Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Determine how access was achieved by "hacker" Is it poss

Started by awot , Jun 21 2020 12:52 AM

  • Please log in to reply

#1
awot
Posted 21 June 2020 - 12:52 AM

awot

    Member

  • Member
  • PipPip
  • 10 posts

 Is it possible to determine what type of attack has given control of a computer to the "hacker" by accessing the system log attached in the photo?

I was able to find the link below while researching and have been experienced issues with network adapters turning off/dissapearing, access to back ends of a website etc.

https://social.techn...dns-client.aspx

My computer is completely unsecured and moving forward that will change, however what I am trying to do here is isolate if the attack was from malware or purely through the internet connection/ip..


https://www.dropbox....ywb/1.jpeg?dl=0

This was done at approx 2am (my last logon to pc was around 7pm that evening)

If you'd prefer not to click,

Administrive events in Windows 10 says

DNS client events (1014)
Dnhcp-Client 1003 (address configuration)
Noob questions I know,

Also, DHCP administration tool (go to Start, Programs, Administrative Tools, and click DHCP).

Turning this option on seems to be missing from Windows admin tools..


 


Thanks ~

 

Edited by awot, 21 June 2020 - 12:54 AM.

  • 0

Advertisements

#2
RKinner
Posted 21 June 2020 - 07:58 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Can't tell from the overview page.  Would need the details.  Better to give us the FRST logs:

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Smart Screen, Windows Defender and Avast have all been blocking FRST recently.  It's a false positive so pause your antivirus when downloading or running FRST.  If you get a message saying Smart Screen has blocked it you can click on More Info and you will see an option to Run Anyway.


Also you might check the Windows Logs, Security for the time you got hacked to see if there is anything suspicious going on.  You will see a lot of System audits but these are normal.


 


  • 0

#3
awot
Posted 21 June 2020 - 12:07 PM

awot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey Rkinner,

 

Thanks for the response, pls see below

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2020
Ran by 61484 (administrator) on LAPTOP-3KUDP7J4 (Acer Swift SF314-41) (22-06-2020 04:02:43)
Running from C:\Users\61484\Downloads
Loaded Profiles: 61484
Platform: Windows 10 Home Version 1903 18362.900 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QALockHandler.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe
(Acer Incorporated) C:\Program Files\WindowsApps\AcerIncorporated.AcerCollectionS_1.0.3004.0_x64__48frkmn4z8aw4\DesktopApp\ACEStd.exe
(Acer Incorporated) C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3013.0_x64__48frkmn4z8aw4\DesktopApp\AcerRegistrationBackGroundTask.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͅ230.inf_amd64_133af2eb4ed743b0\B345921\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͅ230.inf_amd64_133af2eb4ed743b0\B345921\atiesrxx.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <4>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\100.3.400\QtWebEngineProcess.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\61484\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> ) C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\fodhelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.892_none_5efe5b5a590f76dc\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Slack Technologies Inc.) C:\Program Files\WindowsApps\91750D7E.Slack_4.6.0.0_x64__8she8kybcnzg4\app\Slack.exe <5>
(WhatsApp, Inc -> WhatsApp) C:\Users\61484\AppData\Local\WhatsApp\app-2.2023.2\WhatsApp.exe <6>
(Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Users\61484\AppData\Roaming\Zoom\bin\Zoom.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [876320 2019-05-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2020-02-20] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-02-20] (Corel Corporation -> WinZip Computing, S.L.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [108136 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7657984 2020-06-18] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [97509120 2020-01-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\MountPoints2: {2070ac1f-6f57-11ea-96f9-fccc44211f85} - "D:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Installer\chrmstp.exe [2020-06-17] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2020-05-09]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05D6D0B1-223B-4CC5-AC31-49C72B0052B2} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2019-07-03] (Acer Incorporated -> Acer Incorporated)
Task: {0678EBB8-AA11-4AB7-9A47-E6D9B3F6F54D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0A8DADBA-ADA5-4039-98A4-2D0AFA6DF21F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0FBA82B0-FD76-4F72-BDA4-105782CDEFAF} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2020-02-20] (Corel Corporation -> Corel Corporation)
Task: {10FE277B-5C08-452D-9B2E-3982C21B383A} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [64320 2019-07-11] (Acer Incorporated -> Acer)
Task: {1AED8DED-7B01-4CC5-8B7F-1F6B3648098E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-06-18] (Avast Software s.r.o. -> Avast Software)
Task: {28895C99-0C71-4D5E-934D-D243A86A8E78} - System32\Tasks\Quick Access Wi-Fi Power Switch => C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe [211248 2019-09-27] (Acer Incorporated -> Acer Incorporated)
Task: {2DF2F4B9-0932-4EEC-9730-5C1FD72499BE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {3014B319-36A9-4EFE-86DA-88586792B07A} - System32\Tasks\HPPSDrTelemetryWatch => C:\Program Files (x86)\HP\Diagnostics\TelemetryWatch\PSDrTelemetryWatch.exe [32808 2020-01-14] (HP Inc. -> )
Task: {3F60260C-3725-473F-86F1-FB103332A537} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-17] (Google LLC -> Google LLC)
Task: {47425521-AB0B-4787-AD01-671D9B3DF2F4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1861528 2020-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {480E40CB-379B-457D-B6F9-E29A5A203540} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2962736 2019-10-03] (Acer Incorporated -> )
Task: {5F346731-E40A-464A-83D1-7B9185ABB630} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2020-02-20] (Corel Corporation -> Corel Corporation)
Task: {6734CFAC-E9BC-4F28-B342-677C1608E5B3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [171368 2020-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {67AEBF79-C4CF-4E44-84BD-FF5B328FD193} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [152880 2016-09-20] (Acer Incorporated -> )
Task: {7A026287-139C-46D5-BB8A-2829A70404F1} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [3314272 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
Task: {7E7FAF71-A05F-437C-9AA6-BAD5B04C5035} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41776 2019-10-03] (Acer Incorporated -> )
Task: {80FA830D-2402-4DEC-8B48-E9875FF6ACB9} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4828464 2019-10-03] (Acer Incorporated -> )
Task: {8330B624-0449-48DF-ADB4-2AD83486243F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-17] (Google LLC -> Google LLC)
Task: {9456ACAB-EFDB-4314-AE11-3344218BA778} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [171368 2020-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C8CF622-EB48-46F3-AB69-51F37391A1ED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058928 2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {BBBBF395-D110-4CCA-BE13-FA950E26B8F9} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2020-02-20] (Corel Corporation -> Corel Corporation)
Task: {D593614A-1CB5-499F-B151-6C18D5CC4C09} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2770736 2019-09-27] (Acer Incorporated -> Acer Incorporated)
Task: {D8D58D16-B8C4-42C0-B9BD-AB2F5075D35E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23756168 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA3F480C-AA89-423D-B4CF-2BD7FD8444AB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23756168 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4A5AEE7-F833-4809-BB68-91258D63C21C} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [447280 2019-09-27] (Acer Incorporated -> Acer Incorporated)
Task: {E9C569F4-6277-43C6-9039-AA301D25A942} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211136 2019-01-09] (Acer Incorporated -> Acer Incorporated)
Task: {F0EA6A75-CC99-4744-A2D6-D2A0B0C54619} - System32\Tasks\Oem\wlanBrokerTask => C:\Program Files (x86)\Acer\ExpressVPN\wlanBroker.exe [17688 2019-11-16] (Acer Incorporated -> )
Task: {F7AD0145-863F-4302-B705-85367D5BD29E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058928 2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {F869B9E5-DF80-445D-9BE5-E54C5B2D0865} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [268096 2019-01-09] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 cryptomator-vault
Tcpip\Parameters: [DhcpNameServer] 172.27.0.1
Tcpip\..\Interfaces\{494fe5dd-def5-44a4-a706-d270e8f1474b}: [DhcpNameServer] 172.27.0.1
Tcpip\..\Interfaces\{a9164378-e6fc-4199-ba5f-eb7523d85f44}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-288082975-2520583026-2654835971-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-288082975-2520583026-2654835971-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-288082975-2520583026-2654835971-1001 -> DefaultScope {1B30AB27-6AF7-4072-B46C-A83398F56DF2} URL =
SearchScopes: HKU\S-1-5-21-288082975-2520583026-2654835971-1001 -> {1B30AB27-6AF7-4072-B46C-A83398F56DF2} URL =
SearchScopes: HKU\S-1-5-21-288082975-2520583026-2654835971-1001 -> {FC6328D0-D19E-44FB-8E1D-AE5C2C404FED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2020-06-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0zj04ic3.default
FF ProfilePath: C:\Users\61484\AppData\Roaming\Mozilla\Firefox\Profiles\0zj04ic3.default [2020-05-08]
FF ProfilePath: C:\Users\61484\AppData\Roaming\Mozilla\Firefox\Profiles\4ci86crr.default-release [2020-06-22]
FF Notifications: Mozilla\Firefox\Profiles\4ci86crr.default-release -> hxxps://synup.bluejeans.com; hxxps://app.hubspot.com; hxxps://app.slack.com
FF Extension: (Grammarly for Firefox) - C:\Users\61484\AppData\Roaming\Mozilla\Firefox\Profiles\4ci86crr.default-release\Extensions\[email protected] [2020-06-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-288082975-2520583026-2654835971-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\61484\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-13] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default [2020-06-21]
CHR Notifications: Default -> hxxps://au.godaddy.com; hxxps://meet.google.com; hxxps://neilpatel.com; hxxps://web.skype.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR Extension: (Slides) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-17]
CHR Extension: (Docs) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-17]
CHR Extension: (Google Drive) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-03-17]
CHR Extension: (YouTube) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-17]
CHR Extension: (MozBar) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2020-05-18]
CHR Extension: (Sheets) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-17]
CHR Extension: (Google Docs Offline) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-20]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-06-20]
CHR Extension: (Grammarly for Chrome) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-17]
CHR Extension: (Gmail) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [300336 2019-10-03] (Acer Incorporated -> Acer Incorporated)
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepositoryͅ230.inf_amd64_133af2eb4ed743b0\B345921\atiesrxx.exe [508008 2019-08-22] (Advanced Micro Devices, Inc. -> AMD)
S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [6392728 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\Windows\System32\drivers\AdminService.exe [386976 2019-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [348968 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [58048 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10634632 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-17] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-17] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44552 2020-06-18] (Dropbox, Inc -> Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-18] (Malwarebytes Inc -> Malwarebytes)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [465712 2019-09-27] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [523568 2019-09-27] (Acer Incorporated -> Acer Incorporated)
R2 QcomWlanSrv; C:\Windows\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-15] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
S3 ss_conn_launcher_service; C:\Windows\system32\Samsung\EasySetup\ss_conn_launcher.exe [182120 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [305984 2019-01-10] (Acer Incorporated -> Acer Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.8-0\NisSrv.exe [2496152 2020-06-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.8-0\MsMpEng.exe [104192 2020-06-18] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\Windows\System32\drivers\AcerAirplaneModeController.sys [29912 2019-05-03] (Acer Incorporated -> Acer Incorporated)
R3 amdacpbus; C:\Windows\System32\drivers\amdacpbus.sys [1380472 2019-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdacpksl; C:\Windows\system32\drivers\amdacpksl.sys [352048 2019-05-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [45536 2019-05-20] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\Windows\System32\drivers\amdi2c.sys [61728 2019-04-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepositoryͅ230.inf_amd64_133af2eb4ed743b0\B345921\atikmdag.sys [53498984 2019-08-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepositoryͅ230.inf_amd64_133af2eb4ed743b0\B345921\atikmpag.sys [593000 2019-08-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [138064 2019-06-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205896 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [235088 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [178768 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60496 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [16304 2020-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42784 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175208 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [506152 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [462592 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216824 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [322256 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 BtFilter; C:\Windows\System32\drivers\btfilter.sys [82712 2019-09-22] (Qualcomm Atheros -> Qualcomm)
R3 dbx; C:\Windows\System32\DRIVERS\dbx.sys [47600 2020-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [136040 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [131080 2019-07-24] (D3L -> Dokan Project)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-06-19] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-18] (Malwarebytes Inc -> Malwarebytes)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2372072 2019-03-15] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [43368 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\Windows\System32\drivers\SynRMIHID.sys [57384 2018-08-06] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45960 2020-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [408800 2020-06-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-18] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-22 04:02 - 2020-06-22 04:03 - 000030407 _____ C:\Users\61484\Downloads\FRST.txt
2020-06-22 04:02 - 2020-06-22 04:03 - 000000000 ____D C:\FRST
2020-06-22 04:01 - 2020-06-22 04:01 - 002290176 _____ (Farbar) C:\Users\61484\Downloads\FRST64.exe
2020-06-21 15:30 - 2020-06-21 15:30 - 000000000 ____D C:\Users\61484\Desktop\test
2020-06-21 15:15 - 2020-06-21 15:15 - 000000000 ____D C:\Program Files\Dokan
2020-06-21 15:15 - 2019-07-24 08:57 - 000131080 _____ (Dokan Project) C:\Windows\system32\Drivers\dokan1.sys
2020-06-21 15:14 - 2020-06-21 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptomator
2020-06-21 15:14 - 2020-06-21 15:14 - 000000000 ____D C:\Program Files\Cryptomator
2020-06-21 15:07 - 2020-06-21 15:09 - 063035528 _____ (cryptomator.org ) C:\Users\61484\Downloads\Cryptomator-1.5.5-x64.exe
2020-06-21 07:04 - 2020-06-21 10:47 - 000000000 ____D C:\Users\61484\Desktop\Security
2020-06-21 07:03 - 2020-06-21 07:03 - 001554747 _____ C:\Users\61484\Downloads\debotnet.zip
2020-06-20 10:26 - 2020-06-20 15:05 - 000000000 ____D C:\Users\61484\AppData\Local\CrashDumps
2020-06-20 08:22 - 2020-06-20 08:22 - 000000000 ____D C:\Users\61484\.MCTranscodingSDK
2020-06-20 08:20 - 2020-06-20 08:23 - 000000000 ____D C:\Users\Public\Documents\Lightworks
2020-06-20 08:20 - 2020-06-20 08:23 - 000000000 ____D C:\ProgramData\Documents\Lightworks
2020-06-20 08:20 - 2020-06-20 08:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2020-06-20 08:20 - 2020-06-20 08:20 - 000000000 ____D C:\ProgramData\Geevs
2020-06-20 08:19 - 2020-06-20 08:20 - 000000000 ____D C:\Program Files\Lightworks
2020-06-20 08:11 - 2020-06-20 08:14 - 077590720 _____ (EditShare) C:\Users\61484\Downloads\lightworks_2020.1_r122068_64bit_setup.exe
2020-06-19 17:14 - 2020-06-21 11:45 - 000000000 ____D C:\Users\61484\Desktop\Cards
2020-06-19 05:29 - 2020-06-19 05:29 - 000002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-06-19 05:25 - 2020-06-19 05:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-06-19 05:11 - 2020-06-19 05:11 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-06-18 21:47 - 2020-06-18 21:47 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2020-06-18 21:47 - 2020-06-18 21:47 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2020-06-18 21:47 - 2020-06-18 21:47 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2020-06-18 21:47 - 2020-06-18 21:47 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx.sys
2020-06-18 21:47 - 2020-06-18 21:47 - 000044552 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2020-06-18 12:40 - 2020-06-18 12:40 - 000002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-06-18 12:40 - 2020-06-18 12:40 - 000002112 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-06-18 12:40 - 2020-06-18 12:40 - 000002112 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-06-18 12:40 - 2020-06-18 12:40 - 000000000 ____D C:\Users\61484\AppData\Roaming\Avast Software
2020-06-18 12:40 - 2020-06-18 12:40 - 000000000 ____D C:\Users\61484\AppData\Local\CEF
2020-06-18 12:35 - 2020-06-22 03:54 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-06-18 12:35 - 2020-06-21 06:11 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-06-18 12:35 - 2020-06-18 12:35 - 000462592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-06-18 12:35 - 2020-06-18 12:35 - 000322256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-06-18 12:35 - 2020-06-18 12:35 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2020-06-18 12:35 - 2020-06-18 12:34 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000506152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000335976 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-06-18 12:35 - 2020-06-18 12:34 - 000235088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000216824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000205896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000178768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000175208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000060496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000042784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000037152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000016304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2020-06-18 12:28 - 2020-06-18 12:28 - 000000000 ____D C:\Program Files\Avast Software
2020-06-18 12:23 - 2020-06-18 12:23 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-06-18 12:23 - 2020-06-18 12:23 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-06-18 12:23 - 2020-06-18 12:23 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-06-18 12:23 - 2020-06-18 12:23 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-18 12:23 - 2020-06-18 12:23 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-18 12:23 - 2020-06-18 12:23 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-18 12:23 - 2020-06-18 12:23 - 000000000 ____D C:\Users\61484\AppData\Local\mbam
2020-06-18 12:23 - 2020-06-18 12:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-18 12:22 - 2020-06-19 10:44 - 000000000 ____D C:\ProgramData\Avast Software
2020-06-18 12:22 - 2020-06-18 12:22 - 000231144 _____ (AVAST Software) C:\Users\61484\Downloads\avast_free_antivirus_setup_online.exe
2020-06-18 12:21 - 2020-06-18 12:21 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-18 12:21 - 2020-06-18 12:21 - 000000000 ____D C:\Malwarebytes
2020-06-18 12:20 - 2020-06-18 12:20 - 001988280 _____ (Malwarebytes) C:\Users\61484\Downloads\MBSetup.exe
2020-06-18 08:05 - 2020-06-18 08:05 - 000085203 _____ C:\Users\61484\Downloads\brighttalk-viewing-certificate-defending-your-remote-workforce-tips-to-keep-devices-secure-anywhere-anytime.pdf
2020-06-15 19:29 - 2020-06-15 19:29 - 000595323 _____ C:\Users\61484\Downloads\Analyst_Report___MOOR___Crafting_a_Comprehensive_Approach_to_Cybersecurity.PDF
2020-06-13 11:00 - 2020-06-13 11:00 - 002691204 _____ C:\Users\61484\Downloads\Adel Shahnazaeyan.zip
2020-06-13 10:58 - 2020-06-13 10:58 - 002693375 _____ C:\Users\61484\Downloads\Adel Shahnazryan.zip
2020-06-13 09:54 - 2020-06-13 09:55 - 000000000 ___HD C:\$WINDOWS.~BT
2020-06-10 18:36 - 2020-06-10 18:36 - 025444352 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 019851776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 019812864 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 018029056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 011608064 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 009712640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 007012864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 006292480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 005909504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 004129416 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 003822592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 003525608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 003515392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-06-10 18:36 - 2020-06-10 18:36 - 002494744 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 002230240 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 002204160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 001704448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 001610240 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 001539072 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2020-06-10 18:36 - 2020-06-10 18:36 - 001467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 001410048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2020-06-10 18:36 - 2020-06-10 18:36 - 001344512 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 001272160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 001151824 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 001112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMNetMgr.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 001099608 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 001012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000940544 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000920064 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2fs.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapi3.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000843776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000747832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapi.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000668672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000651264 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000588800 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2020-06-10 18:36 - 2020-06-10 18:36 - 000571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiaaut.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000567808 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2020-06-10 18:36 - 2020-06-10 18:36 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000549376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000526336 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000516544 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000500224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2020-06-10 18:36 - 2020-06-10 18:36 - 000484864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000478208 _____ (Microsoft® Windows® Operating System) C:\Windows\SysWOW64\wvc.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000466944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Picker.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000430592 _____ (Microsoft Corporation) C:\Windows\system32\WalletService.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000422400 _____ (Microsoft Corporation) C:\Windows\system32\mswmdm.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000420352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000361472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\termmgr.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassdo.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000349184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswmdm.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Feedback.Analog.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000338944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Picker.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000323584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WlanMM.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000248320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wavemsp.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000219136 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2020-06-10 18:36 - 2020-06-10 18:36 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\wmidx.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000166912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmidx.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000114688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakrathunk.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wkspbrokerAx.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000083600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2020-06-10 18:36 - 2020-06-10 18:36 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iemigplugin.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\BdeUISrv.exe
2020-06-10 18:36 - 2020-06-10 18:36 - 000028368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SecurityCenterBrokerPS.dll
2020-06-10 18:36 - 2020-06-10 18:36 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 025902080 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 009931576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 008015360 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 007911176 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 007760384 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 007604592 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 007268864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 007266080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 006526448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 006435840 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 006091048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 006066808 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 005765144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 005283264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 005195432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 005111808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 005004344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 004610560 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 004565248 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 004012032 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Service.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 003726848 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-06-10 18:35 - 2020-06-10 18:35 - 003712000 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 003581240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2020-06-10 18:35 - 2020-06-10 18:35 - 003398656 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 003368104 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 003187200 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 002831872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 002798592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-06-10 18:35 - 2020-06-10 18:35 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-06-10 18:35 - 2020-06-10 18:35 - 002716672 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-06-10 18:35 - 2020-06-10 18:35 - 002656256 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 002583496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 002289664 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 002281472 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 002235520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 002184504 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001942528 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001919488 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001803776 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 001751040 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001743680 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001697792 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001683968 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001657856 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001654960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001649152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001637888 _____ (Microsoft Corporation) C:\Windows\system32\TaskFlowDataEngine.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001637888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001583104 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001486336 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 001466368 _____ (Microsoft Corporation) C:\Windows\system32\rdpsharercom.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001458688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001447424 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 001416224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001397560 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 001393952 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001348096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001319936 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001284608 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001283072 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001274128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryPS.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001261568 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001260744 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpsharercom.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001215488 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 001193984 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001180672 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001155944 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 001153024 _____ (Microsoft Corporation) C:\Windows\system32\windowsperformancerecordercontrol.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001138688 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001100288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001077048 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 001073664 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001066496 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001055184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001007104 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 001003832 _____ (Microsoft Corporation) C:\Windows\system32\DismApi.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000994304 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000992256 _____ (Microsoft Corporation) C:\Windows\system32\imapi2fs.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000982016 _____ (Microsoft Corporation) C:\Windows\system32\tapi3.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000971264 _____ (Microsoft Corporation) C:\Windows\system32\dsregcmd.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000932256 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000931840 _____ (Microsoft Corporation) C:\Windows\system32\InkObjCore.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000929280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000899584 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnostics.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000897536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000894024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000893952 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000892048 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000881664 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000874296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2020-06-10 18:35 - 2020-06-10 18:35 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windowsperformancerecordercontrol.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000826368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Import.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000797464 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000784896 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000783496 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000782336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000777216 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000776192 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000765440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000760296 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000740664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DismApi.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000736768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Launcher.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000727040 _____ (Microsoft Corporation) C:\Windows\system32\agentactivationruntime.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000722072 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000716320 _____ (Microsoft Corporation) C:\Windows\system32\StateRepository.Core.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000716288 _____ (Microsoft Corporation) C:\Windows\system32\agentactivationruntimewindows.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000705536 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BTAGService.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000696832 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000692224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkObjCore.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000684856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000674304 _____ (Microsoft Corporation) C:\Windows\system32\wiaaut.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\configmanager2.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000651776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000650752 _____ (Microsoft Corporation) C:\Windows\system32\DevicesFlowBroker.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000648192 _____ (Microsoft Corporation) C:\Windows\system32\cdpsvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000640000 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000632320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000628408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000619008 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000614400 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000596992 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000593424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000575488 _____ (Microsoft® Windows® Operating System) C:\Windows\system32\wvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000574464 _____ (Microsoft Corporation) C:\Windows\system32\msTextPrediction.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000572200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000569856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Import.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StateRepository.Core.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000561464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2020-06-10 18:35 - 2020-06-10 18:35 - 000557056 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-06-10 18:35 - 2020-06-10 18:35 - 000548984 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000544256 _____ (Microsoft Corporation) C:\Windows\system32\usosvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000533504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000531768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2020-06-10 18:35 - 2020-06-10 18:35 - 000529920 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000529920 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000522240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Launcher.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000518456 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000513536 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000508720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000508216 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000490496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.FileExplorer.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\SharedRealitySvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000472064 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000470016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000467952 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000462848 _____ (Microsoft Corporation) C:\Windows\system32\iassdo.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000461112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000457216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000457216 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000453944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000451864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000441152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2020-06-10 18:35 - 2020-06-10 18:35 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000430592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000427008 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000426496 _____ (Microsoft Corporation) C:\Windows\system32\termmgr.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000425056 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000423424 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000407864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000405936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000398336 _____ (Microsoft Corporation) C:\Windows\system32\WlanMM.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000398336 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000396800 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000394752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Preview.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000391680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000384512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000384000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000380728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000368640 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManager.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000357176 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthAgent.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\wpr.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000325120 _____ (Microsoft Corporation) C:\Windows\system32\rdpviewerax.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2020-06-10 18:35 - 2020-06-10 18:35 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000312832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2020-06-10 18:35 - 2020-06-10 18:35 - 000307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\RASMM.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\CXHProvisioningServer.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\DeviceDirectoryClient.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000287232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.Preview.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000283136 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000280376 _____ (Microsoft Corporation) C:\Windows\system32\Dism.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpviewerax.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000264192 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000260096 _____ (Microsoft Corporation) C:\Windows\system32\wavemsp.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000259776 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2020-06-10 18:35 - 2020-06-10 18:35 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\FileHistory.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000247856 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000242688 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManagerClient.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000230912 _____ (Microsoft Corporation) C:\Windows\system32\RdpRelayTransport.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\psr.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000228352 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000224256 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000223544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000221496 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000218624 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000211256 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000209216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryUpgrade.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\NPSM.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000204008 _____ (Microsoft Corporation) C:\Windows\system32\SecurityCenterBroker.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000201528 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_SIUF.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000199992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000196096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000194560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psr.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000193592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\weretw.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\AarSvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000190048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000183808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000179512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2020-06-10 18:35 - 2020-06-10 18:35 - 000170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000165888 _____ (Microsoft Corporation) C:\Windows\system32\msaatext.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000165832 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000165296 _____ (Microsoft Corporation) C:\Windows\system32\dmcmnutils.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000165192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NPSM.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000150328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\Chakrathunk.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\imapi.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000132608 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000132424 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000130112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmcmnutils.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000129600 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\NetworkStatus.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000128312 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\wkspbrokerAx.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000127064 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\sdshext.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaatext.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000108856 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthProxyStub.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000105472 _____ (Microsoft Corporation) C:\Windows\system32\WorkFolders.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000104248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000099712 _____ (Microsoft Corporation) C:\Windows\system32\FsIso.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000096256 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000093448 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000090952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000089344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\WwanRadioManager.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2020-06-10 18:35 - 2020-06-10 18:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\RpcEpMap.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\WlanRadioManager.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\XboxGipRadioManager.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000065024 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollCtrl.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000063288 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthHost.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasads.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\NfcRadioMedia.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnosticsTool.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnrollCtrl.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryCore.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\npmproxy.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000041864 _____ (Microsoft Corporation) C:\Windows\system32\SecurityCenterBrokerPS.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WiFiConfigSP.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\nlmproxy.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\nlmsprep.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2020-06-10 18:35 - 2020-06-10 18:35 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\DMAlertListener.ProxyStub.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DMAlertListener.ProxyStub.dll
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2020-06-10 18:35 - 2020-06-10 18:35 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-06-10 18:31 - 2020-05-15 14:29 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-06-10 18:31 - 2020-05-15 14:10 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-06-06 04:30 - 2020-06-06 04:33 - 074471109 _____ C:\Users\61484\Downloads\Untitled Jun 5, 2020 10 24 PM.webm
2020-06-05 15:42 - 2020-06-05 15:42 - 000017043 _____ C:\Users\61484\Downloads\Scripy 1.odt
2020-06-04 12:37 - 2020-06-04 12:37 - 000000000 ____D C:\Program Files (x86)\Bluetooth Suite
2020-06-04 12:36 - 2020-06-04 12:37 - 058365082 _____ C:\Users\61484\Downloads\Bluetooth_Atheros_10.0.0.827_W10x64_A.zip
2020-06-04 11:41 - 2020-06-04 11:41 - 000000000 ___HD C:\$WinREAgent
2020-06-04 11:35 - 2020-06-21 13:47 - 000000000 ____D C:\ProgramData\SecTaskMan
2020-06-04 11:35 - 2020-06-04 11:35 - 003017632 _____ C:\Users\61484\Downloads\SecurityTaskManager_Setup.exe
2020-06-04 11:35 - 2020-06-04 11:35 - 000001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2020-06-04 11:35 - 2020-06-04 11:35 - 000001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2020-06-04 11:35 - 2020-06-04 11:35 - 000000000 ____D C:\Program Files (x86)\Security Task Manager
2020-06-04 11:26 - 2020-06-04 11:26 - 000000571 _____ C:\Users\61484\Downloads\DeviceDiagnostic.diagcab
2020-06-04 10:55 - 2020-06-04 10:55 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-06-04 07:49 - 2020-06-04 11:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-06-04 06:30 - 2020-06-20 12:15 - 000000000 ___RD C:\Users\61484\Desktop\Aram & Adel
2020-06-04 06:27 - 2020-06-04 06:27 - 003218976 _____ (Alexander Roshal) C:\Users\61484\Downloads\winrar-x64-590.exe
2020-06-04 06:27 - 2020-06-04 06:27 - 000000000 ____D C:\Users\61484\AppData\Roaming\WinRAR
2020-06-04 06:27 - 2020-06-04 06:27 - 000000000 ____D C:\Users\61484\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-04 06:27 - 2020-06-04 06:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-04 06:27 - 2020-06-04 06:27 - 000000000 ____D C:\Program Files\WinRAR
2020-06-04 06:08 - 2020-06-04 06:08 - 000795075 _____ C:\Users\61484\Downloads\Adel Shahnazaryan 2.zip
2020-06-04 06:08 - 2020-06-04 06:08 - 000086225 _____ C:\Users\61484\Downloads\Adel Shahnazaryan(1).zip
2020-06-03 16:37 - 2020-06-03 16:37 - 000000109 ____H C:\Users\61484\Desktop\.~lock.Week 1.docx#
2020-06-03 14:26 - 2020-06-03 14:26 - 000000000 ____D C:\Users\61484\AppData\Roaming\LibreOffice
2020-06-03 14:25 - 2020-06-03 14:25 - 000001181 _____ C:\Users\Public\Desktop\LibreOffice 6.4.lnk
2020-06-03 14:25 - 2020-06-03 14:25 - 000001181 _____ C:\ProgramData\Desktop\LibreOffice 6.4.lnk
2020-06-03 14:25 - 2020-06-03 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4
2020-06-03 14:24 - 2020-06-03 14:24 - 000000000 ____D C:\Program Files\LibreOffice
2020-06-03 14:12 - 2020-06-03 14:23 - 313282560 _____ C:\Users\61484\Downloads\LibreOffice_6.4.4_Win_x64.msi
2020-06-02 05:24 - 2020-06-02 05:24 - 002510856 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2020-05-30 09:15 - 2020-05-30 09:15 - 000000000 ____D C:\Program Files\UNP
2020-05-29 08:43 - 2020-05-29 08:47 - 000000000 ____D C:\Users\61484\AppData\Roaming\UnderPass
2020-05-29 08:43 - 2020-05-29 08:43 - 000002359 _____ C:\Users\61484\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnderPass.lnk
2020-05-29 08:43 - 2020-05-29 08:43 - 000000000 ____D C:\Users\61484\AppData\Local\underpass-updater
2020-05-29 08:41 - 2020-05-29 08:41 - 052235712 _____ (LambdaTest) C:\Users\61484\Downloads\UnderPass Setup.exe
2020-05-28 13:44 - 2020-05-29 08:42 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2020-05-27 09:11 - 2020-05-27 09:11 - 000237251 _____ C:\Users\61484\Downloads\10882129.html
2020-05-26 10:35 - 2020-06-22 03:56 - 000000000 ____D C:\Users\61484\AppData\Roaming\WhatsApp
2020-05-26 10:35 - 2020-06-06 13:33 - 000000000 ____D C:\Users\61484\AppData\Local\WhatsApp
2020-05-26 10:35 - 2020-05-26 10:35 - 000002201 _____ C:\Users\61484\Desktop\WhatsApp.lnk
2020-05-26 10:35 - 2020-05-26 10:35 - 000000000 ____D C:\Users\61484\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2020-05-26 10:32 - 2020-05-26 10:35 - 143976368 _____ (WhatsApp) C:\Users\61484\Downloads\WhatsAppSetup.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-22 03:57 - 2020-03-17 10:55 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{3066EA64-DBB0-4D34-B810-61FE8D35E073}
2020-06-22 03:52 - 2019-03-19 14:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-21 16:49 - 2020-03-17 10:20 - 000000000 ___RD C:\Users\61484\OneDrive
2020-06-21 15:15 - 2020-01-09 18:35 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-21 14:58 - 2020-03-17 10:26 - 000000000 ___RD C:\Users\61484\Dropbox
2020-06-21 13:12 - 2020-01-09 18:14 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-06-21 06:11 - 2020-05-09 12:10 - 000002696 _____ C:\Windows\system32\Tasks\WinZip Update Notifier 2
2020-06-21 06:11 - 2020-05-09 12:10 - 000002694 _____ C:\Windows\system32\Tasks\WinZip Update Notifier 3
2020-06-21 06:11 - 2020-05-09 12:10 - 000002694 _____ C:\Windows\system32\Tasks\WinZip Update Notifier 1
2020-06-21 06:11 - 2020-04-21 11:30 - 000002848 _____ C:\Windows\system32\Tasks\HPPSDrTelemetryWatch
2020-06-21 06:11 - 2020-03-17 10:24 - 000003452 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineUA
2020-06-21 06:11 - 2020-03-17 10:24 - 000003228 _____ C:\Windows\system32\Tasks\DropboxUpdateTaskMachineCore
2020-06-21 06:11 - 2020-03-17 10:24 - 000000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2020-06-21 06:11 - 2020-03-17 10:24 - 000000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2020-06-21 06:11 - 2020-03-17 10:21 - 000003348 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-06-21 06:11 - 2020-03-17 10:21 - 000003124 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-06-21 06:11 - 2020-03-17 10:20 - 000002858 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-288082975-2520583026-2654835971-1001
2020-06-21 06:11 - 2020-03-17 07:03 - 000003692 _____ C:\Windows\system32\Tasks\AcerCMUpdateTask2.1.16258
2020-06-21 06:11 - 2020-01-09 18:56 - 000002712 _____ C:\Windows\system32\Tasks\UEIPInvitation
2020-06-21 06:11 - 2020-01-09 18:56 - 000002362 _____ C:\Windows\system32\Tasks\Quick Access Wi-Fi Power Switch
2020-06-21 06:11 - 2020-01-09 18:56 - 000002296 _____ C:\Windows\system32\Tasks\Power Button
2020-06-21 06:11 - 2020-01-09 18:56 - 000002222 _____ C:\Windows\system32\Tasks\Quick Access
2020-06-21 06:11 - 2020-01-09 18:51 - 000004302 _____ C:\Windows\system32\Tasks\Software Update Application
2020-06-21 06:11 - 2020-01-09 18:51 - 000003852 _____ C:\Windows\system32\Tasks\ACCAgent
2020-06-21 06:11 - 2020-01-09 18:51 - 000002730 _____ C:\Windows\system32\Tasks\ACC
2020-06-21 06:11 - 2020-01-09 18:51 - 000002328 _____ C:\Windows\system32\Tasks\ACCBackgroundApplication
2020-06-21 06:11 - 2020-01-09 18:22 - 000002852 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-288082975-2520583026-2654835971-500
2020-06-21 05:49 - 2019-03-19 14:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-21 05:49 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\AppReadiness
2020-06-20 15:09 - 2020-03-17 10:28 - 000000000 ____D C:\Users\61484\Documents\Zoom
2020-06-20 12:49 - 2020-03-17 10:18 - 000000000 ____D C:\Users\61484\AppData\Local\D3DSCache
2020-06-20 12:14 - 2020-03-17 10:20 - 000000000 ____D C:\Users\61484\AppData\Local\PlaceholderTileLogoFolder
2020-06-20 11:17 - 2020-04-24 06:27 - 000000000 ____D C:\Users\61484\Desktop\Other
2020-06-20 09:06 - 2020-03-17 10:18 - 000000000 ____D C:\Users\61484\AppData\Local\Packages
2020-06-20 08:22 - 2020-03-17 10:11 - 000000000 ____D C:\Users\61484
2020-06-20 06:02 - 2020-01-09 18:58 - 000000000 ____D C:\Program Files\Microsoft Office
2020-06-19 05:29 - 2019-03-19 14:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-06-19 05:26 - 2020-03-17 10:24 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-06-19 05:19 - 2020-01-09 18:26 - 000864176 _____ C:\Windows\system32\PerfStringBackup.INI
2020-06-19 05:19 - 2019-03-19 14:50 - 000000000 ____D C:\Windows\INF
2020-06-19 05:13 - 2020-03-29 10:21 - 000000000 ____D C:\Users\61484\AppData\LocalLow\Mozilla
2020-06-19 05:13 - 2020-03-23 08:47 - 000000000 ____D C:\Users\61484\AppData\Local\SquirrelTemp
2020-06-19 05:11 - 2020-01-09 18:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-06-19 05:11 - 2019-03-19 14:37 - 000786432 _____ C:\Windows\system32\config\BBI
2020-06-18 12:35 - 2019-03-19 14:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-06-18 09:50 - 2020-01-09 18:14 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-06-17 07:39 - 2020-03-17 10:21 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-17 07:39 - 2020-03-17 10:21 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-17 07:39 - 2020-03-17 10:21 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-16 16:57 - 2020-03-19 12:17 - 000000000 ____D C:\Users\61484\AppData\Local\ElevatedDiagnostics
2020-06-13 09:56 - 2020-01-10 13:14 - 000000000 ____D C:\Windows\Panther
2020-06-11 19:22 - 2020-03-17 10:23 - 000000000 ____D C:\Users\61484\AppData\Local\OEM
2020-06-10 20:44 - 2020-03-17 10:18 - 000000000 ___RD C:\Users\61484\3D Objects
2020-06-10 20:44 - 2020-01-09 18:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-06-10 20:43 - 2020-01-09 18:14 - 000634320 _____ C:\Windows\system32\FNTCACHE.DAT
2020-06-10 20:43 - 2019-03-19 16:20 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-06-10 20:43 - 2019-03-19 16:20 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ___SD C:\Windows\SysWOW64\F12
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ___SD C:\Windows\system32\F12
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\SysWOW64\Com
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\SystemResources
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\system32\oobe
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\system32\Dism
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\system32\Com
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-06-10 20:43 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\bcastdvr
2020-06-10 18:38 - 2019-03-19 14:37 - 000000000 ____D C:\Windows\CbsTemp
2020-06-10 18:35 - 2020-01-09 18:16 - 002876416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-06-09 15:57 - 2020-04-13 13:11 - 000000000 ___RD C:\Users\61484\Desktop\The Digital Age
2020-06-06 13:24 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\LiveKernelReports
2020-06-06 07:03 - 2020-03-17 19:05 - 000835480 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-06-06 07:03 - 2020-03-17 19:05 - 000179608 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-04 11:42 - 2020-03-17 10:18 - 000000000 ____D C:\Users\61484\AppData\Local\ConnectedDevicesPlatform
2020-06-04 11:18 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\system32\NDF
2020-06-04 11:03 - 2020-01-09 18:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-04 10:55 - 2020-01-09 18:56 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-03 14:26 - 2020-03-17 10:18 - 000000000 ____D C:\Users\61484\AppData\Local\AMD
2020-06-02 06:08 - 2020-04-26 11:24 - 000001602 _____ C:\Users\61484\Desktop\Skype.lnk
2020-05-29 10:49 - 2020-01-09 19:03 - 000000000 ____D C:\ProgramData\Norton
2020-05-29 08:42 - 2019-03-19 14:37 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-05-28 22:14 - 2020-03-17 10:11 - 000002367 _____ C:\Users\61484\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2020
Ran by 61484 (22-06-2020 04:04:04)
Running from C:\Users\61484\Downloads
Windows 10 Home Version 1903 18362.900 (X64) (2020-03-16 21:03:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

61484 (S-1-5-21-288082975-2520583026-2654835971-1001 - Administrator - Enabled) => C:\Users\61484
Administrator (S-1-5-21-288082975-2520583026-2654835971-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-288082975-2520583026-2654835971-503 - Limited - Disabled)
Guest (S-1-5-21-288082975-2520583026-2654835971-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-288082975-2520583026-2654835971-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Ultra (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Norton Security Ultra (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{4335EAF1-21F1-43D3-8F6F-D7E481E6959A}) (Version: 3.3.19180.60 - Acer)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.26.07 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.4.2410 - Avast Software)
Branding64 (HKLM\...\{FFF5E5C1-7884-49BE-BB04-36B99C1522E6}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3012 - Acer Incorporated)
Cryptomator (HKLM\...\Cryptomator_is1) (Version: 1.5.5 - cryptomator.org)
DMG Extractor (HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\DMG Extractor) (Version: 1.3.16.0 - Reincubate Ltd)
Dokan Library 1.3.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0103-0000-190724141005}) (Version: 1.3.0.1000 - Dokany Project)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Dropbox (HKLM-x32\...\Dropbox) (Version: 100.3.400 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.335.1 - Dropbox, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{878F6EB4-73BF-4A1E-9A92-6DDF9EDC8A8B}) (Version: 2.2.19322.0 - Acer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.106 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
LibreOffice 6.4.4.2 (HKLM\...\{F00C391B-6092-40E7-9ECD-144933865571}) (Version: 6.4.4.2 - The Document Foundation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.6.0.0 - EditShare)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft 365 for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.12827.20336 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\OneDriveSetup.exe) (Version: 20.064.0329.0008 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Mozilla Firefox 77.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 77.0.1 (x64 en-US)) (Version: 77.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{60499BF0-C3D1-40CC-8600-8A7246534466}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.827 - Qualcomm Atheros)
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3009 - Acer Incorporated)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8699.1 - Realtek Semiconductor Corp.)
Security Task Manager 2.3e (HKLM-x32\...\Security Task Manager) (Version: 2.3e - Neuber Software)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.362 - Microsoft Corporation)
UnderPass 1.5.3032 (HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\094dd894-15e5-5ca9-998a-7d5ce02d7759) (Version: 1.5.3032 - LambdaTest)
User Experience Improvement Program Service (HKLM\...\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}) (Version: 4.00.3106 - Acer Incorporated)
WebHarvy (HKLM-x32\...\{B75A82EC-BDA7-4746-A9AF-E24301AFA403}) (Version: 6.0.1.173 - SysNucleus)
WhatsApp (HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\WhatsApp) (Version: 2.2023.2 - WhatsApp)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
WinZip 24.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24127}) (Version: 24.0.14033 - Corel Corporation)
Zoom (HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
Acer Collection S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollectionS_1.0.3004.0_x64__48frkmn4z8aw4 [2020-01-09] (Acer Incorporated)
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3013.0_x64__48frkmn4z8aw4 [2020-03-17] (Acer Incorporated)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3012.0_x64__48frkmn4z8aw4 [2020-03-18] (Acer Incorporated)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.24.8919.0_x86__q4d96b2w5wcc2 [2020-03-25] (Evernote)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.39.5.0_x86__kgqvnymyfvs32 [2020-06-12] (king.com)
GoTrust ID -> C:\Program Files\WindowsApps\GOTrustTechnologyInc.GO-TrustAuthenticator_3.1.12.0_x64__0r04f53sqacg6 [2020-03-17] (GoTrustID Inc.)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.7.28.0_x64__kx24dqmazqk8j [2020-06-04] (Random Salad Games LLC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-29] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa [2020-05-24] (Apple Inc.) [Startup Task]
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2020-03-17] (LinkedIn)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2020-03-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2020-03-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-17] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.41.21603.0_x64__8wekyb3d8bbwe [2020-06-17] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-03] (Microsoft Studios) [MS Ad]
Movie & Audio Studio -> C:\Program Files\WindowsApps\MAGIXSoftwareGmbH.MovieAudioStudio_1.1.4.0_x64__awcgk3qbzve1y [2020-01-09] (MAGIX Software GmbH)
Movie Maker 10 - FREE -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_2.9.73.0_x64__bzg06mxvgh4fa [2020-06-21] (V3TApps)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-13] (Netflix, Inc.)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2020-01-09] (CYBERLINK COM CORP)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-06-20] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2020-01-09] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3009.0_x64__48frkmn4z8aw4 [2020-01-09] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.179.0_x64__dt26b99r8h8gj [2020-01-09] (Realtek Semiconductor Corp)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_5.8.35.0_x64__kx24dqmazqk8j [2020-05-24] (Random Salad Games LLC)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.19.82.0_x64__kx24dqmazqk8j [2020-06-12] (Random Salad Games LLC)
Slack -> C:\Program Files\WindowsApps\91750D7E.Slack_4.6.0.0_x64__8she8kybcnzg4 [2020-05-24] (Slack Technologies Inc.) [Startup Task]
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_5.2.24.0_x64__kx24dqmazqk8j [2020-01-09] (Random Salad Games LLC) [MS Ad]
User Experience Improvement Program -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgram_4.0.3106.0_x64__48frkmn4z8aw4 [2020-01-09] (Acer Incorporated)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-288082975-2520583026-2654835971-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-288082975-2520583026-2654835971-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\61484\Dropbox [2020-03-17 10:26]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-18] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-02-20] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-02-20] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-02-20] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\sharepoint.com -> hxxps://cubeau-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 14:49 - 2020-06-21 15:15 - 000000853 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 cryptomator-vault

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-288082975-2520583026-2654835971-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\61484\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\bg.png
DNS Servers: 172.27.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{13627862-33CB-4BCF-9910-89521631A884}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2935B238-09E9-4580-A701-9672AC5CDF37}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{151DE3EF-D064-4687-9FE4-A8B57CE2A4AC}] => (Allow) C:\Users\61484\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B9737E24-BD5A-41DE-9521-765A5DC75926}] => (Allow) C:\Users\61484\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8072F1D9-8B0F-470D-8C41-A9E8A464412D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6316D446-682E-41A7-A89D-EB4AFED828C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{01037163-E882-45C2-8B89-D6FEB15BD33A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4FBD8594-C8DF-4375-ABD3-C67B951F7577}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8617ED05-0C9B-4424-AE2C-990C4E5F217D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{70D48836-8C0F-4632-B785-F9273729E5C6}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS54FB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F2A10318-951A-4F06-BA0A-8B9C2DEA6EA7}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS54FB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{D561C1C7-7BD8-4FEA-93AC-4617AD03B116}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{41D9B0A9-635E-4CF6-838B-77B1A0BAD141}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1ABA3720-AFD0-4FAB-B027-67E4EE45E0C0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{825EF9D6-D59D-43B6-9C19-843FB5370F78}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DE4CE402-9169-4994-9F89-E8EA5984622E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{52F1E667-0BB4-4909-B7DD-3BCFF74E6A74}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{08ED83E2-7CB6-4B86-8181-87D15A399679}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2CD4A0CF-CE25-48E3-A7E4-5CB7E3B5AC2B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{99DF4A08-ED93-44F6-A9EC-FD9060A4C4E5}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{E58461C3-8916-483D-9880-6FD89590EF50}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{186008F7-66B2-4F7B-BA1A-E885F67F475E}C:\users\61484\appdata\local\programs\underpass\underpass.exe] => (Allow) C:\users\61484\appdata\local\programs\underpass\underpass.exe (LambdaTest) [File not signed]
FirewallRules: [UDP Query User{AD1511A4-B681-45CF-972E-05C5BC4D8B07}C:\users\61484\appdata\local\programs\underpass\underpass.exe] => (Allow) C:\users\61484\appdata\local\programs\underpass\underpass.exe (LambdaTest) [File not signed]
FirewallRules: [TCP Query User{2DD3B99F-F798-49EF-B8E2-3D8654CEC551}C:\users\61484\appdata\local\programs\underpass\resources\bin\lt.exe] => (Allow) C:\users\61484\appdata\local\programs\underpass\resources\bin\lt.exe (LambdaTest Inc. -> )
FirewallRules: [UDP Query User{EB457BC7-31BB-48F5-9607-5DC9A201ACC0}C:\users\61484\appdata\local\programs\underpass\resources\bin\lt.exe] => (Allow) C:\users\61484\appdata\local\programs\underpass\resources\bin\lt.exe (LambdaTest Inc. -> )
FirewallRules: [{4EF9B813-D538-45CF-BA51-8A876D4A7317}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS4191\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{EB83FDC2-A407-4CC0-A96C-0BB75FD54782}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS4191\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{7176F936-0579-4A19-9026-44F088D9D660}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS43A5\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{0AD39166-697A-483E-A958-6B862D49B427}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS43A5\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{DA980A75-E816-4FC9-91E8-308511BC5C8D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4F59DDDA-BBE7-4826-BE96-2EA25E68F349}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{737DD838-27C5-4759-990D-343957273338}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{A2000660-F18D-4E43-9EC7-76FC3527AE74}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{3E6FF007-4CDB-4C54-867E-0FF1D7F66A3C}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{A2DBDC09-30BA-4655-86D1-A5D5E15606CF}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [TCP Query User{90762944-A5FB-446A-BCA6-78517EE1DE41}C:\users\61484\desktop\test\dhcpsrv.exe] => (Allow) C:\users\61484\desktop\test\dhcpsrv.exe (Uwe A. Ruttkamp) [File not signed]
FirewallRules: [UDP Query User{53005B13-F4D6-4CBC-9D35-DEB32C0D4FB0}C:\users\61484\desktop\test\dhcpsrv.exe] => (Allow) C:\users\61484\desktop\test\dhcpsrv.exe (Uwe A. Ruttkamp) [File not signed]

==================== Restore Points =========================

10-06-2020 17:52:00 Scheduled Checkpoint
20-06-2020 11:00:56 Scheduled Checkpoint
21-06-2020 15:15:25 Installed Dokan Library 1.3.0.1000 (x64)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/21/2020 03:15:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (06/21/2020 03:14:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (06/20/2020 03:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACCStd.exe, version: 4.0.3012.0, time stamp: 0x5d9585cc
Faulting module name: KERNELBASE.dll, version: 10.0.18362.815, time stamp: 0xb89efff3
Exception code: 0xe0434352
Fault offset: 0x000000000003a799
Faulting process ID: 0x3a58
Faulting application start time: 0x01d645a4c01a8dab
Faulting application path: C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 46827288-af85-47a7-8b5a-6c20d542483e
Faulting package full name:
Faulting package-relative application ID:

Error: (06/20/2020 03:05:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ACCStd.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
   at System.ThrowHelper.ThrowInvalidOperationException(System.ExceptionResource)
   at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNextRare()
   at WiFiDevice.WiFiManager.GenerateDevices()
   at Acer.CareCenter.Diagnostic.ADSPlgSimpleCtl.AddDeviceList(DiagnosticPlugin.DeviceManager)
   at Acer.CareCenter.Diagnostic.ADSPlgSimpleCtl.InfoUpdate(System.Object, DiagnosticEvent.InformationUpdateEventArgs)
   at WiFiDevice.WiFiManager.NetworkChange_NetworkAddressChanged(System.Object, System.EventArgs)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.AddressChangedCallback(System.Object, Boolean)
   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

Error: (06/20/2020 10:26:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2020.19111.24110.0, time stamp: 0x5e7549b1
Faulting module name: SharedLibrary.dll, version: 2.2.27912.0, time stamp: 0x5d27c65c
Exception code: 0x80070057
Fault offset: 0x00000000007e36ae
Faulting process ID: 0x888
Faulting application start time: 0x01d64696435bc629
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27912.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
Report ID: 3dc66fd6-5d8b-43fc-a5c1-fb760c258ad7
Faulting package full name: Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (06/20/2020 10:02:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2020.19111.24110.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: c2c

Start Time: 01d6468da35d1a72

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 0f14e2e9-7c24-4d94-adb3-70f8a083d08a

Faulting package full name: Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (06/20/2020 08:58:21 AM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) The handle is invalid.

Error: (06/20/2020 08:58:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Dropbox.exe version 100.3.400.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4960

Start Time: 01d6468c9df83c5e

Termination Time: 36

Application Path: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

Report Id: 86522574-88e0-4614-9ade-c14638a89771

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown


System errors:
=============
Error: (06/19/2020 05:11:09 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/10/2020 06:11:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:40:42 PM on ‎10/‎06/‎2020 was unexpected.

Error: (06/05/2020 07:07:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:58:32 AM on ‎5/‎06/‎2020 was unexpected.

Error: (06/04/2020 12:55:05 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/04/2020 12:47:09 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/04/2020 12:40:44 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/04/2020 12:32:38 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/04/2020 12:29:43 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.


Windows Defender:
===================================
Date: 2020-06-07 09:32:08.751
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5CE9949D-316D-449C-A930-1ADB5B3862BE}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-05-18 06:27:28.970
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {93D48183-1D1C-46DA-8CB6-ADF08F24AC6F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-05-18 06:27:26.710
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {94F78CE9-AE9B-4404-92D1-6303FE3BED5F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-05-17 19:38:23.918
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D73CF9A9-04D0-4286-9D41-D57F3F3505BB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-05-17 18:13:28.405
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2EE562EE-2466-4290-80E4-E62259D8676B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-13 09:59:43.378
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.317.1134.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17100.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-06-13 04:31:31.784
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.317.1134.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17100.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-06-13 02:34:31.756
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.317.1134.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17100.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-06-13 00:34:58.409
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.317.1134.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17100.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-06-06 16:28:56.217
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.317.657.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17100.2
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-06-22 04:01:56.934
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-06-22 03:56:51.284
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-06-22 03:56:51.273
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-06-22 03:56:51.262
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-06-22 03:56:51.254
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-06-22 03:56:51.232
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-06-21 17:38:36.143
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-06-21 17:38:36.141
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.04 10/17/2019
Motherboard: PK Strongbow_PK
Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
Percentage of memory in use: 93%
Total physical RAM: 6074.57 MB
Available physical RAM: 424.42 MB
Total Virtual: 21491.81 MB
Available Virtual: 3615.94 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:475.83 GB) (Free:247.1 GB) NTFS

\\?\Volume{a2a43932-f6ec-473e-a2f9-e1f983c45eca}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS
\\?\Volume{96a76796-30a8-4bf5-b482-11eb91a29adf}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: E08614CD)

Partition: GPT.

==================== End of Addition.txt =======================

 


  • 0

#4
awot
Posted 21 June 2020 - 12:09 PM

awot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

In relation to the windows logs - security, the last audit was on the 07/06, the whole log until that date says "Audit Success"

Thanks for your help man.
 


Edited by awot, 21 June 2020 - 12:26 PM.

  • 0

#5
RKinner
Posted 21 June 2020 - 01:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Event Viewer=>Windows Logs=>Security

 

Your DHCP events didn't show up in the Addition.txt file so can't tell why you got them.  Not normally how Malware gets on tho.  Usually it's something like downloading a "free" version of WinZip.  Both WinZip and WinRaR often come with malware.  Sometimes it's just adware but other times it's something ugly.

 

Why do you think you got hacked?  When do you think it happened?

 

FRST seems to think you are running two anti-viruses.  Norton and Avast. 

 

AV: Norton Security Ultra (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Norton Security Ultra (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

 

 

But I only see Avast and no sign of Norton so you probably need to get the Norton uninstaller:

https://liveupdate.s...de/RnR/NRnR.exe

Download, Save and Right click on the downloaded file then Run As Administrator.

 

It will probably want to reboot when done.  (Both Norton & McAfee are notoriously bad at uninstalling)

 

Avast won't run if it thinks there is another anti-virus.  It's currently disabled.

 

There is something wrong with your windows updates.  You haven't updated since version 1903 and most people are now at 1909 and we are slowly being updated to 2004.

 

First let's run a fix list which will check your system files.  May take up to 25 minutes so be patient:

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   496bytes   212 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

 

After it reboots see if you can get it to update by going to:

 

https://www.microsof...nload/windows10

 

Click on Update Now.  Download, Save and then right click on the file and Run As Admin.  Follow the instructions.  This should bring you up to 1909.

 

Then let's run MBAR.  It's the anti-rootkit version of MBAM and can find hidden stuff that we can't see with FRST:

 

https://www.malwareb...om/antirootkit/

 

Download, Save, right click and Run As Admin.  Then follow the instructions.  May take a while.

 

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 


  • 0

#6
RKinner
Posted 21 June 2020 - 01:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

i forgot to attach the fixlist so went back and did an edit on the post.


  • 0

#7
awot
Posted 21 June 2020 - 03:07 PM

awot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Link to fixlog, too many characters to post here firefox kept crashing.

 

https://www.dropbox....Fixlog.txt?dl=0

 

Moving forward with your other steps now


Edited by awot, 21 June 2020 - 03:19 PM.

  • 0

#8
awot
Posted 21 June 2020 - 03:27 PM

awot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

The reason why I believe the laptop has been compromised is for a few reasons,

 

1) Network adapters/drivers unusually switch off/disconnect and then re-connect hours later this began after the 2am access.

2) Information on a business website that I am the owner of has changed/permissions change.
3) Emails from my gmail have been deleted in real time whilst I'm in my google inbox..

Ive also had this occur on mobile, android samsung 10.

After doing a lot of research over the last few days I've made a list of security features I can add to secure the endpoint but I'd like to know they got access in the first place.. I do understand that having no real security in place makes this very easy and will not be complacent moving forward.

I'm considering wiping the entire laptop and applying the following

1. Add user accounts with non-admin permissions and only using this whilst working remotely

2. Using Cryptometer and Boxcryptor when uploading files/storing files

3. Installing bitdefender

4. installing malware bytes

5. Using Protonmail for my emails
6. Using a VPN

7. Using TOR (maybe)
8. Using Wire instead of Slack

9. Using Vera source/Veracrypt
10. Running any unkown applications in Sandboxie

11. Using Yubikey for access with google services, fb for business etc.

12. Using Spydish (maybe)

If I setup a local network I'll be using Fortinet in conjuction with these other solutions..

I also don't know what the best practice is for regaining control of any compromised emails/logins.

I should add this laptop is primarily used for business purposes.

Would it be best to go through the security questions in forgot password on a random computer that hasn't been compromised or would a Man in the middle attack let them see this in real-time too?

Still getting my head around all this

Windows is updating atm.

Thanks again.


Edited by awot, 21 June 2020 - 03:36 PM.

  • 0

#9
awot
Posted 21 June 2020 - 05:37 PM

awot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

First Result

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2020
Ran by 61484 (administrator) on LAPTOP-3KUDP7J4 (Acer Swift SF314-41) (22-06-2020 09:33:29)
Running from C:\Users\61484\Downloads
Loaded Profiles: 61484
Platform: Windows 10 Home Version 2004 19041.330 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QALockHandler.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͅ230.inf_amd64_133af2eb4ed743b0\B345921\atiesrxx.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Corel Corporation -> WinZip Computing) C:\Program Files\WinZip\WzPreloader.exe
(Corel Corporation -> WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <4>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\100.3.400\QtWebEngineProcess.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\61484\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12006.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Slack Technologies Inc.) C:\Program Files\WindowsApps\91750D7E.Slack_4.6.0.0_x64__8she8kybcnzg4\app\Slack.exe <5>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [876320 2019-05-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2020-02-20] (Corel Corporation -> Corel Corporation)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436704 2020-02-20] (Corel Corporation -> WinZip Computing, S.L.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [108136 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7657984 2020-06-18] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Installer\chrmstp.exe [2020-06-17] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2020-05-09]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05D6D0B1-223B-4CC5-AC31-49C72B0052B2} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2019-07-03] (Acer Incorporated -> Acer Incorporated)
Task: {0678EBB8-AA11-4AB7-9A47-E6D9B3F6F54D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0A8DADBA-ADA5-4039-98A4-2D0AFA6DF21F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\ACC" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\ACCAgent" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\ACCBackgroundApplication" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\AcerCMUpdateTask2.1.16258" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\DropboxUpdateTaskMachineCore" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\DropboxUpdateTaskMachineUA" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\HPPSDrTelemetryWatch" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-288082975-2520583026-2654835971-1001" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-288082975-2520583026-2654835971-500" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\Power Button" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\Quick Access" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\Quick Access Wi-Fi Power Switch" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\Software Update Application" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\UEIPInvitation" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{3066EA64-DBB0-4D34-B810-61FE8D35E073}" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\WinZip Update Notifier 1" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\WinZip Update Notifier 2" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\WinZip Update Notifier 3" /ENABLE
Task: {0C6C0F8C-3193-4841-95E8-C18E919ED947} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {0FBA82B0-FD76-4F72-BDA4-105782CDEFAF} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2020-02-20] (Corel Corporation -> Corel Corporation)
Task: {10FE277B-5C08-452D-9B2E-3982C21B383A} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [64320 2019-07-11] (Acer Incorporated -> Acer)
Task: {1AED8DED-7B01-4CC5-8B7F-1F6B3648098E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-06-18] (Avast Software s.r.o. -> Avast Software)
Task: {28895C99-0C71-4D5E-934D-D243A86A8E78} - System32\Tasks\Quick Access Wi-Fi Power Switch => C:\Program Files\Acer\Quick Access Service\QAWiFiPowerSwitch.exe [211248 2019-09-27] (Acer Incorporated -> Acer Incorporated)
Task: {2DF2F4B9-0932-4EEC-9730-5C1FD72499BE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {3014B319-36A9-4EFE-86DA-88586792B07A} - System32\Tasks\HPPSDrTelemetryWatch => C:\Program Files (x86)\HP\Diagnostics\TelemetryWatch\PSDrTelemetryWatch.exe [32808 2020-01-14] (HP Inc. -> )
Task: {3F60260C-3725-473F-86F1-FB103332A537} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-17] (Google LLC -> Google LLC)
Task: {47425521-AB0B-4787-AD01-671D9B3DF2F4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1861528 2020-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {480E40CB-379B-457D-B6F9-E29A5A203540} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2962736 2019-10-03] (Acer Incorporated -> )
Task: {5F346731-E40A-464A-83D1-7B9185ABB630} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2020-02-20] (Corel Corporation -> Corel Corporation)
Task: {6734CFAC-E9BC-4F28-B342-677C1608E5B3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [171368 2020-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {67AEBF79-C4CF-4E44-84BD-FF5B328FD193} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [152880 2016-09-20] (Acer Incorporated -> )
Task: {7A026287-139C-46D5-BB8A-2829A70404F1} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [3314272 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
Task: {7E7FAF71-A05F-437C-9AA6-BAD5B04C5035} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41776 2019-10-03] (Acer Incorporated -> )
Task: {80FA830D-2402-4DEC-8B48-E9875FF6ACB9} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4828464 2019-10-03] (Acer Incorporated -> )
Task: {8330B624-0449-48DF-ADB4-2AD83486243F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-17] (Google LLC -> Google LLC)
Task: {9456ACAB-EFDB-4314-AE11-3344218BA778} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [171368 2020-06-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C8CF622-EB48-46F3-AB69-51F37391A1ED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058928 2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {BBBBF395-D110-4CCA-BE13-FA950E26B8F9} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2020-02-20] (Corel Corporation -> Corel Corporation)
Task: {D593614A-1CB5-499F-B151-6C18D5CC4C09} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2770736 2019-09-27] (Acer Incorporated -> Acer Incorporated)
Task: {D8D58D16-B8C4-42C0-B9BD-AB2F5075D35E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23756168 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA3F480C-AA89-423D-B4CF-2BD7FD8444AB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23756168 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4A5AEE7-F833-4809-BB68-91258D63C21C} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [447280 2019-09-27] (Acer Incorporated -> Acer Incorporated)
Task: {E9C569F4-6277-43C6-9039-AA301D25A942} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211136 2019-01-09] (Acer Incorporated -> Acer Incorporated)
Task: {F0EA6A75-CC99-4744-A2D6-D2A0B0C54619} - System32\Tasks\Oem\wlanBrokerTask => C:\Program Files (x86)\Acer\ExpressVPN\wlanBroker.exe [17688 2019-11-16] (Acer Incorporated -> )
Task: {F7AD0145-863F-4302-B705-85367D5BD29E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6058928 2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {F869B9E5-DF80-445D-9BE5-E54C5B2D0865} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [268096 2019-01-09] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 cryptomator-vault
Tcpip\Parameters: [DhcpNameServer] 172.27.0.1
Tcpip\..\Interfaces\{494fe5dd-def5-44a4-a706-d270e8f1474b}: [DhcpNameServer] 172.27.0.1
Tcpip\..\Interfaces\{a9164378-e6fc-4199-ba5f-eb7523d85f44}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-288082975-2520583026-2654835971-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-288082975-2520583026-2654835971-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-288082975-2520583026-2654835971-1001 -> DefaultScope {1B30AB27-6AF7-4072-B46C-A83398F56DF2} URL =
SearchScopes: HKU\S-1-5-21-288082975-2520583026-2654835971-1001 -> {1B30AB27-6AF7-4072-B46C-A83398F56DF2} URL =
SearchScopes: HKU\S-1-5-21-288082975-2520583026-2654835971-1001 -> {FC6328D0-D19E-44FB-8E1D-AE5C2C404FED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2020-06-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-06-19] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 0zj04ic3.default
FF ProfilePath: C:\Users\61484\AppData\Roaming\Mozilla\Firefox\Profiles\0zj04ic3.default [2020-05-08]
FF ProfilePath: C:\Users\61484\AppData\Roaming\Mozilla\Firefox\Profiles\4ci86crr.default-release [2020-06-22]
FF Notifications: Mozilla\Firefox\Profiles\4ci86crr.default-release -> hxxps://synup.bluejeans.com; hxxps://app.hubspot.com; hxxps://app.slack.com
FF Extension: (Grammarly for Firefox) - C:\Users\61484\AppData\Roaming\Mozilla\Firefox\Profiles\4ci86crr.default-release\Extensions\[email protected] [2020-06-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-03-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-288082975-2520583026-2654835971-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\61484\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-13] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default [2020-06-21]
CHR Notifications: Default -> hxxps://au.godaddy.com; hxxps://meet.google.com; hxxps://neilpatel.com; hxxps://web.skype.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR Extension: (Slides) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-17]
CHR Extension: (Docs) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-17]
CHR Extension: (Google Drive) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-03-17]
CHR Extension: (YouTube) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-17]
CHR Extension: (MozBar) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2020-05-18]
CHR Extension: (Sheets) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-17]
CHR Extension: (Google Docs Offline) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-20]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-06-20]
CHR Extension: (Grammarly for Chrome) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-17]
CHR Extension: (Gmail) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\61484\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"415F859A" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\415F859A => C:\WINDOWS\system32\drivers\415F859A.sys [255928 2020-06-22] (Malwarebytes Corporation -> Malwarebytes) <==== ATTENTION (Rootkit!/Locked Service)
"mbamchameleon" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\mbamchameleon => C:\WINDOWS\system32\drivers\MbamChameleon.sys [192952 2020-06-22] (Malwarebytes Corporation -> Malwarebytes) <==== ATTENTION (Rootkit!/Locked Service)

R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [300336 2019-10-03] (Acer Incorporated -> Acer Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepositoryͅ230.inf_amd64_133af2eb4ed743b0\B345921\atiesrxx.exe [508008 2019-08-22] (Advanced Micro Devices, Inc. -> AMD)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [6392728 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [386976 2019-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [348968 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [58048 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10634632 2020-06-05] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-17] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-03-17] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-06-18] (Dropbox, Inc -> Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-18] (Malwarebytes Inc -> Malwarebytes)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [465712 2019-09-27] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [523568 2019-09-27] (Acer Incorporated -> Acer Incorporated)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-15] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182120 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [305984 2019-01-10] (Acer Incorporated -> Acer Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.8-0\NisSrv.exe [2496152 2020-06-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.8-0\MsMpEng.exe [104192 2020-06-18] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [29912 2019-05-03] (Acer Incorporated -> Acer Incorporated)
R3 amdacpbus; C:\WINDOWS\System32\drivers\amdacpbus.sys [1380472 2019-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdacpksl; C:\WINDOWS\system32\drivers\amdacpksl.sys [352048 2019-05-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [45536 2019-05-20] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepositoryͅ230.inf_amd64_133af2eb4ed743b0\B345921\atikmdag.sys [53498984 2019-08-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepositoryͅ230.inf_amd64_133af2eb4ed743b0\B345921\atikmpag.sys [593000 2019-08-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [138064 2019-06-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37152 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205896 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [235088 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [178768 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [60496 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42784 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175208 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [506152 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [109280 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84856 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851608 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [462592 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216824 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [322256 2020-06-18] (Avast Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [108152 2019-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 BtFilter; C:\WINDOWS\System32\drivers\btfilter.sys [82712 2019-09-22] (Qualcomm Atheros -> Qualcomm)
R3 dbx; C:\WINDOWS\System32\DRIVERS\dbx.sys [47600 2020-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [131080 2019-07-24] (D3L -> Dokan Project)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-18] (Malwarebytes Inc -> Malwarebytes)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-15] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [57384 2018-08-06] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [408800 2020-06-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-18] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-22 09:25 - 2020-06-22 09:25 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\415F859A.sys
2020-06-22 09:24 - 2020-06-22 09:33 - 000000000 ____D C:\Users\61484\Desktop\mbar
2020-06-22 09:24 - 2020-06-22 09:33 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-06-22 09:24 - 2020-06-22 09:24 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-22 09:20 - 2020-06-22 09:20 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-06-22 09:18 - 2020-06-22 09:21 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-06-22 09:18 - 2020-06-22 09:18 - 000004302 _____ C:\WINDOWS\system32\Tasks\Software Update Application
2020-06-22 09:18 - 2020-06-22 09:18 - 000003852 _____ C:\WINDOWS\system32\Tasks\ACCAgent
2020-06-22 09:18 - 2020-06-22 09:18 - 000003764 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2020-06-22 09:18 - 2020-06-22 09:18 - 000003692 _____ C:\WINDOWS\system32\Tasks\AcerCMUpdateTask2.1.16258
2020-06-22 09:18 - 2020-06-22 09:18 - 000003452 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2020-06-22 09:18 - 2020-06-22 09:18 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-06-22 09:18 - 2020-06-22 09:18 - 000003308 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3066EA64-DBB0-4D34-B810-61FE8D35E073}
2020-06-22 09:18 - 2020-06-22 09:18 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-06-22 09:18 - 2020-06-22 09:18 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-288082975-2520583026-2654835971-1001
2020-06-22 09:18 - 2020-06-22 09:18 - 000002852 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-288082975-2520583026-2654835971-500
2020-06-22 09:18 - 2020-06-22 09:18 - 000002848 _____ C:\WINDOWS\system32\Tasks\HPPSDrTelemetryWatch
2020-06-22 09:18 - 2020-06-22 09:18 - 000002782 _____ C:\WINDOWS\system32\Tasks\UbtFrameworkService
2020-06-22 09:18 - 2020-06-22 09:18 - 000002730 _____ C:\WINDOWS\system32\Tasks\ACC
2020-06-22 09:18 - 2020-06-22 09:18 - 000002712 _____ C:\WINDOWS\system32\Tasks\UEIPInvitation
2020-06-22 09:18 - 2020-06-22 09:18 - 000002696 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2020-06-22 09:18 - 2020-06-22 09:18 - 000002694 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2020-06-22 09:18 - 2020-06-22 09:18 - 000002694 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2020-06-22 09:18 - 2020-06-22 09:18 - 000002362 _____ C:\WINDOWS\system32\Tasks\Quick Access Wi-Fi Power Switch
2020-06-22 09:18 - 2020-06-22 09:18 - 000002328 _____ C:\WINDOWS\system32\Tasks\ACCBackgroundApplication
2020-06-22 09:18 - 2020-06-22 09:18 - 000002296 _____ C:\WINDOWS\system32\Tasks\Power Button
2020-06-22 09:18 - 2020-06-22 09:18 - 000002222 _____ C:\WINDOWS\system32\Tasks\Quick Access
2020-06-22 09:18 - 2020-06-22 09:18 - 000000020 ___SH C:\Users\61484\ntuser.ini
2020-06-22 09:18 - 2020-06-22 09:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-22 09:18 - 2020-06-22 09:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2020-06-22 09:18 - 2020-06-22 09:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2020-06-22 09:18 - 2020-06-22 09:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-06-22 09:18 - 2020-06-22 09:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-06-22 09:17 - 2020-06-22 09:20 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-22 09:17 - 2020-06-22 09:18 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2020-06-22 09:17 - 2020-06-22 09:18 - 000007623 _____ C:\WINDOWS\diagerr.xml
2020-06-22 09:14 - 2020-06-22 08:45 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-06-22 09:13 - 2020-06-22 09:18 - 000000000 ____D C:\Windows.old
2020-06-22 09:13 - 2020-06-22 09:14 - 000008192 ___SH C:\DumpStack.log.tmp
2020-06-22 09:13 - 2020-06-22 09:13 - 000630688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-22 09:13 - 2020-06-22 09:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-22 09:11 - 2020-06-22 09:11 - 000073016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WinSetupBoot.sys
2020-06-22 08:56 - 2020-06-22 09:13 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2020-06-22 08:55 - 2020-06-22 09:18 - 000000000 ____D C:\Users\61484
2020-06-22 08:55 - 2019-12-07 19:10 - 000001105 _____ C:\Users\61484\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-22 08:54 - 2020-06-22 08:54 - 000000000 ____D C:\WINDOWS\system32\Samsung
2020-06-22 08:54 - 2020-06-22 08:54 - 000000000 ____D C:\WINDOWS\system32\AMD
2020-06-22 08:53 - 2020-06-22 08:56 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2020-06-22 08:47 - 2020-06-22 08:47 - 024265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 018766848 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 011490816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 009493504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 004783328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 003547800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-06-22 08:47 - 2020-06-22 08:47 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMNetMgr.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 001352232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 001301592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 001111552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMNetMgr.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 001014872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000967680 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000961192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000937472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000746808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000690176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000676560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000600616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2020-06-22 08:47 - 2020-06-22 08:47 - 000580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2020-06-22 08:47 - 2020-06-22 08:47 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000530440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2020-06-22 08:47 - 2020-06-22 08:47 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000428544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswmdm.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswmdm.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmidx.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmidx.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2020-06-22 08:47 - 2020-06-22 08:47 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 026271232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 023431168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 019868160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 018066944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 010921272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 008897768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 008188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 007756288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 007593984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 007591456 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 007069696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 006920192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 006404608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 006352896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 005963472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 005821952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 005420648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 005371536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 004880384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 004734976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 004629312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 003925336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 003901952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 003859456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 003811776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 003784192 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 003431424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 003332608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 002918208 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 002827776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-06-22 08:46 - 2020-06-22 08:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-06-22 08:46 - 2020-06-22 08:46 - 002744320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-06-22 08:46 - 2020-06-22 08:46 - 002685440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 002631008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 002601472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 002413056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 002317312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 002202624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 002198016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 002193736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 002177536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001912320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001710080 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001704960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001686528 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001668384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001557824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001448448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001411072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 001353216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001320448 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagperf.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001296384 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001255736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 001252864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001233408 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 001218560 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001208832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001126472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdosys.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001071224 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001066304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi3.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000945152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000907456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000902144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000880088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000867840 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000855272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000854016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi3.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdosys.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000801544 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000759608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DismApi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000742400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000733184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000695720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkObjCore.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\agentactivationruntimewindows.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000633856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\agentactivationruntime.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\azroles.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000632536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.ConversationalAgent.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000606880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000602184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\psisdecd.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000583608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000579072 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\wvc.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000573752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-06-22 08:46 - 2020-06-22 08:46 - 000572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000569656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000552448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\IESettingSync.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000528696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000508720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroles.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000488096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psisdecd.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000482624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000474112 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\SysWOW64\wvc.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000469936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassdo.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000443704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\termmgr.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000434504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000410592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000407864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwizeng.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMM.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\termmgr.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassdo.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpviewerax.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AarSvc.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-06-22 08:46 - 2020-06-22 08:46 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-06-22 08:46 - 2020-06-22 08:46 - 000312120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemSettings.DataModel.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RASMM.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WlanMM.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Preview.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000285496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpviewerax.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-06-22 08:46 - 2020-06-22 08:46 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wavemsp.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000253024 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000228664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wavemsp.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000217920 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-06-22 08:46 - 2020-06-22 08:46 - 000204000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBroker.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000201536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000195240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000195144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000190056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrecst.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000180024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-06-22 08:46 - 2020-06-22 08:46 - 000176440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000170488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaatext.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000151864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000142000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkspbrokerAx.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrecst.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaatext.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000110512 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkspbrokerAx.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000099640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000093952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000092952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwanRadioManager.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-06-22 08:46 - 2020-06-22 08:46 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcEpMap.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasads.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-06-22 08:46 - 2020-06-22 08:46 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000061752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameInput.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasads.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagnosticdataquery.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000042320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000041864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBrokerPS.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CIDiag.exe
2020-06-22 08:46 - 2020-06-22 08:46 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000028384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SecurityCenterBrokerPS.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000024288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerEnc.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000020648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerEnc.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-06-22 08:46 - 2020-06-22 08:46 - 000009377 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-06-22 08:46 - 2020-06-22 08:46 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-06-22 08:45 - 2020-06-22 08:46 - 001640960 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 010336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 007992320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 007961824 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 006173184 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 006069888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 006052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 005858128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 004484696 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 003860480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 003810304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-06-22 08:45 - 2020-06-22 08:45 - 003779896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-06-22 08:45 - 2020-06-22 08:45 - 003749376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 003498216 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 003380736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 003304960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 003299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 002974720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 002964992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-06-22 08:45 - 2020-06-22 08:45 - 002647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 002585400 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 002284560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 002244608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001876992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001869312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001805184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-06-22 08:45 - 2020-06-22 08:45 - 001695744 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001538136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MoUsoCoreWorker.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 001493504 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001473024 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 001473024 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001413120 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 001400216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001394032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-06-22 08:45 - 2020-06-22 08:45 - 001337168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001250816 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001204968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 001197232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 001194496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001150752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 001105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001047040 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 001001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000975672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkObjCore.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000906528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000902968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-06-22 08:45 - 2020-06-22 08:45 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000879104 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000831016 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000764456 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000751616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000725600 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000683008 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000635824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000601400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-06-22 08:45 - 2020-06-22 08:45 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-06-22 08:45 - 2020-06-22 08:45 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000577392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000540480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000454968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-06-22 08:45 - 2020-06-22 08:45 - 000449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000428680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000422728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DataModel.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000418816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000373064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000259264 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000249656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000214840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000203976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsBroker.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000159032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2020-06-22 08:45 - 2020-06-22 08:45 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000143160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2020-06-22 08:45 - 2020-06-22 08:45 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000132744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000131896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000118072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000116024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindfltapi.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000070984 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameInput.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxGipRadioManager.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanRadioManager.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000064840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000064016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2020-06-22 08:45 - 2020-06-22 08:45 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2020-06-22 08:45 - 2020-06-22 08:45 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-06-22 08:38 - 2020-06-22 08:38 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-06-22 08:38 - 2020-06-22 08:38 - 000000000 ____D C:\Program Files\MSBuild
2020-06-22 08:38 - 2020-06-22 08:38 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2020-06-22 08:38 - 2020-06-22 08:38 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-06-22 08:37 - 2019-12-03 14:04 - 000781384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2020-06-22 08:37 - 2019-12-03 14:04 - 000105544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2020-06-22 08:37 - 2019-12-03 14:04 - 000037864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2020-06-22 08:37 - 2019-11-08 14:44 - 001168968 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2020-06-22 08:37 - 2019-11-08 14:44 - 000127056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2020-06-22 08:37 - 2019-11-08 14:44 - 000038072 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2020-06-22 08:36 - 2020-06-22 08:36 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-06-22 08:36 - 2020-06-22 08:36 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-06-22 08:28 - 2020-06-22 08:28 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2020-06-22 08:15 - 2020-06-22 09:18 - 000000000 ___DC C:\WINDOWS\Panther
2020-06-22 08:13 - 2020-06-22 08:15 - 000000036 _____ C:\WINDOWS\progress.ini
2020-06-22 07:20 - 2020-06-22 08:13 - 000000000 ___HD C:\$GetCurrent
2020-06-22 07:20 - 2020-06-22 07:21 - 014178840 _____ (Malwarebytes Corp.) C:\Users\61484\Downloads\mbar-1.10.3.1001.exe
2020-06-22 07:19 - 2020-06-22 08:13 - 000000000 ____D C:\Windows10Upgrade
2020-06-22 07:19 - 2020-06-22 07:19 - 006260552 _____ (Microsoft Corporation) C:\Users\61484\Downloads\Windows10Upgrade9252.exe
2020-06-22 07:19 - 2020-06-22 07:19 - 000000735 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2020-06-22 07:19 - 2020-06-22 07:19 - 000000723 _____ C:\Users\61484\Desktop\Windows 10 Update Assistant.lnk
2020-06-22 05:25 - 2020-06-22 05:25 - 012770472 _____ (Symantec Corporation) C:\Users\61484\Downloads\NRnR.exe
2020-06-22 05:02 - 2020-06-22 05:04 - 000000000 ____D C:\Users\61484\AppData\Roaming\Cryptomator
2020-06-22 05:02 - 2020-06-22 05:02 - 000000000 ____D C:\Users\61484\.openjfx
2020-06-22 04:04 - 2020-06-22 04:05 - 000042103 _____ C:\Users\61484\Downloads\Addition.txt
2020-06-22 04:02 - 2020-06-22 09:34 - 000033247 _____ C:\Users\61484\Downloads\FRST.txt
2020-06-22 04:02 - 2020-06-22 09:34 - 000000000 ____D C:\FRST
2020-06-22 04:01 - 2020-06-22 04:01 - 002290176 _____ (Farbar) C:\Users\61484\Downloads\FRST64.exe
2020-06-21 15:15 - 2020-06-21 15:15 - 000000000 ____D C:\Program Files\Dokan
2020-06-21 15:15 - 2019-07-24 08:57 - 000131080 _____ (Dokan Project) C:\WINDOWS\system32\Drivers\dokan1.sys
2020-06-21 15:14 - 2020-06-22 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptomator
2020-06-21 15:14 - 2020-06-21 15:14 - 000000000 ____D C:\Program Files\Cryptomator
2020-06-21 15:07 - 2020-06-21 15:09 - 063035528 _____ (cryptomator.org ) C:\Users\61484\Downloads\Cryptomator-1.5.5-x64.exe
2020-06-21 07:04 - 2020-06-21 10:47 - 000000000 ____D C:\Users\61484\Desktop\Security
2020-06-21 07:03 - 2020-06-21 07:03 - 001554747 _____ C:\Users\61484\Downloads\debotnet.zip
2020-06-20 10:26 - 2020-06-20 15:05 - 000000000 ____D C:\Users\61484\AppData\Local\CrashDumps
2020-06-20 08:22 - 2020-06-20 08:22 - 000000000 ____D C:\Users\61484\.MCTranscodingSDK
2020-06-20 08:20 - 2020-06-22 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2020-06-20 08:20 - 2020-06-20 08:23 - 000000000 ____D C:\Users\Public\Documents\Lightworks
2020-06-20 08:20 - 2020-06-20 08:23 - 000000000 ____D C:\ProgramData\Documents\Lightworks
2020-06-20 08:20 - 2020-06-20 08:20 - 000000000 ____D C:\ProgramData\Geevs
2020-06-20 08:19 - 2020-06-20 08:20 - 000000000 ____D C:\Program Files\Lightworks
2020-06-20 08:11 - 2020-06-20 08:14 - 077590720 _____ (EditShare) C:\Users\61484\Downloads\lightworks_2020.1_r122068_64bit_setup.exe
2020-06-19 17:14 - 2020-06-22 05:51 - 000000000 ____D C:\Users\61484\Desktop\Cards
2020-06-19 05:29 - 2020-06-22 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-06-19 05:29 - 2020-06-19 05:29 - 000002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2020-06-19 05:29 - 2020-06-19 05:29 - 000002357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2020-06-19 05:25 - 2020-06-22 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-06-18 21:47 - 2020-06-18 21:47 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-06-18 21:47 - 2020-06-18 21:47 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-06-18 21:47 - 2020-06-18 21:47 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-06-18 21:47 - 2020-06-18 21:47 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx.sys
2020-06-18 21:47 - 2020-06-18 21:47 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-06-18 12:40 - 2020-06-18 12:40 - 000002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-06-18 12:40 - 2020-06-18 12:40 - 000002112 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-06-18 12:40 - 2020-06-18 12:40 - 000002112 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-06-18 12:40 - 2020-06-18 12:40 - 000000000 ____D C:\Users\61484\AppData\Roaming\Avast Software
2020-06-18 12:40 - 2020-06-18 12:40 - 000000000 ____D C:\Users\61484\AppData\Local\CEF
2020-06-18 12:35 - 2020-06-18 12:35 - 000462592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-06-18 12:35 - 2020-06-18 12:35 - 000322256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-06-18 12:35 - 2020-06-18 12:35 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2020-06-18 12:35 - 2020-06-18 12:34 - 000851608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000506152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000335976 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-06-18 12:35 - 2020-06-18 12:34 - 000235088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000216824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000205896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000178768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000175208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000109280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000084856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000060496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000042784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000037152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-06-18 12:35 - 2020-06-18 12:34 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-06-18 12:28 - 2020-06-18 12:28 - 000000000 ____D C:\Program Files\Avast Software
2020-06-18 12:23 - 2020-06-22 09:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-18 12:23 - 2020-06-18 12:23 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-18 12:23 - 2020-06-18 12:23 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-18 12:23 - 2020-06-18 12:23 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-06-18 12:23 - 2020-06-18 12:23 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-18 12:23 - 2020-06-18 12:23 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-18 12:23 - 2020-06-18 12:23 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-18 12:23 - 2020-06-18 12:23 - 000000000 ____D C:\Users\61484\AppData\Local\mbam
2020-06-18 12:22 - 2020-06-22 06:56 - 000000000 ____D C:\ProgramData\Avast Software
2020-06-18 12:22 - 2020-06-18 12:22 - 000231144 _____ (AVAST Software) C:\Users\61484\Downloads\avast_free_antivirus_setup_online.exe
2020-06-18 12:21 - 2020-06-18 12:21 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-18 12:21 - 2020-06-18 12:21 - 000000000 ____D C:\Malwarebytes
2020-06-18 12:20 - 2020-06-18 12:20 - 001988280 _____ (Malwarebytes) C:\Users\61484\Downloads\MBSetup.exe
2020-06-18 08:05 - 2020-06-18 08:05 - 000085203 _____ C:\Users\61484\Downloads\brighttalk-viewing-certificate-defending-your-remote-workforce-tips-to-keep-devices-secure-anywhere-anytime.pdf
2020-06-15 19:29 - 2020-06-15 19:29 - 000595323 _____ C:\Users\61484\Downloads\Analyst_Report___MOOR___Crafting_a_Comprehensive_Approach_to_Cybersecurity.PDF
2020-06-13 11:00 - 2020-06-13 11:00 - 002691204 _____ C:\Users\61484\Downloads\Adel Shahnazaeyan.zip
2020-06-13 10:58 - 2020-06-13 10:58 - 002693375 _____ C:\Users\61484\Downloads\Adel Shahnazryan.zip
2020-06-06 04:30 - 2020-06-06 04:33 - 074471109 _____ C:\Users\61484\Downloads\Untitled Jun 5, 2020 10 24 PM.webm
2020-06-05 15:42 - 2020-06-05 15:42 - 000017043 _____ C:\Users\61484\Downloads\Scripy 1.odt
2020-06-04 12:37 - 2020-06-04 12:37 - 000000000 ____D C:\Program Files (x86)\Bluetooth Suite
2020-06-04 12:36 - 2020-06-04 12:37 - 058365082 _____ C:\Users\61484\Downloads\Bluetooth_Atheros_10.0.0.827_W10x64_A.zip
2020-06-04 11:41 - 2020-06-04 11:41 - 000000000 ___HD C:\$WinREAgent
2020-06-04 11:35 - 2020-06-21 13:47 - 000000000 ____D C:\ProgramData\SecTaskMan
2020-06-04 11:35 - 2020-06-04 11:35 - 003017632 _____ C:\Users\61484\Downloads\SecurityTaskManager_Setup.exe
2020-06-04 11:35 - 2020-06-04 11:35 - 000001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2020-06-04 11:35 - 2020-06-04 11:35 - 000001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2020-06-04 11:35 - 2020-06-04 11:35 - 000000000 ____D C:\Program Files (x86)\Security Task Manager
2020-06-04 11:26 - 2020-06-04 11:26 - 000000571 _____ C:\Users\61484\Downloads\DeviceDiagnostic.diagcab
2020-06-04 07:49 - 2020-06-04 11:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-06-04 06:30 - 2020-06-20 12:15 - 000000000 ___RD C:\Users\61484\Desktop\Aram & Adel
2020-06-04 06:27 - 2020-06-22 09:13 - 000000000 ____D C:\Users\61484\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-04 06:27 - 2020-06-22 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-06-04 06:27 - 2020-06-04 06:27 - 003218976 _____ (Alexander Roshal) C:\Users\61484\Downloads\winrar-x64-590.exe
2020-06-04 06:27 - 2020-06-04 06:27 - 000000000 ____D C:\Users\61484\AppData\Roaming\WinRAR
2020-06-04 06:27 - 2020-06-04 06:27 - 000000000 ____D C:\Program Files\WinRAR
2020-06-04 06:08 - 2020-06-04 06:08 - 000795075 _____ C:\Users\61484\Downloads\Adel Shahnazaryan 2.zip
2020-06-04 06:08 - 2020-06-04 06:08 - 000086225 _____ C:\Users\61484\Downloads\Adel Shahnazaryan(1).zip
2020-06-03 16:37 - 2020-06-03 16:37 - 000000109 ____H C:\Users\61484\Desktop\.~lock.Week 1.docx#
2020-06-03 14:26 - 2020-06-03 14:26 - 000000000 ____D C:\Users\61484\AppData\Roaming\LibreOffice
2020-06-03 14:25 - 2020-06-22 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.4
2020-06-03 14:25 - 2020-06-03 14:25 - 000001181 _____ C:\Users\Public\Desktop\LibreOffice 6.4.lnk
2020-06-03 14:25 - 2020-06-03 14:25 - 000001181 _____ C:\ProgramData\Desktop\LibreOffice 6.4.lnk
2020-06-03 14:24 - 2020-06-03 14:24 - 000000000 ____D C:\Program Files\LibreOffice
2020-06-03 14:12 - 2020-06-03 14:23 - 313282560 _____ C:\Users\61484\Downloads\LibreOffice_6.4.4_Win_x64.msi
2020-05-30 09:15 - 2020-06-22 09:13 - 000000000 ____D C:\Program Files\UNP
2020-05-29 08:43 - 2020-05-29 08:47 - 000000000 ____D C:\Users\61484\AppData\Roaming\UnderPass
2020-05-29 08:43 - 2020-05-29 08:43 - 000002359 _____ C:\Users\61484\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnderPass.lnk
2020-05-29 08:43 - 2020-05-29 08:43 - 000000000 ____D C:\Users\61484\AppData\Local\underpass-updater
2020-05-29 08:41 - 2020-05-29 08:41 - 052235712 _____ (LambdaTest) C:\Users\61484\Downloads\UnderPass Setup.exe
2020-05-27 09:11 - 2020-05-27 09:11 - 000237251 _____ C:\Users\61484\Downloads\10882129.html
2020-05-26 10:35 - 2020-06-22 09:13 - 000000000 ____D C:\Users\61484\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2020-05-26 10:35 - 2020-06-22 09:12 - 000000000 ____D C:\Users\61484\AppData\Roaming\WhatsApp
2020-05-26 10:35 - 2020-06-06 13:33 - 000000000 ____D C:\Users\61484\AppData\Local\WhatsApp
2020-05-26 10:35 - 2020-05-26 10:35 - 000002201 _____ C:\Users\61484\Desktop\WhatsApp.lnk
2020-05-26 10:32 - 2020-05-26 10:35 - 143976368 _____ (WhatsApp) C:\Users\61484\Downloads\WhatsAppSetup.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-22 09:35 - 2020-03-17 10:18 - 000000000 ____D C:\Users\61484\AppData\Local\Packages
2020-06-22 09:35 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-22 09:34 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-06-22 09:34 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-22 09:33 - 2019-12-07 19:13 - 000000000 ____D C:\WINDOWS\INF
2020-06-22 09:30 - 2019-12-07 19:14 - 000000000 ____D C:\ProgramData\USOPrivate
2020-06-22 09:24 - 2019-12-07 19:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-22 09:23 - 2020-03-17 10:20 - 000000000 ___RD C:\Users\61484\OneDrive
2020-06-22 09:22 - 2020-03-29 10:21 - 000000000 ____D C:\Users\61484\AppData\LocalLow\Mozilla
2020-06-22 09:18 - 2020-03-17 10:24 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2020-06-22 09:18 - 2020-03-17 10:24 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2020-06-22 09:18 - 2020-03-17 10:18 - 000000000 ___RD C:\Users\61484\3D Objects
2020-06-22 09:18 - 2020-03-17 10:18 - 000000000 ____D C:\Users\61484\AppData\Local\D3DSCache
2020-06-22 09:18 - 2020-03-17 10:08 - 000000000 ____D C:\ProgramData\Packages
2020-06-22 09:18 - 2020-01-09 18:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-06-22 09:18 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-06-22 09:18 - 2019-12-07 19:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-06-22 09:18 - 2019-12-07 19:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-06-22 09:18 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-22 09:16 - 2020-03-17 10:21 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-22 09:16 - 2020-03-17 10:21 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-22 09:16 - 2020-03-17 10:21 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-22 09:15 - 2019-12-07 19:14 - 000000000 __RHD C:\Users\Public\Libraries
2020-06-22 09:14 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\appcompat
2020-06-22 09:14 - 2019-12-07 19:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-06-22 09:13 - 2020-05-13 05:57 - 000000000 ____D C:\Users\61484\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-06-22 09:13 - 2020-05-09 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2020-06-22 09:13 - 2020-03-17 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Acer
2020-06-22 09:13 - 2020-03-17 07:03 - 000000000 ____D C:\WINDOWS\oem
2020-06-22 09:13 - 2020-01-09 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2020-06-22 09:13 - 2019-12-07 19:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2020-06-22 09:13 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-06-22 09:13 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\spool
2020-06-22 09:13 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-22 09:13 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-06-22 09:13 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-22 09:13 - 2019-12-07 19:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-06-22 09:13 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2020-06-22 09:13 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-06-22 09:11 - 2019-12-07 19:18 - 000000000 ____D C:\WINDOWS\Setup
2020-06-22 08:56 - 2020-04-05 15:58 - 000000000 ____D C:\Users\61484\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SysNucleus
2020-06-22 08:55 - 2020-04-26 11:30 - 000000000 ____D C:\Users\61484\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
2020-06-22 08:54 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-06-22 08:51 - 2019-12-08 00:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-06-22 08:51 - 2019-12-08 00:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\Com
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2020-06-22 08:51 - 2019-12-07 19:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-06-22 08:51 - 2019-12-07 19:03 - 000000000 ____D C:\WINDOWS\servicing
2020-06-22 08:41 - 2019-12-08 00:47 - 000000000 ____D C:\WINDOWS\OCR
2020-06-22 07:18 - 2020-03-17 10:26 - 000000000 ___RD C:\Users\61484\Dropbox
2020-06-22 07:14 - 2020-03-23 08:47 - 000000000 ____D C:\Users\61484\AppData\Local\SquirrelTemp
2020-06-21 15:15 - 2020-01-09 18:35 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-20 15:09 - 2020-03-17 10:28 - 000000000 ____D C:\Users\61484\Documents\Zoom
2020-06-20 12:14 - 2020-03-17 10:20 - 000000000 ____D C:\Users\61484\AppData\Local\PlaceholderTileLogoFolder
2020-06-20 11:17 - 2020-04-24 06:27 - 000000000 ____D C:\Users\61484\Desktop\Other
2020-06-20 06:02 - 2020-01-09 18:58 - 000000000 ____D C:\Program Files\Microsoft Office
2020-06-19 05:26 - 2020-03-17 10:24 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-06-18 09:50 - 2020-01-09 18:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-06-16 16:57 - 2020-03-19 12:17 - 000000000 ____D C:\Users\61484\AppData\Local\ElevatedDiagnostics
2020-06-11 19:22 - 2020-03-17 10:23 - 000000000 ____D C:\Users\61484\AppData\Local\OEM
2020-06-09 15:57 - 2020-04-13 13:11 - 000000000 ___RD C:\Users\61484\Desktop\The Digital Age
2020-06-04 11:42 - 2020-03-17 10:18 - 000000000 ____D C:\Users\61484\AppData\Local\ConnectedDevicesPlatform
2020-06-04 11:03 - 2020-01-09 18:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-04 10:55 - 2020-01-09 18:56 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-03 14:26 - 2020-03-17 10:18 - 000000000 ____D C:\Users\61484\AppData\Local\AMD
2020-06-02 06:08 - 2020-04-26 11:24 - 000001602 _____ C:\Users\61484\Desktop\Skype.lnk
2020-05-29 10:49 - 2020-01-09 19:03 - 000000000 ____D C:\ProgramData\Norton

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


  • 0

#10
awot
Posted 21 June 2020 - 05:37 PM

awot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Additions result

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2020
Ran by 61484 (22-06-2020 09:35:39)
Running from C:\Users\61484\Downloads
Windows 10 Home Version 2004 19041.330 (X64) (2020-06-21 23:18:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

61484 (S-1-5-21-288082975-2520583026-2654835971-1001 - Administrator - Enabled) => C:\Users\61484
Administrator (S-1-5-21-288082975-2520583026-2654835971-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-288082975-2520583026-2654835971-503 - Limited - Disabled)
Guest (S-1-5-21-288082975-2520583026-2654835971-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-288082975-2520583026-2654835971-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Ultra (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Norton Security Ultra (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{4335EAF1-21F1-43D3-8F6F-D7E481E6959A}) (Version: 3.3.19180.60 - Acer)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.26.07 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.4.2410 - Avast Software)
Branding64 (HKLM\...\{FFF5E5C1-7884-49BE-BB04-36B99C1522E6}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3012 - Acer Incorporated)
Cryptomator (HKLM\...\Cryptomator_is1) (Version: 1.5.5 - cryptomator.org)
DMG Extractor (HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\DMG Extractor) (Version: 1.3.16.0 - Reincubate Ltd)
Dokan Library 1.3.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0103-0000-190724141005}) (Version: 1.3.0.1000 - Dokany Project)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Dropbox (HKLM-x32\...\Dropbox) (Version: 100.3.400 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.335.1 - Dropbox, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{878F6EB4-73BF-4A1E-9A92-6DDF9EDC8A8B}) (Version: 2.2.19322.0 - Acer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.106 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
LibreOffice 6.4.4.2 (HKLM\...\{F00C391B-6092-40E7-9ECD-144933865571}) (Version: 6.4.4.2 - The Document Foundation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.6.0.0 - EditShare)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft 365 for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.12827.20336 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\OneDriveSetup.exe) (Version: 20.064.0329.0008 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Mozilla Firefox 77.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 77.0.1 (x64 en-US)) (Version: 77.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{60499BF0-C3D1-40CC-8600-8A7246534466}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12827.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12827.20160 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.827 - Qualcomm Atheros)
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3009 - Acer Incorporated)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8699.1 - Realtek Semiconductor Corp.)
Security Task Manager 2.3e (HKLM-x32\...\Security Task Manager) (Version: 2.3e - Neuber Software)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.362 - Microsoft Corporation)
UnderPass 1.5.3032 (HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\094dd894-15e5-5ca9-998a-7d5ce02d7759) (Version: 1.5.3032 - LambdaTest)
User Experience Improvement Program Service (HKLM\...\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}) (Version: 4.00.3106 - Acer Incorporated)
WebHarvy (HKLM-x32\...\{B75A82EC-BDA7-4746-A9AF-E24301AFA403}) (Version: 6.0.1.173 - SysNucleus)
WhatsApp (HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\WhatsApp) (Version: 2.2023.2 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23072 - Microsoft Corporation)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
WinZip 24.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24127}) (Version: 24.0.14033 - Corel Corporation)
Zoom (HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
Acer Collection S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollectionS_1.0.3004.0_x64__48frkmn4z8aw4 [2020-01-09] (Acer Incorporated)
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3013.0_x64__48frkmn4z8aw4 [2020-03-17] (Acer Incorporated)
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.10006.0_x64__0a9344xs7nr4m [2020-06-22] (Advanced Micro Devices Inc.)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3012.0_x64__48frkmn4z8aw4 [2020-03-18] (Acer Incorporated)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-08] (Microsoft Corporation)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.24.8919.0_x86__q4d96b2w5wcc2 [2020-03-25] (Evernote)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.39.5.0_x86__kgqvnymyfvs32 [2020-06-12] (king.com)
GoTrust ID -> C:\Program Files\WindowsApps\GOTrustTechnologyInc.GO-TrustAuthenticator_3.1.12.0_x64__0r04f53sqacg6 [2020-03-17] (GoTrustID Inc.)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.7.28.0_x64__kx24dqmazqk8j [2020-06-04] (Random Salad Games LLC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-29] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa [2020-05-24] (Apple Inc.) [Startup Task]
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2020-03-17] (LinkedIn)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2020-03-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2020-03-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-17] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.41.21603.0_x64__8wekyb3d8bbwe [2020-06-17] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-03] (Microsoft Studios) [MS Ad]
Movie & Audio Studio -> C:\Program Files\WindowsApps\MAGIXSoftwareGmbH.MovieAudioStudio_1.1.4.0_x64__awcgk3qbzve1y [2020-01-09] (MAGIX Software GmbH)
Movie Maker 10 - FREE -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_2.9.73.0_x64__bzg06mxvgh4fa [2020-06-21] (V3TApps)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
NcsiUwpApp -> C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe [2020-06-22] (Microsoft)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-13] (Netflix, Inc.)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2020-01-09] (CYBERLINK COM CORP)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-06-20] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2020-01-09] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3009.0_x64__48frkmn4z8aw4 [2020-01-09] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.179.0_x64__dt26b99r8h8gj [2020-01-09] (Realtek Semiconductor Corp)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_5.8.35.0_x64__kx24dqmazqk8j [2020-05-24] (Random Salad Games LLC)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.19.82.0_x64__kx24dqmazqk8j [2020-06-12] (Random Salad Games LLC)
Slack -> C:\Program Files\WindowsApps\91750D7E.Slack_4.6.0.0_x64__8she8kybcnzg4 [2020-05-24] (Slack Technologies Inc.) [Startup Task]
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_5.2.24.0_x64__kx24dqmazqk8j [2020-01-09] (Random Salad Games LLC) [MS Ad]
UDK Package -> C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy [2020-06-22] (Microsoft Corporation)
User Experience Improvement Program -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgram_4.0.3106.0_x64__48frkmn4z8aw4 [2020-01-09] (Acer Incorporated)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy [2020-06-22] (Microsoft Windows)
Windows Search -> C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy [2020-06-22] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-288082975-2520583026-2654835971-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-288082975-2520583026-2654835971-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\61484\Dropbox [2020-03-17 10:26]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-18] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-02-20] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-02-20] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.0.dll [2020-06-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-06-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2020-02-20] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-288082975-2520583026-2654835971-1001\...\sharepoint.com -> hxxps://cubeau-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 14:49 - 2020-06-21 15:15 - 000000853 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 cryptomator-vault

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-288082975-2520583026-2654835971-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\61484\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\bg.png
DNS Servers: 172.27.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{D6E5969D-74BE-4B5D-8194-C20EAFFD2757}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> )
FirewallRules: [TCP Query User{992A683A-C084-4BBF-9A6E-3CD4187B8C4F}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe (Skymatic GmbH -> )
FirewallRules: [UDP Query User{53005B13-F4D6-4CBC-9D35-DEB32C0D4FB0}C:\users\61484\desktop\test\dhcpsrv.exe] => (Allow) C:\users\61484\desktop\test\dhcpsrv.exe => No File
FirewallRules: [TCP Query User{90762944-A5FB-446A-BCA6-78517EE1DE41}C:\users\61484\desktop\test\dhcpsrv.exe] => (Allow) C:\users\61484\desktop\test\dhcpsrv.exe => No File
FirewallRules: [{A2DBDC09-30BA-4655-86D1-A5D5E15606CF}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{3E6FF007-4CDB-4C54-867E-0FF1D7F66A3C}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe (EditShare EMEA (X-Edit Limited) -> Editshare EMEA)
FirewallRules: [{A2000660-F18D-4E43-9EC7-76FC3527AE74}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{737DD838-27C5-4759-990D-343957273338}] => (Allow) C:\Program Files\Lightworks\lightworks.exe (EditShare EMEA (X-Edit Limited) -> )
FirewallRules: [{4F59DDDA-BBE7-4826-BE96-2EA25E68F349}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{DA980A75-E816-4FC9-91E8-308511BC5C8D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0AD39166-697A-483E-A958-6B862D49B427}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS43A5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7176F936-0579-4A19-9026-44F088D9D660}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS43A5\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{EB83FDC2-A407-4CC0-A96C-0BB75FD54782}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS4191\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{4EF9B813-D538-45CF-BA51-8A876D4A7317}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS4191\HPDiagnosticCoreUI.exe => No File
FirewallRules: [UDP Query User{EB457BC7-31BB-48F5-9607-5DC9A201ACC0}C:\users\61484\appdata\local\programs\underpass\resources\bin\lt.exe] => (Allow) C:\users\61484\appdata\local\programs\underpass\resources\bin\lt.exe (LambdaTest Inc. -> )
FirewallRules: [TCP Query User{2DD3B99F-F798-49EF-B8E2-3D8654CEC551}C:\users\61484\appdata\local\programs\underpass\resources\bin\lt.exe] => (Allow) C:\users\61484\appdata\local\programs\underpass\resources\bin\lt.exe (LambdaTest Inc. -> )
FirewallRules: [UDP Query User{AD1511A4-B681-45CF-972E-05C5BC4D8B07}C:\users\61484\appdata\local\programs\underpass\underpass.exe] => (Allow) C:\users\61484\appdata\local\programs\underpass\underpass.exe (LambdaTest) [File not signed]
FirewallRules: [TCP Query User{186008F7-66B2-4F7B-BA1A-E885F67F475E}C:\users\61484\appdata\local\programs\underpass\underpass.exe] => (Allow) C:\users\61484\appdata\local\programs\underpass\underpass.exe (LambdaTest) [File not signed]
FirewallRules: [UDP Query User{E58461C3-8916-483D-9880-6FD89590EF50}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{99DF4A08-ED93-44F6-A9EC-FD9060A4C4E5}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2CD4A0CF-CE25-48E3-A7E4-5CB7E3B5AC2B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{08ED83E2-7CB6-4B86-8181-87D15A399679}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{52F1E667-0BB4-4909-B7DD-3BCFF74E6A74}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DE4CE402-9169-4994-9F89-E8EA5984622E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{825EF9D6-D59D-43B6-9C19-843FB5370F78}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1ABA3720-AFD0-4FAB-B027-67E4EE45E0C0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{41D9B0A9-635E-4CF6-838B-77B1A0BAD141}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D561C1C7-7BD8-4FEA-93AC-4617AD03B116}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F2A10318-951A-4F06-BA0A-8B9C2DEA6EA7}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS54FB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{70D48836-8C0F-4632-B785-F9273729E5C6}] => (Allow) C:\Users\61484\AppData\Local\Temp\7zS54FB\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{8617ED05-0C9B-4424-AE2C-990C4E5F217D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4FBD8594-C8DF-4375-ABD3-C67B951F7577}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{01037163-E882-45C2-8B89-D6FEB15BD33A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6316D446-682E-41A7-A89D-EB4AFED828C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8072F1D9-8B0F-470D-8C41-A9E8A464412D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9737E24-BD5A-41DE-9521-765A5DC75926}] => (Allow) C:\Users\61484\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{151DE3EF-D064-4687-9FE4-A8B57CE2A4AC}] => (Allow) C:\Users\61484\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2935B238-09E9-4580-A701-9672AC5CDF37}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{13627862-33CB-4BCF-9910-89521631A884}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:475.83 GB) (Free:246.29 GB) (52%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/22/2020 09:18:28 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 1508, ProfSvc PID: 1836.

Error: (06/22/2020 09:18:28 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\Avast Software\Avast\AvastSvc.exe, PID: 2676, ProfSvc PID: 1836.


System errors:
=============
Error: (06/22/2020 09:14:36 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/22/2020 09:14:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/22/2020 09:14:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================

Date: 2020-06-22 09:24:40.5050000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-06-22 09:24:40.4980000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-06-22 09:24:40.4800000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-06-22 09:19:09.8680000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-06-22 09:19:09.8580000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-06-22 09:19:09.8480000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-06-22 09:19:09.8390000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-06-22 09:19:09.8250000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.04 10/17/2019
Motherboard: PK Strongbow_PK
Processor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
Percentage of memory in use: 89%
Total physical RAM: 6074.57 MB
Available physical RAM: 613.29 MB
Total Virtual: 17850.57 MB
Available Virtual: 9868.12 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:475.83 GB) (Free:246.29 GB) NTFS

\\?\Volume{a2a43932-f6ec-473e-a2f9-e1f983c45eca}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.54 GB) NTFS
\\?\Volume{96a76796-30a8-4bf5-b482-11eb91a29adf}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================


  • 0

#11
RKinner
Posted 21 June 2020 - 07:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Interesting:  you got version 2004 from the update.  I'm still stuck on 1909.  Probably because I have an SSD and there are currently problems with SSDs in 2004.

 

I'm still seeing Norton active & Avast disabled.  Did you run the Norton uninstaller?
 

 

1) Network adapters/drivers unusually switch off/disconnect and then re-connect hours later this began after the 2am access.

2) Information on a business website that I am the owner of has changed/permissions change.
3) Emails from my gmail have been deleted in real time whilst I'm in my google inbox..

 

 

1)  There aren't any files shown as being changed at 2AM on 6/4. Did you see anything in the Security log at that time?

 

For the network adapters:

Search for:

 

device manager

hit Enter

Find Network Adapters.  Click on the arrow in front.  Right click on each of your active network adapters (ignore the many WAN Miniports) and select Properties then Power Management.  Uncheck the box for Allow the computer to turn off this device to save power.  OK. That may stop the first of your problems.

 

2)  See if they have two factor authentication available and use it.  There have been reports of a lot of hosting services being hacked so make sure you have the latest version of your hosting software and be careful what other extensions you add to it.

 

3) I would change the password to something difficult to guess with small letters, caps, numbers and at least one special character like ! or & at least 10 characters long and turn on two factor verification:

https://support.google.com/accounts/answer/185839?co=GENIE.Platform%3DDesktop&hl=en 

It should be sending an email or text message to your password recovery email or phone whenever there is a  logon from a new computer.  Check your sent folder for email that you did not send.

 

We sometimes see routers that have been infected.   It might be wise if you have control over your router to reset it to factory, change the admin password from the default and then put in your WiFi info again.  Make sure you are using WPA2 encryption with a decent password.  Netgear routers probably need a software update as they have several flaws that allow them to be hacked.

 

 

Let's see who your PC is talking to:

 

There is a program called tcpview.  https://live.sysinte...com/Tcpview.exe

Download, Save and then run it by right clicking and Run As Admin.
Close all browsers and wait about two minutes.

Then File, Save As (to your desktop), tcp , OK.  This should create a  file tcp.txt on your desktop.  Attach or copy and paste it to a reply.

 

 

 

 


 


 


  • 0

#12
awot
Posted 21 June 2020 - 08:48 PM

awot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey, I did run it, and it uninstalled and re-booted.. That's weird.. Ill try running it again then run through those steps.

 

Regarding the network adapter in Device manager

 

I have the options General, Driver, Details ,Events
 

But nothing in relation to power management for Bluetooth adapter I only have that option for Wireless Network Adapter.

Is there anyway to check if the actual laptop has been tampered with in a physical sense? It's an Acer Swift...


Edited by awot, 21 June 2020 - 09:05 PM.

  • 0

#13
awot
Posted 21 June 2020 - 08:57 PM

awot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

TCP results below

 

[System Process]    0    TCP    laptop-3kudp7j4.localdomain    53301    52.114.158.50    https    TIME_WAIT    17    43,935    10    6,594                        
[System Process]    0    TCP    laptop-3kudp7j4.localdomain    53303    52.10.239.179    https    TIME_WAIT    12    10,958    26    5,887                        
AppleMobileDeviceProcess.exe    11128    TCP    LAPTOP-3KUDP7J4    27015    LAPTOP-3KUDP7J4    0    LISTENING                                        
AppleMobileDeviceProcess.exe    11128    UDP    LAPTOP-3KUDP7J4    49883    *    *                                            
AppleMobileDeviceProcess.exe    11128    UDP    LAPTOP-3KUDP7J4    49884    *    *                                            
AvastSvc.exe    3296    TCP    LAPTOP-3KUDP7J4    12025    LAPTOP-3KUDP7J4    0    LISTENING                                        
AvastSvc.exe    3296    TCP    LAPTOP-3KUDP7J4    12110    LAPTOP-3KUDP7J4    0    LISTENING                                        
AvastSvc.exe    3296    TCP    LAPTOP-3KUDP7J4    12119    LAPTOP-3KUDP7J4    0    LISTENING                                        
AvastSvc.exe    3296    TCP    LAPTOP-3KUDP7J4    12143    LAPTOP-3KUDP7J4    0    LISTENING                                        
AvastSvc.exe    3296    TCP    LAPTOP-3KUDP7J4    12465    LAPTOP-3KUDP7J4    0    LISTENING                                        
AvastSvc.exe    3296    TCP    LAPTOP-3KUDP7J4    12563    LAPTOP-3KUDP7J4    0    LISTENING                                        
AvastSvc.exe    3296    TCP    LAPTOP-3KUDP7J4    12993    LAPTOP-3KUDP7J4    0    LISTENING                                        
AvastSvc.exe    3296    TCP    LAPTOP-3KUDP7J4    12995    LAPTOP-3KUDP7J4    0    LISTENING                                        
AvastSvc.exe    3296    TCP    LAPTOP-3KUDP7J4    27275    LAPTOP-3KUDP7J4    0    LISTENING                                        
AvastSvc.exe    3296    TCP    laptop-3kudp7j4.localdomain    49735    69.94.68.55    https    ESTABLISHED                                        
AvastSvc.exe    3296    TCP    laptop-3kudp7j4.localdomain    53283    a23-40-74-144.deploy.static.akamaitechnologies.com    http    ESTABLISHED    158    23,858    167    38,078                        
AvastSvc.exe    3296    TCPV6    [0:0:0:0:0:0:0:1]    12025    laptop-3kudp7j4    0    LISTENING                                        
AvastSvc.exe    3296    TCPV6    [0:0:0:0:0:0:0:1]    12110    laptop-3kudp7j4    0    LISTENING                                        
AvastSvc.exe    3296    TCPV6    [0:0:0:0:0:0:0:1]    12119    laptop-3kudp7j4    0    LISTENING                                        
AvastSvc.exe    3296    TCPV6    [0:0:0:0:0:0:0:1]    12143    laptop-3kudp7j4    0    LISTENING                                        
AvastSvc.exe    3296    TCPV6    [0:0:0:0:0:0:0:1]    12465    laptop-3kudp7j4    0    LISTENING                                        
AvastSvc.exe    3296    TCPV6    [0:0:0:0:0:0:0:1]    12563    laptop-3kudp7j4    0    LISTENING                                        
AvastSvc.exe    3296    TCPV6    [0:0:0:0:0:0:0:1]    12993    laptop-3kudp7j4    0    LISTENING                                        
AvastSvc.exe    3296    TCPV6    [0:0:0:0:0:0:0:1]    12995    laptop-3kudp7j4    0    LISTENING                                        
AvastSvc.exe    3296    TCPV6    [0:0:0:0:0:0:0:1]    27275    laptop-3kudp7j4    0    LISTENING                                        
AvastSvc.exe    3296    TCP    laptop-3kudp7j4.localdomain    53298    sea03-014.ff.avast.com    http    ESTABLISHED    3    890    7    6,007                        
dasHost.exe    2220    UDP    LAPTOP-3KUDP7J4    ws-discovery    *    *                                            
dasHost.exe    2220    UDP    LAPTOP-3KUDP7J4    ws-discovery    *    *                                            
dasHost.exe    2220    UDP    LAPTOP-3KUDP7J4    63945    *    *                                            
dasHost.exe    2220    UDPV6    laptop-3kudp7j4    3702    *    *                                            
dasHost.exe    2220    UDPV6    laptop-3kudp7j4    3702    *    *                                            
dasHost.exe    2220    UDPV6    laptop-3kudp7j4    63946    *    *                                            
Dropbox.exe    11224    TCP    LAPTOP-3KUDP7J4    843    LAPTOP-3KUDP7J4    0    LISTENING                                        
Dropbox.exe    11224    TCP    LAPTOP-3KUDP7J4    17500    LAPTOP-3KUDP7J4    0    LISTENING    30    3,990    30    3,990                        
Dropbox.exe    11224    TCP    LAPTOP-3KUDP7J4    17600    LAPTOP-3KUDP7J4    0    LISTENING                                        
Dropbox.exe    11224    TCP    LAPTOP-3KUDP7J4    49703    localhost    49704    ESTABLISHED                                        
Dropbox.exe    11224    TCP    LAPTOP-3KUDP7J4    49704    localhost    49703    ESTABLISHED                                        
Dropbox.exe    11224    TCP    laptop-3kudp7j4.localdomain    49722    162.125.36.1    https    CLOSE_WAIT                                        
Dropbox.exe    11224    TCP    LAPTOP-3KUDP7J4    49756    localhost    49757    ESTABLISHED                                        
Dropbox.exe    11224    TCP    LAPTOP-3KUDP7J4    49757    localhost    49756    ESTABLISHED                                        
Dropbox.exe    11224    TCP    laptop-3kudp7j4.localdomain    49771    162.125.83.13    https    CLOSE_WAIT                                        
Dropbox.exe    11224    TCP    laptop-3kudp7j4.localdomain    53282    ec2-3-220-253-183.compute-1.amazonaws.com    https    CLOSE_WAIT    4    7,524    2    966                        
Dropbox.exe    11224    UDP    LAPTOP-3KUDP7J4    17500    *    *                                            
Dropbox.exe    11224    TCPV6    laptop-3kudp7j4    17500    laptop-3kudp7j4    0    LISTENING                                        
Dropbox.exe    11224    TCP    laptop-3kudp7j4.localdomain    53304    162.125.83.7    https    ESTABLISHED    10    28,369    118    162,501                        
Dropbox.exe    11224    TCP    laptop-3kudp7j4.localdomain    53305    162.125.83.7    https    ESTABLISHED    12    16,466    156    216,073                        
Dropbox.exe    11224    TCP    laptop-3kudp7j4.localdomain    53306    162.125.83.7    https    ESTABLISHED    16    31,385    90    123,945    11,708        2            
Dropbox.exe    11224    TCP    laptop-3kudp7j4.localdomain    53307    162.125.83.13    https    ESTABLISHED    6    2,046    5    3,989                        
Dropbox.exe    11224    TCP    laptop-3kudp7j4.localdomain    53308    162.125.83.7    https    ESTABLISHED    12    29,839    126    172,546        54,635        39        
Dropbox.exe    11224    TCP    laptop-3kudp7j4.localdomain    53309    162.125.83.7    https    ESTABLISHED    10    28,405    111    160,956                        
Dropbox.exe    11224    TCP    laptop-3kudp7j4.localdomain    53310    162.125.83.7    https    ESTABLISHED    10    19,396    101    138,114                        
Dropbox.exe    11224    TCP    laptop-3kudp7j4.localdomain    53315    162.125.35.134    https    ESTABLISHED    4    3,716    1    143                        
lsass.exe    1020    TCP    LAPTOP-3KUDP7J4    49664    LAPTOP-3KUDP7J4    0    LISTENING                                        
lsass.exe    1020    TCPV6    laptop-3kudp7j4    49664    laptop-3kudp7j4    0    LISTENING                                        
OneDrive.exe    10136    TCP    laptop-3kudp7j4.localdomain    49752    40.90.189.152    https    ESTABLISHED    5    214    5    869                        
services.exe    984    TCP    LAPTOP-3KUDP7J4    49669    LAPTOP-3KUDP7J4    0    LISTENING                                        
services.exe    984    TCPV6    laptop-3kudp7j4    49669    laptop-3kudp7j4    0    LISTENING                                        
SkypeApp.exe    13156    TCP    laptop-3kudp7j4.localdomain    49777    13.107.4.52    http    ESTABLISHED                                        
SkypeApp.exe    13156    UDP    LAPTOP-3KUDP7J4    52487    *    *                                            
SkypeApp.exe    13156    UDPV6    laptop-3kudp7j4    52487    *    *                                            
SkypeApp.exe    13156    TCP    laptop-3kudp7j4.localdomain    53300    52.114.6.46    https    ESTABLISHED    3    2,918    3    533                        
spoolsv.exe    3600    TCP    LAPTOP-3KUDP7J4    49668    LAPTOP-3KUDP7J4    0    LISTENING                                        
spoolsv.exe    3600    TCPV6    laptop-3kudp7j4    49668    laptop-3kudp7j4    0    LISTENING                                        
svchost.exe    1172    TCP    LAPTOP-3KUDP7J4    epmap    LAPTOP-3KUDP7J4    0    LISTENING                                        
svchost.exe    6872    TCP    LAPTOP-3KUDP7J4    5040    LAPTOP-3KUDP7J4    0    LISTENING                                        
svchost.exe    1556    TCP    LAPTOP-3KUDP7J4    49666    LAPTOP-3KUDP7J4    0    LISTENING                                        
svchost.exe    1564    TCP    LAPTOP-3KUDP7J4    49667    LAPTOP-3KUDP7J4    0    LISTENING                                        
svchost.exe    4008    TCP    laptop-3kudp7j4.localdomain    49709    40.90.189.152    https    ESTABLISHED                                        
svchost.exe    4008    TCP    laptop-3kudp7j4.localdomain    49809    40.90.189.152    https    ESTABLISHED                                        
svchost.exe    15184    TCP    LAPTOP-3KUDP7J4    ms-do    LAPTOP-3KUDP7J4    0    LISTENING                                        
svchost.exe    2828    UDP    LAPTOP-3KUDP7J4    ssdp    *    *                3    411                        
svchost.exe    2828    UDP    laptop-3kudp7j4.localdomain    ssdp    *    *                                            
svchost.exe    6872    UDP    LAPTOP-3KUDP7J4    5050    *    *                                            
svchost.exe    2952    UDP    LAPTOP-3KUDP7J4    5353    *    *                467    63,379        371        5        
svchost.exe    2952    UDP    LAPTOP-3KUDP7J4    llmnr    *    *                                            
svchost.exe    4268    UDP    LAPTOP-3KUDP7J4    49668    *    *                                            
svchost.exe    2828    UDP    laptop-3kudp7j4.localdomain    58728    *    *        3    411                                
svchost.exe    2828    UDP    LAPTOP-3KUDP7J4    58729    *    *        3    411                                
svchost.exe    1172    TCPV6    laptop-3kudp7j4    epmap    laptop-3kudp7j4    0    LISTENING                                        
svchost.exe    15184    TCPV6    laptop-3kudp7j4    ms-do    laptop-3kudp7j4    0    LISTENING                                        
svchost.exe    1556    TCPV6    laptop-3kudp7j4    49666    laptop-3kudp7j4    0    LISTENING                                        
svchost.exe    1564    TCPV6    laptop-3kudp7j4    49667    laptop-3kudp7j4    0    LISTENING                                        
svchost.exe    2828    UDPV6    [0:0:0:0:0:0:0:1]    1900    *    *                                            
svchost.exe    2828    UDPV6    [fe80:0:0:0:9def:6ab8:883:35bc]    1900    *    *                                            
svchost.exe    2952    UDPV6    laptop-3kudp7j4    5353    *    *                                            
svchost.exe    2952    UDPV6    laptop-3kudp7j4    5355    *    *                                            
svchost.exe    2828    UDPV6    [fe80:0:0:0:9def:6ab8:883:35bc]    58726    *    *                                            
svchost.exe    2828    UDPV6    [0:0:0:0:0:0:0:1]    58727    *    *                                            
svchost.exe    6416    TCP    laptop-3kudp7j4.localdomain    53302    20.36.219.28    https    ESTABLISHED    6    6,583    9    17,485                        
svchost.exe    2952    UDP    LAPTOP-3KUDP7J4    59316    *    *        1    44    1    123    44    123    1    1        
System    4    TCP    laptop-3kudp7j4.localdomain    netbios-ssn    LAPTOP-3KUDP7J4    0    LISTENING                                        
System    4    TCP    LAPTOP-3KUDP7J4    microsoft-ds    LAPTOP-3KUDP7J4    0    LISTENING                                        
System    4    UDP    laptop-3kudp7j4.localdomain    netbios-ns    *    *        109    5,450            50        1            
System    4    UDP    laptop-3kudp7j4.localdomain    netbios-dgm    *    *                                            
System    4    TCPV6    laptop-3kudp7j4    microsoft-ds    laptop-3kudp7j4    0    LISTENING                                        
wininit.exe    868    TCP    LAPTOP-3KUDP7J4    49665    LAPTOP-3KUDP7J4    0    LISTENING                                        
wininit.exe    868    TCPV6    laptop-3kudp7j4    49665    laptop-3kudp7j4    0    LISTENING                                        
WinStore.App.exe    6624    TCP    laptop-3kudp7j4.localdomain    49803    a23-32-53-40.deploy.static.akamaitechnologies.com    https    ESTABLISHED                                        
WinStore.App.exe    6624    TCP    laptop-3kudp7j4.localdomain    49804    a23-32-53-40.deploy.static.akamaitechnologies.com    https    ESTABLISHED                                        
WinStore.App.exe    6624    TCP    laptop-3kudp7j4.localdomain    49811    a23-40-74-93.deploy.static.akamaitechnologies.com    http    ESTABLISHED                                        
WinStore.App.exe    6624    TCP    laptop-3kudp7j4.localdomain    49812    a23-40-74-93.deploy.static.akamaitechnologies.com    http    ESTABLISHED                                        
WinStore.App.exe    6624    TCP    laptop-3kudp7j4.localdomain    49813    a23-40-74-93.deploy.static.akamaitechnologies.com    http    ESTABLISHED                                        
WinStore.App.exe    6624    TCP    laptop-3kudp7j4.localdomain    49814    a23-40-74-93.deploy.static.akamaitechnologies.com    http    ESTABLISHED                                        
WinStore.App.exe    6624    TCP    laptop-3kudp7j4.localdomain    49815    a23-40-74-93.deploy.static.akamaitechnologies.com    http    ESTABLISHED                                        
WinStore.App.exe    6624    TCP    laptop-3kudp7j4.localdomain    49816    a23-40-74-93.deploy.static.akamaitechnologies.com    http    ESTABLISHED                                        

 


  • 0

#14
RKinner
Posted 21 June 2020 - 09:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Apparently the Norton uninstaller did not remove all traces after all tho now that I look at it again I see Avast is now Enabled so it removed the worst of it.

 

  If you download the attached fixlist and do the Fix as before it should remove the last traces.

 

Attached File  fixlist.txt   332bytes   188 downloads

 

Should be really quick and should not need to reboot.

 

I don't see anything strange in tcpipview.  You are connected to Microsoft, Avast, Dropbox and nobody else. 

 

We may be able to reduce the number of Microsoft connections:

 

Download OOSU10.exe:

https://www.oo-softw...com/en/shutup10

Download and Save it (You will get a popup while it's downloading.  You can X out of it)
then Right click and Run As Admin.
Decline a System Restore Point (yours is turned off).
Click on Actions then on Apply Recommended Settings.

Close the program and reboot.

 

Bedtime here in Florida


  • 0

#15
awot
Posted 21 June 2020 - 09:38 PM

awot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I'm pretty sure this was an Evil maid attack... or rootkit attack

 

Throw the laptop in the bin?

 

Will try those steps, thanks for your help so far.

 

Goodnight!


Edited by awot, 21 June 2020 - 09:54 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP