Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC now losing internet connection after a few hours

Started by peter plus , Jun 24 2020 07:41 AM

  • Please log in to reply

#1
peter plus
Posted 24 June 2020 - 07:41 AM

peter plus

    Member

  • Member
  • PipPipPip
  • 278 posts

You helped us out a few weeks ago with a running slow problem. Thanks for that. New problem now. PC runs OK for 4 to 5 hours and then slows down and finally drops internet connection out. Cannot reconnect to router. Have to reboot. Suspect some malware. FRST logs below. Thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2020
Ran by Nigel (administrator) on NIGEL-PC (Medion E6234) (24-06-2020 14:11:54)
Running from C:\Users\Nigel\Desktop
Loaded Profiles: Nigel
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: English (United Kingdom)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
() [File not signed] C:\Program Files (x86)\PHotkey\GPMTray.exe
() [File not signed] C:\Program Files (x86)\PHotkey\PHotkey.exe
() [File not signed] C:\Program Files (x86)\PHotkey\POsd.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CrypKey (Canada) Ltd.) [File not signed] C:\Windows\System32\Crypserv.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <7>
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2005.5-0\NisSrv.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(PEGATRON CORPORATION -> TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\Avast Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258592 2012-11-27] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [2774040 2019-12-19] (Opera Software AS -> Opera Software)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\Run: [utweb] => "C:\Users\Nigel\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKLM\...\Windows x64\Print Processors\hpzpp5k2: C:\Windows\System32\spool\prtprocs\x64\hpzpp5k2.dll [224768 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3l5k2: C:\WINDOWS\system32\hpz3l5k2.dll [130048 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Installer\chrmstp.exe [2020-06-18] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\83.1.10.97\Installer\chrmstp.exe [2020-06-24] (Brave Software, Inc.) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2012-11-27] (CyberLink Corp. -> CyberLink)
Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2020-05-05]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01C437B0-56ED-40D9-B5E3-0C1F38DC6BFE} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {0DDB73BB-E9A8-48C7-85F5-43E1321ED4B3} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {0E3DB4CE-AF71-44B2-92AB-D191AD493998} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
Task: {0FFAE542-7BB9-4A04-AEB0-99B7D9D321CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {1311D7FB-EBBB-4170-B44B-98EC12D6697E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {14C2DEB0-9A3C-4D70-BA59-A6A2662ACFB7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {2C917EC3-7D15-46D6-BC2C-4936B6F6CEA9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_pepper.exe [1454648 2020-06-09] (Adobe Inc. -> Adobe)
Task: {2F0BCB97-A472-42F3-A2B6-CA48498B4F6C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-09] (Adobe Inc. -> Adobe)
Task: {2FD8A124-C028-41BF-9A40-C7E5CB375C01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3141AAC7-DE44-4B29-9D2D-F58CA6F46ABD} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3BCA7890-7D00-4553-905F-2D71D8E8D0EC} - System32\Tasks\Opera scheduled Autoupdate 1526203677 => C:\Program Files\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {53DD12F4-F2CC-4E6A-9100-C885108EF2A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [120636720 2020-05-13] (Microsoft Windows -> Microsoft Corporation)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {6087B43D-6CAD-4401-B75B-0A743CE9AB12} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {62C4A8CD-9106-4A28-ADC3-EA65B0C2CEF0} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2020-01-29] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {745819C7-B794-409E-9046-0E87BEBED62A} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {7C0C03ED-4D20-4255-B657-BB8A2195D44E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {84BF2CA5-C49E-4F8F-A2B5-EE0130618888} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {88C2DD99-9005-4BA8-9752-E3FC8750C43A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {90BBD27A-0AF2-470A-80A6-6FDA657DF6D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {94CD9053-54E4-4574-ADC3-46C128E1EEF8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {96FBB6C0-8062-4B2A-A8AC-337F4B66166E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {9BC6554B-2264-4AA6-99F4-ED466CDE89A7} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157368 2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {A75B5455-7AEB-4924-8B0E-41496DCF4BC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {C06DFBDA-FDA4-4007-85BB-B52EFC1EEDC4} - System32\Tasks\GoogleUpdateTaskMachineCore1d5b20961366e42 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D0359883-2105-4816-A1BD-334787A7A5FB} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157368 2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {EAEC3DF0-9365-4205-B9CD-3ABB3054DEA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EC3DD447-1885-404A-ADBE-2B2201F18213} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {ECCCD5C4-9877-4CDC-8EDC-F9C97D990E56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F50F9C5A-8AB7-403A-AEC2-E4D19BF05AAA} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Opera scheduled assistant Autoupdate 1576860502.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{32a5e555-f93c-4cdf-93c2-ca42ebc72347}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{66cb41a6-c2e0-4e78-8a4c-ef22656af993}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF DefaultProfile: gv7jttb3.default
FF DefaultProfile: ar9pl8tr.default
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\TomTom\HOME\Profiles\abjn7h7c.default [2015-07-05]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default [2020-06-24]
FF Homepage: Mozilla\Firefox\Profiles\gv7jttb3.default -> hxxps://www.google.co.uk/?gws_rd=cr
FF Extension: (EPUBReader) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2020-04-10]
FF Extension: (No Name) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-10]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Comodo\IceDragon\Profiles\ar9pl8tr.default [2020-06-05]
FF Homepage: Comodo\IceDragon\Profiles\ar9pl8tr.default -> hxxps://www.youtube.com/feed/subscriptions
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] (Apple Inc. -> )
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4040141387-3011007431-2631040067-1001: @acestream.net/acestreamplugin,version=2.1.7.2 -> C:\Users\Nigel\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default [2020-06-24]
CHR DownloadDir: C:\Users\Nigel\Desktop
CHR Notifications: Default -> hxxp://sportstvonline.net; hxxps://draxe.com; hxxps://m.facebook.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Extension: (Google Docs) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-09]
CHR Extension: (Google Drive) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-10]
CHR Extension: (Google Search) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-23]
CHR Extension: (Google Docs Offline) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (Gmail) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-29]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-04-10]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
Opera: 
=======
OPR Notifications: hxxps://click.notify.support; hxxps://ctih.apparedistride.club; hxxps://dioh.veirregnant.club; hxxps://en.softonic.com; hxxps://plby.spirationsstrated.club; hxxps://uniquecaptcha.com; hxxps://videoommooth.com; hxxps://vidlox.tv; hxxps://vshare.eu; hxxps://www.footballstreamings.com; hxxps://www.techradar.com; hxxps://www.youtube.com
OPR Extension: (WhatsApp™ Messenger) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\dldmjnlgpemdnceadnpcfenlhhnlbbnl [2020-04-01]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2020-04-02]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] (Ashampoo GmbH & Co. KG -> )
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] (Ashampoo GmbH & Co. KG -> )
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc. -> Apple Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157368 2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157368 2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink -> CyberLink)
S2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink -> CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] () [File not signed]
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [150400 2019-09-13] (AnchorFree Inc -> AnchorFree Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel® pGFX -> Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [635104 2012-04-20] (Intel® Upgrade Service -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-07] (Malwarebytes Inc -> Malwarebytes)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [101184 2020-06-04] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-09] (Reason Software Company Inc. -> Reason Software Company Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] (Ashampoo GmbH & Co. KG -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ELANUSB; C:\WINDOWS\System32\Drivers\elanusb.sys [44408 2016-03-12] (CIC COMPONENTS INDUSTRIES CO., LTD. -> Windows ® Codename Longhorn DDK provider)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-07] (Malwarebytes Inc -> Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2019-03-19] (Microsoft Windows -> Intel Corporation)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [28664 2008-03-17] (CrypKey (Canada) Inc. -> )
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [401120 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-24 14:11 - 2020-06-24 14:19 - 000029371 _____ C:\Users\Nigel\Desktop\FRST.txt
2020-06-24 14:11 - 2020-06-24 14:17 - 000000000 ____D C:\FRST
2020-06-24 14:10 - 2020-06-24 14:10 - 002290688 _____ (Farbar) C:\Users\Nigel\Desktop\FRST64.exe
2020-06-21 18:20 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Local\calibre-ebook.com
2020-06-21 18:19 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\Calibre Library
2020-06-21 18:19 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Local\calibre-cache
2020-06-21 18:18 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\calibre
2020-06-21 18:17 - 2020-06-21 18:17 - 000001033 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2020-06-21 18:17 - 2020-06-21 18:17 - 000001033 _____ C:\ProgramData\Desktop\calibre - E-book management.lnk
2020-06-21 18:17 - 2020-06-21 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2020-06-21 18:17 - 2020-06-21 18:17 - 000000000 ____D C:\Program Files (x86)\Calibre2
2020-06-21 18:15 - 2020-06-21 18:16 - 110407680 _____ C:\Users\Nigel\Desktop\calibre-4.19.0.msi
2020-06-21 11:28 - 2020-06-23 10:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-06-21 11:25 - 2020-06-21 11:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-06-14 15:25 - 2020-06-14 15:27 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-06-14 15:25 - 2020-06-14 15:25 - 000001973 _____ C:\Users\Nigel\Desktop\Zoom.lnk
2020-06-14 11:12 - 2020-06-14 15:25 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Zoom
2020-06-14 10:49 - 2020-06-14 10:54 - 000837452 _____ C:\WINDOWS\Minidump\061420-60890-01.dmp
2020-06-14 10:49 - 2020-06-14 10:49 - 000000000 ____D C:\WINDOWS\Minidump
2020-06-13 18:04 - 2020-06-13 18:09 - 000000000 ____D C:\ProgramData\ProtonVPN
2020-06-13 18:04 - 2020-06-13 18:04 - 000003756 _____ C:\WINDOWS\system32\Tasks\ProtonVPN Update
2020-06-13 18:04 - 2020-06-13 18:04 - 000001234 _____ C:\Users\Public\Desktop\ProtonVPN.lnk
2020-06-13 18:04 - 2020-06-13 18:04 - 000001234 _____ C:\ProgramData\Desktop\ProtonVPN.lnk
2020-06-13 18:03 - 2020-06-13 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2020-06-13 18:01 - 2020-06-13 18:09 - 000000000 ____D C:\Users\Nigel\AppData\Local\ProtonVPN
2020-06-13 18:01 - 2020-06-13 18:03 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2020-06-13 17:51 - 2020-06-13 17:52 - 000000000 ____D C:\ProgramData\Hotspot Shield
2020-06-13 17:51 - 2020-06-13 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2020-06-13 17:51 - 2020-06-13 17:51 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield
2020-06-13 17:39 - 2020-06-13 17:40 - 000000000 ____D C:\Program Files\TAP-Windows
2020-06-13 13:52 - 2020-06-13 13:52 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\CrystalIdea Software
2020-06-11 07:57 - 2020-06-05 22:03 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-11 07:57 - 2020-06-05 22:03 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-10 08:34 - 2020-06-10 08:34 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 018029056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 011608064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 009712640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 007012864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 006292480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 005909504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003822592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003525608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003515392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-06-10 08:34 - 2020-06-10 08:34 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 002230240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 002204160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001704448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001539072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 001467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001410048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMNetMgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001272160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001151824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMNetMgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi3.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdosys.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000747832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2020-06-10 08:34 - 2020-06-10 08:34 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2020-06-10 08:34 - 2020-06-10 08:34 - 000484864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psisdecd.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000478208 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\SysWOW64\wvc.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswmdm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\termmgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswmdm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WlanMM.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wavemsp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-06-10 08:34 - 2020-06-10 08:34 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmidx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmidx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkspbrokerAx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000083600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 000028368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SecurityCenterBrokerPS.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-06-10 08:33 - 2020-06-10 08:34 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 025902080 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 019851776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 008015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007760384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007604592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007268864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 006526448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 006091048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005765144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005195432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005111808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005004344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 004858880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 004610560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 003398656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002831872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002798592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-06-10 08:33 - 2020-06-10 08:33 - 002583496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002184504 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001654960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001416224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001397560 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagperf.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001284608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001283072 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001261568 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001250816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001138688 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001100288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdosys.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001055184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001003832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000994304 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000992256 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi3.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000932256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000894024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000783496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DismApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000690176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkObjCore.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000684856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000651776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000628408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\azroles.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000614400 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\psisdecd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000593424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000575488 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\wvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000508720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000508216 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroles.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassdo.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000453944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000451864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\termmgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000407864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwizeng.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000405936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassdo.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000357176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpviewerax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\RASMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Preview.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000280376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpviewerax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wavemsp.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-06-10 08:33 - 2020-06-10 08:33 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000204008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBroker.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000199992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psr.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrecst.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaatext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000150328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrecst.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000130112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000129600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkspbrokerAx.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaatext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000108856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000093448 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000090952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000089344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwanRadioManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-06-10 08:33 - 2020-06-10 08:33 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcEpMap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasads.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-06-10 08:33 - 2020-06-10 08:33 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000063288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasads.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000041864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBrokerPS.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-06-10 08:32 - 2020-06-10 08:32 - 009931576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 007911176 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 007266080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 006066808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 005283264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 004565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 004012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003726848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003581240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 003368104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003187200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 002656256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001683968 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001583104 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001486336 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001393952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001260744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001158144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkObjCore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000892048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000797464 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000760296 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000716320 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000548984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000531768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-06-10 08:32 - 2020-06-10 08:32 - 000518456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000467952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000425056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\psr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtp.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000221496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000209216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000165832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtpUS.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000132424 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000128312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanRadioManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxGipRadioManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-06-10 08:11 - 2020-05-15 05:29 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-06-10 08:11 - 2020-05-15 05:10 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-06-07 18:15 - 2020-06-07 18:15 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-07 18:15 - 2020-06-07 18:15 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-07 18:15 - 2020-06-07 18:15 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-07 18:15 - 2020-06-07 18:15 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-07 18:15 - 2020-06-07 18:14 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-07 18:15 - 2020-06-07 18:14 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-06-07 18:14 - 2020-06-07 18:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-07 17:54 - 2020-06-07 17:54 - 000000000 ____D C:\Malwarebytes
2020-06-07 11:35 - 2020-06-24 14:04 - 000313492 _____ C:\WINDOWS\ntbtlog.txt
2020-06-07 09:11 - 2020-06-07 11:07 - 000009927 _____ C:\Users\Nigel\Pictures\Documents\catspeak.xlsx
2020-06-07 08:20 - 2020-06-08 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2020-06-07 08:20 - 2020-06-08 18:58 - 000000000 ____D C:\Program Files (x86)\HD Tune
2020-06-06 19:29 - 2020-06-06 19:29 - 000000000 ____D C:\Users\Nigel\Intel
2020-06-06 19:12 - 2020-06-06 19:12 - 000007604 _____ C:\Users\Nigel\AppData\Local\Resmon.ResmonCfg
2020-06-06 12:08 - 2020-06-06 12:08 - 000000000 ____D C:\Users\Nigel\AppData\Local\OO Software
2020-06-06 09:52 - 2020-06-06 09:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2020-06-06 09:51 - 2020-06-06 09:51 - 000000000 ____D C:\Program Files (x86)\Seagate
2020-06-06 09:12 - 2020-06-11 15:49 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2020-06-06 09:12 - 2020-06-06 09:12 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2020-06-05 18:28 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2020-06-05 18:02 - 2020-06-05 18:02 - 000014582 _____ C:\junk.txt
2020-06-05 17:41 - 2020-06-07 11:22 - 000036408 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2020-06-05 12:42 - 2020-06-13 13:51 - 001578808 _____ (SpeedyFox) C:\Users\Nigel\Desktop\speedyfox.exe
2020-05-31 15:43 - 2020-05-31 21:55 - 000489846 _____ C:\Users\Nigel\Pictures\Documents\brandsquiz.pptx
2020-05-30 08:42 - 2020-05-30 08:42 - 003716578 _____ C:\Users\Nigel\Pictures\Documents\facesquiz2020a.pptx
2020-05-25 15:46 - 2020-05-25 15:46 - 000000768 _____ C:\Users\Nigel\Downloads\Music - Shortcut.lnk
2020-05-25 14:46 - 2020-05-25 14:46 - 000001147 _____ C:\Users\Public\Desktop\VLC media player.lnk
2020-05-25 14:46 - 2020-05-25 14:46 - 000001147 _____ C:\ProgramData\Desktop\VLC media player.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-24 14:05 - 2020-01-29 13:56 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B36B5B0B-3BFB-42EB-BDEA-CF50958C5376}
2020-06-24 14:02 - 2015-08-26 10:42 - 000000000 __SHD C:\Users\Nigel\IntelGraphicsProfiles
2020-06-24 13:56 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-24 13:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-24 13:09 - 2020-01-29 12:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-24 08:44 - 2020-05-17 19:26 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2020-06-24 08:44 - 2020-05-17 19:26 - 000002381 _____ C:\Users\Public\Desktop\Brave.lnk
2020-06-24 08:44 - 2020-05-17 19:26 - 000002381 _____ C:\ProgramData\Desktop\Brave.lnk
2020-06-23 21:46 - 2013-08-27 21:23 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\vlc
2020-06-23 17:36 - 2020-01-29 13:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-23 17:36 - 2018-05-13 10:26 - 000000000 ____D C:\Program Files\Opera
2020-06-23 17:36 - 2015-11-14 19:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-23 17:34 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-06-23 17:33 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-23 10:25 - 2018-02-23 21:20 - 000000000 ____D C:\Users\Nigel\AppData\LocalLow\Mozilla
2020-06-23 10:20 - 2015-11-14 19:15 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-22 15:52 - 2020-05-11 17:49 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Telegram Desktop
2020-06-22 15:18 - 2020-01-29 13:56 - 000003944 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1526203677
2020-06-22 15:18 - 2018-05-13 10:28 - 000001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2020-06-21 19:56 - 2014-02-06 17:45 - 000000000 ____D C:\Users\Nigel\AppData\Local\ElevatedDiagnostics
2020-06-21 18:19 - 2020-01-29 13:13 - 000000000 ____D C:\Users\Nigel
2020-06-20 09:30 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-19 20:52 - 2013-08-29 17:50 - 000095976 _____ C:\Users\Nigel\AppData\Local\GDIPFONTCACHEV1.DAT
2020-06-18 14:06 - 2014-12-31 14:56 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-18 14:06 - 2014-12-31 14:56 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-18 14:06 - 2014-12-31 14:56 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-17 12:49 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-06-16 08:09 - 2020-01-29 13:27 - 000842708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-15 20:26 - 2015-12-09 14:51 - 000000000 ____D C:\Users\Nigel\AppData\LocalLow\Temp
2020-06-14 10:49 - 2019-08-08 15:04 - 523328468 _____ C:\WINDOWS\MEMORY.DMP
2020-06-13 17:51 - 2015-08-31 13:37 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-11 07:58 - 2015-09-16 10:10 - 000000000 ___RD C:\Users\Nigel\3D Objects
2020-06-11 07:58 - 2013-04-17 10:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-06-11 07:56 - 2020-01-29 12:59 - 000454432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-11 01:48 - 2019-03-19 12:37 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-06-11 01:48 - 2019-03-19 12:37 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-06-10 08:41 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-10 08:32 - 2020-01-29 13:05 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-06-09 19:51 - 2020-01-29 13:56 - 000004586 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-06-09 19:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-09 19:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-09 18:52 - 2020-01-29 13:56 - 000004574 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-06-09 08:14 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Registration
2020-06-08 18:04 - 2013-11-12 01:47 - 000000000 ____D C:\Program Files (x86)\Intel
2020-06-08 17:56 - 2017-08-02 11:35 - 000000000 ____D C:\Program Files\Intel
2020-06-07 18:15 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-06-07 11:46 - 2020-05-01 21:57 - 000000000 ____D C:\Users\Nigel\AppData\Local\CrashDumps
2020-06-06 17:00 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-04 10:15 - 2018-02-17 02:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-06-04 00:01 - 2017-12-07 00:36 - 000000000 ____D C:\Users\Nigel\AppData\Local\Packages
2020-06-02 16:34 - 2016-01-05 11:38 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-05-30 08:40 - 2014-10-17 14:06 - 000000000 ____D C:\Users\Nigel\Pictures\Documents\My Received Files
2020-05-29 08:31 - 2017-07-07 12:23 - 000000000 ____D C:\Program Files\UNP
 
==================== Files in the root of some directories ========
 
2018-05-20 16:24 - 2018-05-20 16:25 - 075565632 _____ (Malwarebytes                                                ) C:\Users\Nigel\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5170.exe
2014-12-26 21:19 - 2014-12-26 21:19 - 000085130 _____ () C:\Users\Nigel\AppData\Local\ars.cache
2014-12-26 21:19 - 2014-12-26 21:19 - 000135658 _____ () C:\Users\Nigel\AppData\Local\census.cache
2015-07-06 22:43 - 2020-04-18 18:50 - 000005632 _____ () C:\Users\Nigel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-26 21:11 - 2014-12-26 21:11 - 000000036 _____ () C:\Users\Nigel\AppData\Local\housecall.guid.cache
2020-06-06 19:12 - 2020-06-06 19:12 - 000007604 _____ () C:\Users\Nigel\AppData\Local\Resmon.ResmonCfg
2014-12-26 21:16 - 2014-12-26 21:16 - 000000010 _____ () C:\Users\Nigel\AppData\Local\sponge.last.runtime.cache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2020
Ran by Nigel (24-06-2020 14:22:15)
Running from C:\Users\Nigel\Desktop
Windows 10 Home Version 1909 18363.900 (X64) (2020-01-29 12:58:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4040141387-3011007431-2631040067-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4040141387-3011007431-2631040067-503 - Limited - Disabled)
Guest (S-1-5-21-4040141387-3011007431-2631040067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4040141387-3011007431-2631040067-1005 - Limited - Enabled)
Nigel (S-1-5-21-4040141387-3011007431-2631040067-1001 - Administrator - Enabled) => C:\Users\Nigel
WDAGUtilityAccount (S-1-5-21-4040141387-3011007431-2631040067-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20067 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.387 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.387 - Adobe)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 83.1.10.97 - The Brave Authors)
calibre (HKLM-x32\...\{0E691C85-5591-47B1-AA8A-4C7CB3713F61}) (Version: 4.19.0 - Kovid Goyal)
CyberLink PowerRecover (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (HKLM-x32\...\{1F0C818D-4A41-4E40-BAFB-BB940C82A518}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (HKLM-x32\...\{E354D495-5DA4-4CCF-AB39-080F6A4141BE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (HKLM-x32\...\{9F470E17-4FC3-4091-A508-D5347A16A2B9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (HKLM-x32\...\{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (HKLM-x32\...\{E50E3DBC-46AA-4827-B2A6-F995D81DF526}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (HKLM-x32\...\{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (HKLM-x32\...\{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.106 - Google LLC)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Hotspot Shield 8.7.1 (HKLM-x32\...\{58599c2c-07bd-4d55-b68e-e8df3c698c39}) (Version: 8.7.1.11380 - AnchorFree Inc.)
Hotspot Shield 8.7.1 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925D197BF97}) (Version: 8.7.1.11380 - AnchorFree Inc.) Hidden
Hotspot Shield 8.7.1 (HKLM-x32\...\HotspotShield) (Version: 8.7.1 - AnchorFree Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c4a581e8-a702-448c-80c7-4b6192985db2}) (Version: 10.1.18228.8176 - Intel® Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.1924 - CyberLink Corp.) Hidden
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{058EDEC8-1873-4B49-9A08-54ADE9CC129B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{306C7AEF-16C7-428D-93AA-99D4A4090243}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{36BEC461-B58A-414D-993E-E2BDD1F1A14B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{62BBCDDC-4979-4E59-9D97-5B8E874C3191}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{751EB657-3F22-4150-8CE4-D79A262F1D92}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{7E63F102-A9E9-4F4C-8004-BC62974736BF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A47EA9D4-BB87-415E-9239-28860434E5A0}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 77.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 77.0.1 (x64 en-GB)) (Version: 77.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 77.0.1.7458 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NOW TV Player 7.1.0.0 (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\com.bskyb.nowtvplayer_is1) (Version: 7.1.0.0 - NOW TV)
Opera Stable 68.0.3618.173 (HKLM-x32\...\Opera 68.0.3618.173) (Version: 68.0.3618.173 - Opera Software)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0081 - Pegatron Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Podstawowe programy Windows Live (HKLM-x32\...\{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
ProtonVPN (HKLM-x32\...\{CC56589D-2FE8-4B38-9024-0ABCD9F3CB0E}) (Version: 1.16.1 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.16.1) (Version: 1.16.1 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
Stellar Phoenix Outlook PST Repair (HKLM-x32\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd.)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Telegram Desktop version 2.1.6 (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.1.6 - Telegram FZ-LLC)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Valokuvavalikoima (HKLM-x32\...\{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Συλλογή φωτογραφιών (HKLM-x32\...\{A19A8C25-272A-4CD6-8BA8-3772321A021B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
Packages:
=========
Ashampoo ImageFX for Medion -> C:\Program Files\WindowsApps\AshampooMedion.AshampooImageFXforMedion_1.0.2.14_x64__g53hytncy48pj [2013-08-27] (Ashampoo GmbH &amp; Co. KG)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-01-29] (Autodesk Inc.)
Cyberlink PowerDVD_BE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.PowerDVDforMedion_1.1.918.19562_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
Cyberlink YouCam_DE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.YouCamforMedion_1.1.2118.27406_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-28] (HP Inc.)
Kaspersky Now -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyNow_1.0.0.43_neutral__8jx5e25qw3tdc [2014-06-09] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.11.6020.0_x64__8wekyb3d8bbwe [2020-06-09] (Microsoft Studios) [MS Ad]
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.9.1913.0_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-04] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.6.10070.0_x64__8wekyb3d8bbwe [2020-01-29] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-29] (MAGIX)
Pinball FX2 -> C:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.8.1.957_x86__8wekyb3d8bbwe [2015-04-14] (Microsoft Studios)
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2018-10-25] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Nigel\Desktop\Programs\eBay.co.uk.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://rover.ebay.com/rover/1/710-154513-44482-12/4
ShortcutWithArgument: C:\Users\Nigel\Desktop\Programs\Windows 8 Info.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.windows.com/getstarted
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com
 
==================== Loaded Modules (Whitelisted) =============
 
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2020-06-23 17:37 - 000001306 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Control Panel\Desktop\\Wallpaper -> g:\pics\wallpaper\scarborough3.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "Nigel.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "F.lux"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "utweb"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{1C8DA673-F458-4BAA-BAEF-861A2E8393B2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{8328AFFF-8E8B-4A59-B42F-FFA59BABEF22}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F898E098-8226-49AC-A2AB-50D8CA2C408D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7903EFD5-936F-406E-819A-FA0F75472286}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{8B0238E8-8977-48E9-829D-A544D5ADC6AC}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{EF66AF92-541B-4E8F-988D-4883C5391C21}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{F9B9E328-11FA-4F8D-A125-A89D29316FDE}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{077D7CB9-51D9-4968-8C3F-A46366973E64}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{873454CA-BB93-42D0-9381-713EC7027C3E}] => (Allow) C:\Program Files\Opera\68.0.3618.165\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{94127FE1-9C7B-4635-B0C8-F1EBEE99CF43}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{449D2AFF-ECDF-4B15-8FB5-CD854F13A2D2}] => (Allow) C:\Program Files\Opera\68.0.3618.173\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{2019BB63-11B1-4F43-AF2D-1F251577489B}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
 
==================== Restore Points =========================
 
08-06-2020 15:15:13 Removed Google Update Helper
13-06-2020 18:02:10 Installed ProtonVPN
23-06-2020 16:07:26 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/24/2020 08:40:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CLMSServer.exe, version: 2.0.0.8731, time stamp: 0x4d9440c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xffffffff
Faulting process ID: 0x624
Faulting application start time: 0x01d6497c84963f2f
Faulting application path: C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
Faulting module path: unknown
Report ID: 08be3895-948e-431e-bda5-beed0c6c0f6c
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/23/2020 05:33:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (06/23/2020 05:33:48 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (06/23/2020 05:06:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2020.19111.24110.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 268
 
Start Time: 01d649782314eff2
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: 996f21a6-f347-421e-91cb-769f18c54365
 
Faulting package full name: Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Hang type: Cross-thread
 
Error: (06/21/2020 01:07:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (06/21/2020 01:07:13 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (06/21/2020 01:07:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (06/21/2020 01:07:12 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
 
System errors:
=============
Error: (06/24/2020 02:07:56 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (06/24/2020 02:04:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (06/24/2020 10:46:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/24/2020 08:48:08 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (06/24/2020 08:42:44 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (06/24/2020 08:41:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 10 MS Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/24/2020 08:40:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/24/2020 08:40:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
 
Windows Defender:
===================================
Date: 2020-06-21 21:49:39.050
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9835B464-E147-4A4E-9CCB-A0D07286B516}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-06-21 21:44:29.651
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5930FE65-985B-4584-BDAB-54E4B8A83C88}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-06-21 21:35:00.150
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {17666F50-00EF-4E68-BA6C-48A049083824}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-06-21 21:28:28.272
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {27426A7B-D2CE-46FA-B39D-C4EE24B8E012}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-06-21 20:55:59.352
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {76A9E4E2-6A19-4EC7-B006-61BC4590F0B1}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2020-06-21 13:57:02.219
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-06-21 13:57:02.117
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-06-21 13:56:55.075
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-06-21 13:56:54.482
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-06-21 13:56:54.374
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-06-21 13:56:53.690
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-06-21 13:56:53.187
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-06-21 13:56:51.335
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 503 09/29/2012
Motherboard: Medion E6234
Processor: Intel® Celeron® CPU 1000M @ 1.80GHz
Percentage of memory in use: 89%
Total physical RAM: 3976.96 MB
Available physical RAM: 406.16 MB
Total Virtual: 6408.96 MB
Available Virtual: 1966.5 MB
 
==================== Drives ================================
 
Drive c: (Boot) (Fixed) (Total:402.36 GB) (Free:267.74 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:39.33 GB) NTFS
Drive g: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:82.01 GB) NTFS
 
\\?\Volume{28093404-c710-4e21-8095-578ed04ea020}\ () (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
\\?\Volume{f0292acd-d868-4d82-aebe-70b13313b326}\ () (Fixed) (Total:1.69 GB) (Free:1.09 GB) NTFS
\\?\Volume{1b7803ef-dedf-4406-bbfc-e017c55c457f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 28676295)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
RKinner
Posted 24 June 2020 - 06:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.




Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#3
peter plus
Posted 25 June 2020 - 02:42 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 62.43 60 K 8 K 0
MpSigStub.exe 19.48 1,548 K 5,552 K 86316 Microsoft Malware Protection Signature Update Stub Microsoft Corporation (Verified) Microsoft Corporation
procexp64.exe 9.36 38,228 K 71,456 K 38916 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
MsMpEng.exe 7.08 1,867,928 K 314,160 K 3932 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows Publisher
System 4.71 256 K 21,780 K 4
AM_Delta_Patch_1.319.57.0.exe 2.00 764 K 2,912 K 84608 Microsoft Antimalware WU Stub Microsoft Corporation (Verified) Microsoft Corporation
Interrupts 0.82 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.96 38,908 K 56,732 K 85192 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.60 8,104 K 20,532 K 852 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
wuauclt.exe 0.43 2,028 K 8,652 K 86084 Windows Update Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.41 8,980 K 14,028 K 3480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 0.34 2,848 K 5,700 K 80920 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
GFNEXSrv.exe 0.30 25,328 K 22,440 K 3372 GFNEXSrv (No signature was present in the subject)
WmiPrvSE.exe 0.25 2,992 K 10,284 K 1656 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
GPMTray.exe 0.19 9,020 K 19,600 K 32068 Generic Power Manager (No signature was present in the subject)
chrome.exe 0.12 56,820 K 90,840 K 86208 Google Chrome Google LLC (Verified) Google LLC
explorer.exe 0.11 39,304 K 99,936 K 78868 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.07 2,336 K 6,312 K 604 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.06 5,032 K 16,860 K 87472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.06 6,416 K 19,944 K 3212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
PHotkey.exe 0.05 5,924 K 15,776 K 73540 PHotkey (No signature was present in the subject)
AppleMobileDeviceService.exe 0.05 3,420 K 12,156 K 3780 MobileDeviceService Apple Inc. (Verified) Apple Inc.
chrome.exe 0.04 92,404 K 154,676 K 86464 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.03 14,168 K 32,676 K 980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 0.03 6,044 K 10,832 K 832 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.03 7,208 K 14,696 K 628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.02 26,148 K 49,460 K 86432 Google Chrome Google LLC (Verified) Google LLC
LMS.exe 0.02 2,020 K 6,360 K 8100 Local Manageability Service Intel Corporation (Verified) Intel Corporation
SearchIndexer.exe 0.01 32,460 K 34,940 K 5888 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
ACT2Service.exe 0.01 4,080 K 4,336 K 588 (Verified) Ashampoo GmbH & Co. KG
svchost.exe 0.01 4,408 K 15,544 K 2852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
unchecky_bg.exe 0.01 1,960 K 10,092 K 85720 Unchecky Background Process Reason Software Company Inc. (Verified) Reason Software Company Inc.
Crypserv.exe 0.01 2,264 K 8,428 K 3904 CrypKey License Service CrypKey (Canada) Ltd. (No signature was present in the subject) CrypKey (Canada) Ltd.
conhost.exe 0.01 6,748 K 13,096 K 64292 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe < 0.01 7,616 K 23,712 K 85724 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
MpCmdRun.exe < 0.01 2,264 K 7,552 K 86552 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Windows Publisher
mbamtray.exe < 0.01 24,872 K 40,400 K 84716 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Inc
SynTPEnh.exe < 0.01 6,420 K 21,400 K 85964 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe < 0.01 3,092 K 10,452 K 3068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,700 K 11,156 K 1160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 32,088 K 46,640 K 5424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 6,528 K 26,880 K 20660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,464 K 7,928 K 7084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 1,828 K 6,820 K 1464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 5,244 K 15,056 K 3820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,288 K 9,288 K 2408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,668 K 12,052 K 7664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 10,320 K 24,124 K 78612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,864 K 9,168 K 2588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,552 K 16,432 K 79096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
MBAMService.exe < 0.01 23,464 K 58,292 K 3796 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Inc
YourPhone.exe Suspended 22,196 K 45,052 K 21224 YourPhone Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WUDFHost.exe 1,980 K 4,000 K 1748 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,468 K 10,404 K 44252 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,760 K 10,060 K 84556 Windows Log-on Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,660 K 7,348 K 700 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
unsecapp.exe 1,392 K 6,856 K 5288 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 3,508 K 8,764 K 7464 User Notification Service Intel Corporation (Verified) Intel Corporation
unchecky_svc.exe 2,124 K 9,648 K 4144 Unchecky Service Reason Software Company Inc. (Verified) Reason Software Company Inc.
taskhostw.exe 6,116 K 15,644 K 38284 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,048 K 4,720 K 37412 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe 1,220 K 4,544 K 3924 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 3,004 K 6,284 K 6796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,744 K 11,728 K 2092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,716 K 8,768 K 864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,408 K 9,188 K 4480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,016 K 8,548 K 1796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,580 K 9,000 K 2208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,220 K 22,792 K 1064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,172 K 7,528 K 3092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,512 K 6,900 K 1872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,348 K 5,948 K 1940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,352 K 13,364 K 3868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,512 K 15,308 K 3520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11,816 K 20,796 K 2320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,108 K 10,884 K 816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,344 K 16,976 K 3696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,036 K 8,312 K 3548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,276 K 14,996 K 3680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,080 K 7,072 K 7812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,644 K 6,212 K 1488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 17,768 K 19,848 K 1712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,560 K 9,308 K 4056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,284 K 21,996 K 3768 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,524 K 14,008 K 1476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,472 K 10,092 K 2252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,380 K 12,564 K 1244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,696 K 16,612 K 1560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,632 K 7,524 K 1308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,120 K 6,308 K 2080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,560 K 6,844 K 35152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,304 K 15,360 K 3320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,164 K 8,172 K 2064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,052 K 31,828 K 8356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,264 K 22,232 K 38748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,788 K 18,628 K 5784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,912 K 19,212 K 7408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 31,688 K 56,696 K 85908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,876 K 15,360 K 8168 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,976 K 8,932 K 85972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 948 K 3,996 K 960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,588 K 11,028 K 1220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,420 K 13,192 K 1228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,256 K 9,624 K 1236 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,484 K 8,880 K 1328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,332 K 6,656 K 1704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,472 K 6,176 K 2004 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,368 K 3,700 K 2052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,540 K 7,388 K 2112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,528 K 9,104 K 2456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,856 K 5,400 K 2468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,848 K 7,516 K 3828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,480 K 5,800 K 3840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,320 K 9,876 K 3848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,616 K 6,716 K 3860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,624 K 4,044 K 3156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,900 K 14,264 K 4648 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,848 K 8,096 K 5080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,416 K 6,216 K 3556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,524 K 11,192 K 4868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,160 K 9,628 K 5256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,576 K 2,548 K 4788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,632 K 3,928 K 8188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,888 K 8,492 K 26812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,792 K 7,804 K 20860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,776 K 6,860 K 75540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe 26,432 K 65,492 K 37244 (Verified) Microsoft Windows
spoolsv.exe 5,664 K 5,868 K 3436 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 1,180 K 1,232 K 368 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 9,300 K 25,540 K 37964 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 6,640 K 27,440 K 38404 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 3,424 K 6,404 K 7816 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SecurityHealthService.exe 3,084 K 8,296 K 6600 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 78,624 K 78,600 K 84504 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 1,976 K 8,088 K 87224 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 1,552 K 6,464 K 63648 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,088 K 26,456 K 87116 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,884 K 17,296 K 78684 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,556 K 23,320 K 37708 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,044 K 14,204 K 7884 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
Registry 8,532 K 72,304 K 88
procexp.exe 4,524 K 11,048 K 84024 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 25,504 K 7,676 K 1252 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
POsd.exe 9,864 K 19,704 K 85828 OEM Osd (No signature was present in the subject)
NisSrv.exe 4,876 K 10,572 K 6928 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Windows Publisher
MsgTranAgt64.exe 1,068 K 4,880 K 7364 MsgTranAgt (Verified) PEGATRON CORPORATION
MsgTranAgt.exe 1,168 K 5,412 K 85488 MsgTranAgt (Verified) PEGATRON CORPORATION
MpCmdRun.exe 2,780 K 9,940 K 86852 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Windows Publisher
LockApp.exe Suspended 13,708 K 37,636 K 61224 LockApp.exe Microsoft Corporation (Verified) Microsoft Windows
Jhi_service.exe 1,332 K 6,228 K 3804 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
igfxTray.exe 8,052 K 16,840 K 85072 igfxTray Module Intel Corporation (Verified) Intel® pGFX
igfxHK.exe 5,588 K 12,656 K 85380 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 7,444 K 17,096 K 82648 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 2,156 K 9,452 K 2364 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
HeciServer.exe 1,636 K 7,752 K 3772 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
HCSynApi.exe 2,596 K 10,040 K 64392 TODO: <File description> TODO: <Company name> (Verified) PEGATRON CORPORATION
fontdrvhost.exe 1,484 K 3,952 K 1008 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 2,156 K 5,680 K 85052 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,536 K 6,852 K 87524 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 3,588 K 9,816 K 2296 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 3,480 K 13,932 K 85020 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
CLMSMonitorService.exe 1,140 K 4,064 K 3104 CyberLink Spark Media Server Monitor Service CyberLink (Verified) CyberLink
chrome.exe 17,184 K 33,900 K 86968 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 81,200 K 98,728 K 86892 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 22,744 K 46,544 K 86396 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 28,348 K 51,260 K 49148 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 78,512 K 104,108 K 86304 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 25,200 K 48,064 K 10840 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 1,736 K 6,784 K 86488 Google Chrome Google LLC (Verified) Google LLC
audiodg.exe 6,288 K 11,708 K 87900 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,416 K 6,468 K 2964 Adobe Acrobat Update Service Adobe Systems (Verified) Adobe Inc.
AHDDC2_Service.exe 4,592 K 12,012 K 3536 (Verified) Ashampoo GmbH & Co. KG
 

Attached Files


  • 0

#4
RKinner
Posted 25 June 2020 - 04:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Suspect it may be overheating.   Get Speedfan:

 

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  
Win 10 hides icons by default so: Settings, Personalization,  Taskbar, Select which Icons appear on Taskbar,  then turn Speedfan ON.
With no other programs running what is the highest temp you see?  Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes.  What is the highest temp now?
 

We don't really want it to go over about 65 under load.  If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink.  However on some PCs this is major surgery.  Sometimes you can blow air backwards through the exhaust vent while vacuuming at the input vent and if you are lucky it may clear the heatsink.  Don't do it too long as the fan may overrev.

 


  • 0

#5
peter plus
Posted 25 June 2020 - 05:18 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Looks like it 

 

Without programs 71 deg

With video 78 deg


  • 0

#6
RKinner
Posted 25 June 2020 - 06:00 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Before you start to take it apart:

 

You have Windows Defender & Avast running.

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
 

 

You only want one running at a time.  Normally Avast should shut down Windows Defender when you install it.  For some reason it didn't

 

You can make a registry change to stop it permanently:

https://www.windowsc...nder-windows-10

Click through to page 3

 

Process Explorer is showing:

 

MpSigStub.exe 19.48 1,548 K 5,552 K 86316 Microsoft Malware Protection Signature Update Stub Microsoft Corporation (Verified) Microsoft Corporation

MsMpEng.exe 7.08 1,867,928 K 314,160 K 3932 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows Publisher

 

If you go into Process Explorer (hit Space bar to stop it jumping) and right click on each of these and Pause them you can see if that is causing your overheating.

 

Then rerun the speedfan test and see if that helps enough to keep it under 65 C

 

You will probably need to take it apart, remove the fan (not the heatsink/heat pipe) and clean the dust out of the interface between the heatsink and the fan.  If you do it yourself note where each screw comes from as they are often different sizes.  I draw a picture and mark each screw with a different number then stick them to a piece of upside down tape with the number written on the tape.  Google the model number with the word disassembly.  There are usually several videos showing how to take it apart.  If you have to remove the heatsink then you will need to replace the thermal paste.  I use Arctic Silver.  There is a kit on Amazon with cleaners.  Instructions on the Arctic Silver site.


  • 0

#7
peter plus
Posted 25 June 2020 - 07:42 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Disabled Windows Defender OK. Was running painfully slow but started up at normal speed.

 

Couldn't find these entries in Process Explorer after reboot

 

MpSigStub.exe 19.48 1,548 K 5,552 K 86316 Microsoft Malware Protection Signature Update Stub Microsoft Corporation (Verified) Microsoft Corporation

MsMpEng.exe 7.08 1,867,928 K 314,160 K 3932 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows Publisher

 

Speedfan temps are much lower  

 

Normal 64deg

With video 70deg

 

 

 


  • 0

#8
RKinner
Posted 25 June 2020 - 07:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

That may be enough to keep it from coming to a screeching halt for a while tho high temps will shorten the life.  It will get worse over time as the heatsink gets more clogged with dust.  You might find a laptop cooler tray of use if you don't want to risk taking it apart.  Some laptops are really easy to clean (some Dells) whereas others require major surgery (Most HPs)


  • 0

#9
peter plus
Posted 25 June 2020 - 08:01 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Brilliant thanks so much again.

 

Interesting you mention about HP. The reason I am back using this Medion is because I have a HP Pavilion that developed a known HP problem.

 

It won't charge when laptop is running. Charging indicater lights up for about 10 secs then goes out. It runs then on battery.

After you shut down it will take a charge (varies between 70-80%)

 

Online forums suggest this is a firmware problem to which there is no easy fix.

I don't know if you've come across this before?


  • 0

#10
RKinner
Posted 25 June 2020 - 09:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

I wonder if the final option on

https://h30434.www3....in/td-p/7095825

would help?  Where it says:

If the test passes, continue with these steps:

1. Go to Start, search for Device Manager, and open this result.

2. Expand batteries.

3. Right-click on the ACPI option (usually the 2nd option) and select delete or uninstall  (Uninstall Device is the Win 10 option.  When you reboot it will reinstall it so don't let it remove the drivers if it asks.)

...

 

If that doesn't help give me the model number & serial number from the label on the bottom.


  • 0

Advertisements

#11
peter plus
Posted 25 June 2020 - 10:48 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

I saw this posted online. I uninstalled the ACPI driver and rebooted. No difference

Unfortunately it is a closed system and you have to take the bottom off to remove battery.

Wasn't comfortable doing this so haven't tried out procedure completely.

 

Model No. 15-au070sa

Serial No. SCD6328C52

 

The Medion is now significantly overheating. Got up to 90deg while streaming video. 

Going to use this sparingly now.

 

I do have my daughter's old Toshiba laptop as another back up. She's living overseas now.

I booted it up and Malwarebytes found 76 infections!!

 

I'm sure there's more there too. I'll open another thread for the Toshiba :-)


  • 0

#12
RKinner
Posted 25 June 2020 - 09:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Try the latest BIOS for the HP: F.52 Rev.A

 

https://support.hp.c...mId/ob-230735-2

 

Looking at the older releases:

 

Version: F.45 Rev.A

Fixed in this release: - Fixes an intermittent issue where the system battery does not recharge completely. - Provides the updated Intel CPU microcode to improve system stability and security.

Version: F.44 Rev.A

Fixed in this release: - Provides improved security.

Version: F.42 Rev.A

Fixed in this release: - Fixes an issue where the battery information is reported incorrectly. - Provides improved battery health when the system is connected to an AC adapter.
- Provides improved security of UEFI code.


  • 0

#13
peter plus
Posted 26 June 2020 - 02:21 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Updated BIOS but sadly no difference


  • 0

#14
RKinner
Posted 26 June 2020 - 04:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Did you check to see if your battery has been recalled?

 

https://h30686.www3.hp.com/?lang=en-US

 

Don't know if the replacement program is still in effect but might be worth a try.

 

Most HP chargers have a small pin in the center of the connector.  Sometimes the pin gets bent or broken. 

https://cdn.instruct...1024&fit=bounds


  • 0

#15
peter plus
Posted 26 June 2020 - 07:27 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Checked battery program. No recall detected

 

battery.jpg

 

PIn looks a bit bent but it still does charge no problem when switched off.

 

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP