
2012-11-29 16:59 - 2013-01-21 20:07 - 000266240 _____ (Acclivity Group LLC) [File not signed] C:\AccountEdgePro2013\asdfs.dll
2012-05-10 13:33 - 2013-01-18 13:58 - 000332288 _____ (Acclivity Group LLC) [File not signed] C:\AccountEdgePro2013\CrossPlatform.dll
2009-08-25 10:48 - 2009-08-25 10:48 - 001832448 _____ (Apache Software Foundation) [File not signed] C:\AccountEdgePro2013\xerces-c_2_8.dll
2010-08-04 15:57 - 2010-08-04 15:57 - 013922304 _____ (IBM Corporation and others) [File not signed] C:\AccountEdgePro2013\icudt40.dll
2010-08-04 15:57 - 2010-08-04 15:57 - 001015808 _____ (IBM Corporation and others) [File not signed] C:\AccountEdgePro2013\icuin40.dll
2010-08-04 15:57 - 2010-08-04 15:57 - 000946176 _____ (IBM Corporation and others) [File not signed] C:\AccountEdgePro2013\icuuc40.dll
2018-11-06 12:46 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2008-08-25 22:50 - 2008-08-25 22:50 - 000155648 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\1033\VBE6INTL.DLL
2019-09-30 22:33 - 2019-09-30 22:33 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2019-09-30 22:33 - 2019-09-30 22:33 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2019-06-15 11:20 - 2013-08-06 12:15 - 000181248 _____ (Nuance Communications, Inc.) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\nuanoemuires.dll
2019-06-15 11:20 - 2013-08-06 12:15 - 000027648 _____ (Nuance Communications, Inc.) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\NuanUI.DLL
2020-04-08 15:14 - 2020-03-09 14:15 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll
2018-12-04 12:10 - 2018-12-04 12:10 - 000100864 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2017-09-28 10:47 - 2016-07-19 04:11 - 000182784 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_2LM0DE.DLL
2017-09-28 12:43 - 2013-10-22 04:04 - 000179712 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_YLMBKEE.DLL
2007-11-09 03:02 - 2007-11-09 03:02 - 000317440 _____ (Software FX, Inc.) [File not signed] C:\AccountEdgePro2013\CFX2032.DLL
2019-11-22 11:02 - 2019-11-22 11:02 - 001899008 _____ (SQLite Development Team) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\sqlite3.dll
2010-01-04 14:19 - 2010-01-04 14:19 - 001017344 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\AccountEdgePro2013\LIBEAY32.dll
2007-12-09 20:32 - 2007-12-09 20:32 - 000229376 _____ (Wintertree Software Inc.) [File not signed] C:\AccountEdgePro2013\ssce5532.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\dave\Desktop\AD Remote .pdf:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 17:03 - 2017-03-18 17:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-903512225-1228206131-3529009998-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dave\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "I17A"
HKU\S-1-5-21-903512225-1228206131-3529009998-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B40A1D19-ECF7-4593-89DE-E5E8E758E504}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{75AB84F6-7440-4C26-BEC3-834E982808D7}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.)
FirewallRules: [{650F285D-30CA-4C82-ADC0-238723330476}] => (Allow) LPort=54955
FirewallRules: [{436A49F2-AD3A-4EB7-AFAC-D473BECD0E85}] => (Allow) LPort=54950
FirewallRules: [{FAF0992C-CC91-4DBE-BF63-0DF17E87BA55}] => (Allow) LPort=54925
FirewallRules: [{B2DFF8D8-D5FD-4149-B94A-C1318DF001BE}] => (Allow) C:\Program Files (x86)\RemotePC\RPCSuite.exe No File
FirewallRules: [{2DCF0F66-D2B6-4C34-840B-FBF919FE69E8}] => (Allow) C:\Program Files (x86)\RemotePC\RPCSuite.exe No File
FirewallRules: [{E16870A0-F173-4B65-A002-A71120D058A4}] => (Allow) C:\Program Files (x86)\RemotePC\RPCCoreViewer.exe No File
FirewallRules: [{DA9289E4-161B-4B14-B03F-C9CB059FFF12}] => (Allow) C:\Program Files (x86)\RemotePC\RPCCoreViewer.exe No File
FirewallRules: [{91BE2424-EBAA-411C-B450-75872ABB80E9}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCDesktop.exe No File
FirewallRules: [{B2BD3045-85BF-48B1-AD93-8E8E9BA2EE30}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCDesktop.exe No File
FirewallRules: [{F82EA1B7-20C3-49EB-9E43-59A195640082}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCService.exe No File
FirewallRules: [{28BB63E8-F017-4DAB-9341-5B8F6E09FF27}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCService.exe No File
FirewallRules: [UDP Query User{FE36DA3E-0FDC-456B-8B5C-FBD65A33DF60}C:\program files (x86)\idrivewindows\id_win.exe] => (Allow) C:\program files (x86)\idrivewindows\id_win.exe (Pro Softnet Corporation -> Prosoftnet)
FirewallRules: [TCP Query User{8A081D20-F0C5-40E6-8292-5F7300AB0FA6}C:\program files (x86)\idrivewindows\id_win.exe] => (Allow) C:\program files (x86)\idrivewindows\id_win.exe (Pro Softnet Corporation -> Prosoftnet)
FirewallRules: [UDP Query User{FA88CEBC-D90C-4275-90EA-F39492BF058E}C:\accountedgepro2013\accountedge.exe] => (Allow) C:\accountedgepro2013\accountedge.exe (Acclivity LLC -> Acclivity Group LLC)
FirewallRules: [TCP Query User{B3CCE997-5D8F-4996-87A0-52144DE392AD}C:\accountedgepro2013\accountedge.exe] => (Allow) C:\accountedgepro2013\accountedge.exe (Acclivity LLC -> Acclivity Group LLC)
FirewallRules: [UDP Query User{F7BB6449-FFE0-4A0E-990E-C815BAD751C9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe No File
FirewallRules: [TCP Query User{0B313653-0E61-407C-8312-7914E6B0939C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe No File
FirewallRules: [{1DDFA3D1-57E1-46DC-8E68-A3B7497FB853}] => (Allow) C:\Users\dave\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{F34963B3-818A-41A3-A91F-2F1D0E90AA67}] => (Allow) C:\Users\dave\AppData\Local\Temp\WF-3620\Common\EpsonNet Setup\ENEasyApp.exe No File
FirewallRules: [{3EADD56A-BE87-4FF9-BB3C-79B4E4DB63D0}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe No File
FirewallRules: [{67A1C4CC-AA7C-4811-B3F3-632C9DEFC2F0}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe No File
FirewallRules: [TCP Query User{09C0C5BF-44D2-4116-AA2D-63A8432BC608}C:\accountedgepro2013\accountedge.exe] => (Block) C:\accountedgepro2013\accountedge.exe (Acclivity LLC -> Acclivity Group LLC)
FirewallRules: [UDP Query User{1F3584D5-3EF5-4C29-B15F-934625444FF1}C:\accountedgepro2013\accountedge.exe] => (Block) C:\accountedgepro2013\accountedge.exe (Acclivity LLC -> Acclivity Group LLC)
FirewallRules: [{94670B92-7BB8-4C7B-BF3D-79B4442AF4CD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2EC857A9-E2E5-4A32-8F3C-9D20246A1CAA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{EC5E65DE-8C80-4344-B331-C059676B4A63}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F159EFAD-678C-4479-BA21-2EA20A180579}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A9CCE373-1B96-4133-A8EB-843E96902543}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{71B0AD05-6817-457F-9B5A-3E0327356658}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{24DF245E-17CB-4BF6-B70C-8691A13B2B2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5AEF6CED-94CD-4F1B-9647-A525B7D1CCB0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C4B7CF31-0834-4D69-8BCA-EDA74EAC8B57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6C6F68FD-70D4-4EA2-BD3F-E2581EA67D14}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{764AE1AF-61C7-489C-A149-7B6D8A9E83E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
23-04-2020 12:46:28 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/27/2020 10:11:47 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (17392,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (04/27/2020 09:57:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DDVDataCollector.exe, version: 5.2.15.756, time stamp: 0x5e1d960f
Faulting module name: ntdll.dll, version: 10.0.18362.778, time stamp: 0x0c1bb301
Exception code: 0xc0000374
Fault offset: 0x00000000000f9229
Faulting process id: 0x1ad0
Faulting application start time: 0x01d61c9963487544
Faulting application path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 609c7347-6501-4616-b077-e7ed79dbe21d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/27/2020 09:41:37 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12840,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (04/27/2020 09:40:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DDVDataCollector.exe, version: 5.2.15.756, time stamp: 0x5e1d960f
Faulting module name: ntdll.dll, version: 10.0.18362.778, time stamp: 0x0c1bb301
Exception code: 0xc0000005
Fault offset: 0x000000000003d66e
Faulting process id: 0x3318
Faulting application start time: 0x01d61c96ceb3de99
Faulting application path: C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 7f779f52-4e95-42c0-ad2b-00d2ff6a3f78
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/27/2020 09:30:46 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5064,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (04/27/2020 09:21:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LocalBridge.exe, version: 18.2002.1101.0, time stamp: 0x5e420193
Faulting module name: appbridge.dll, version: 0.0.0.0, time stamp: 0x5e420191
Exception code: 0xc0000005
Fault offset: 0x0000000000032c9d
Faulting process id: 0x3104
Faulting application start time: 0x01d61c96b67c0a3d
Faulting application path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\LocalBridge.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe\appbridge.dll
Report Id: 59d0add3-c4c2-4f39-a5e8-6286fb3cfd27
Faulting package full name: Microsoft.MicrosoftOfficeHub_18.2002.1101.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub
 
Error: (04/27/2020 09:21:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: LocalBridge.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at MyOffice.NativeMethods.GetInstalledOfficeSuiteDetails(UInt32, System.Text.StringBuilder, Int32 ByRef)
   at MyOffice.NativeHelper.ExecuteForStringResult(System.String, StringFunction)
   at MyOffice.LocalProviders+<>c__DisplayClass7_0.<GetOfficeInstallationDetailsEx>b__0()
   at System.Threading.Tasks.Task`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InnerInvoke()
   at System.Threading.Tasks.Task.Execute()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(System.Threading.Tasks.Task ByRef)
   at System.Threading.Tasks.Task.ExecuteEntry(Boolean)
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
 
Error: (04/27/2020 09:19:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DeliveryService.exe, version: 3.5.2013.0, time stamp: 0x5d025c33
Faulting module name: KERNELBASE.dll, version: 10.0.18362.778, time stamp: 0x692cf0ab
Exception code: 0xe0434352
Fault offset: 0x00114192
Faulting process id: 0x26e0
Faulting application start time: 0x01d61c967c6ccd45
Faulting application path: C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 8185077e-3d94-4728-a18b-828cfb800c4c
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (04/27/2020 09:58:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/27/2020 09:40:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (04/27/2020 09:19:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/27/2020 09:11:19 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Security Service service did not shut down properly after receiving a preshutdown control.
 
Error: (04/27/2020 09:11:04 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.
 
Error: (04/27/2020 09:10:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NOQBE2R)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (04/27/2020 09:10:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NOQBE2R)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (04/27/2020 09:10:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NOQBE2R)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2020-04-17 09:03:46.654
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {93391CAD-16D9-40BD-9B2A-8956F078797D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-04-17 08:33:41.697
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5D66966B-DA54-4940-9B2E-8C7538AD1F64}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2020-04-27 09:13:01.514
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-17 10:46:04.109
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-17 05:07:32.365
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-13 10:22:14.963
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BootDefragDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-13 08:48:41.696
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-10 08:48:07.864
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-04 08:49:26.287
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\BootDefragDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-03 08:40:20.714
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.2.1 01/06/2017
Motherboard: Dell Inc. 07KY25
Processor: Intel® Core™ i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 52%
Total physical RAM: 12196.74 MB
Available physical RAM: 5832.64 MB
Total Virtual: 21924.74 MB
Available Virtual: 14076.35 MB
 
==================== Drives ================================
 
Drive c: (jess2017) (Fixed) (Total:918.15 GB) (Free:802.86 GB) NTFS
Drive e: (Mirror Image Drive) (Fixed) (Total:1863.01 GB) (Free:1328.1 GB) NTFS
Drive f: () (Removable) (Total:57.82 GB) (Free:19.93 GB) FAT32
 
\\?\Volume{a02efee7-1b1f-4833-b1cf-d7a1356e406a}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{754e6b0e-bea8-47be-acd8-8fbf9086d7f4}\ (Image) (Fixed) (Total:11.13 GB) (Free:0.21 GB) NTFS
\\?\Volume{8227d837-140f-44ab-9ce1-5532d6d08f21}\ (DELLSUPPORT) (Fixed) (Total:1.11 GB) (Free:0.49 GB) NTFS
\\?\Volume{3f8fc212-7bcb-4eac-a99a-da58ca0b0dd6}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 628B5355)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 6C1C9E23)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 2 (Protective MBR) (Size: 57.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

Just so you know ...

twdsuilaunch.exe is a file that is related to Brother Printers and I see you have Brother Printer Software on your machine.

https://www.systemlo...uilaunch.exe&s=
https://www.file.net...launch.exe.html

I doubt very much that the copy of that file on your machine is malicious.

I have yet to go through your FRST files, but I'll do that now, and get back to you when I've finished .... probably some time later today.


  • 0

#3
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts

ok, thanks I appreciate it!


  • 0

#4
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

No signs of an active infection in your FRST logs, however there are a few things to take care of ...

First ...

Please remove the following Chrome Extensions ...
 

Chrome Media Router ... pkedcjkdefgpdelpbcmbmeomcjbeemfm
Poppit! ... mcbkbpnkkkipelfledbfocopglifcfmi
Chrome Web Store Payments ... nmmhkkegccagdldgiimedpiccmgmieda
 


https://www.timeatla...ome-extensions/

Next ...



  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ....
VirusTotal: C:\Program Files (x86)\Common Files\Dinkum\Dinkum2.exe;C:\WINDOWS\TEMP\DBUtil_2_3.Sys
SearchScopes: HKU\S-1-5-21-903512225-1228206131-3529009998-1001 -> DefaultScope {8DEC968B-E959-4CFA-842C-E983D75A388E} URL =
SearchScopes: HKU\S-1-5-21-903512225-1228206131-3529009998-1001 -> {8DEC968B-E959-4CFA-842C-E983D75A388E} URL =
EmptyTemp:
cmd: ipconfig /flushdns
  • Press Ctrl+s to save fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ...

Download ESET Online Scanner and save it to your desktop.


  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

  • 0

#5
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-04-2020
Ran by dave (28-04-2020 09:31:21) Run:1
Running from C:\Users\dave\Downloads
Loaded Profiles: dave (Available Profiles: dave)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
*****************
 
 
==== End of Fixlog 09:31:21 ====

  • 0

#6
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

Seems you didn't copy/paste the fixlist I gave you into Notepad as I instructed in my last post ...... please try again, and then post me the new fixlog

 

If you're having problems with the instructions please let me know and we can try a different method to implement them.


  • 0

#7
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts

yeah I thought something was weird? I'll try again when the scan is done. thx!


  • 0

#8
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
ok this time it did something (or I did it right this time?) still running scan, did not do restart yet, will after scan. 
thx again
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-04-2020
Ran by dave (28-04-2020 11:21:51) Run:2
Running from C:\Users\dave\Desktop
Loaded Profiles: dave (Available Profiles: dave)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
VirusTotal: C:\Program Files (x86)\Common Files\Dinkum\Dinkum2.exe;C:\WINDOWS\TEMP\DBUtil_2_3.Sys
SearchScopes: HKU\S-1-5-21-903512225-1228206131-3529009998-1001 -> DefaultScope {8DEC968B-E959-4CFA-842C-E983D75A388E} URL =
SearchScopes: HKU\S-1-5-21-903512225-1228206131-3529009998-1001 -> {8DEC968B-E959-4CFA-842C-E983D75A388E} URL =
EmptyTemp:
cmd: ipconfig /flushdns
*****************
 
VirusTotal: C:\Program Files (x86)\Common Files\Dinkum\Dinkum2.exe => https://www.virustot...sis/1587714664/
VirusTotal: C:\WINDOWS\TEMP\DBUtil_2_3.Sys => https://www.virustot...sis/1587670622/
"HKU\S-1-5-21-903512225-1228206131-3529009998-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-903512225-1228206131-3529009998-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8DEC968B-E959-4CFA-842C-E983D75A388E} => removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13207072 B
Java, Flash, Steam htmlcache => 525 B
Windows/system/drivers => 33768073 B
Edge => 10595630 B
Chrome => 635301480 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 81419 B
systemprofile32 => 81419 B
LocalService => 81419 B
NetworkService => 95542711 B
dave => 111815194 B
 
RecycleBin => 4453697 B
EmptyTemp: => 873.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:26:10 ====

  • 0

#9
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

OK, I'll wait to see your e-set scan results before deciding whether anything further checking needs to be done.

 

There's a single detection on the Dinkum file at VirusTotal, but it's a heuristic detection, and therefore almost sure to be a false positive. If the e-set scan detects anything further that's related to it, then we may need to take action, but otherwise I'd say it's not really of any concern.


  • 0

#10
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts

no threats detected. do you still want the eset log?

thx


  • 0

Advertisements


#11
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

No, if e-set didn't detect anything ... and to be honest I didn't expect it to ... then I think it's fair to assume that any problems you're experiencing are not being caused because your computer is infected.

 

Have you run a System File Check on your computer to see whether there is any system corruption ?


  • 0

#12
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts

no.... I would'nt know how to. I think removing those extentions probably helped seems better.

 

another thing you might be able to help if possible.

 

I can't see other pc in my network from this pc, my other (my main station) pc can see this one. 

so from my pc1 I can access and transfer files between the 2.

but from this pc I don't have access to the main pc

 

I tried trouble shooting from network and settings with no success. I've been reading that this is a common issue with the more recent windows 10 updates?

 

If you would rather keep this a separate issue, I will open a new thread under operating systems or networking?

 

thx again for all your help!! You guys are the best!!


  • 0

#13
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts

"Have you run a System File Check on your computer to see whether there is any system corruption ?"

 

ok I googled it and have it running now


  • 0

#14
njlock

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts

ok it found corrupt files and repaired them.

seems to be running nice so far!!

 

thx


  • 0

#15
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

Glad to hear that your machine is working better.

 

My area of expertise is malware removal, so to resolve your networking issues it's probably best if we close this topic, and you open a new one in the Networking Forum ... http://www.geekstogo.../11-networking/

 

To uninstall FRST and remove all its files, please do the following ...

  • Rename FRST64.exe to Uninstall.exe
  • Double click on Uninstall.exe to launch it.
  • Your computer will reboot, and on reboot will remove FRST and all its files.



 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP