The pin is used by HP as a way of detecting that you have a genuine HP charger. If the pin doesn't work then the laptop will slow down. Look on the laptop's connector. Is the part of the connector where the pin goes bent too?
PC now losing internet connection after a few hours
Started by
peter plus
, Jun 24 2020 07:41 AM
#17
Posted 28 June 2020 - 08:05 AM
peter plus
- Topic Starter
-
- Member
-
- 278 posts
Member
Sorry to keep this thread going but the original problem on the Medion has returned.
I've managed to blow the dust off the heatsink and sped fan now shows temps well under 65deg consistently.
The Medion drops internet connection now at random times from a few seconds to several hours.
Last time it took two reboots to re-establish connection.
A colleague helped me out with my daughter's Toshiba Satellite.
I ran simultaneous Speedtest on the Medion and Toshiba sat next to each other.
The Toshiba has AMD A4-5000 APU processor, 3.4GB RAM, Base Speed 1.5GHz
The Medion has Intel Celeron CPU 1000M, 3.9GB RAM, Base Speed 1.8GHz
Medion has much slower speed than the supposedly slower Toshiba.
Don't know if you have any thoughts??
#18
Posted 28 June 2020 - 10:19 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Did we do this already?
Search for
device manager
hit Enter
Click on the arrow in front of Network Adapters to open it up. Right click on your WiFi or Wireless adapter and select Properties. Then click on the Power Management tab. Uncheck "Allow the computer to turn off this device to save power" OK?
There are two other wireless routers using the same channel (11). If you can log in to your router and change the channel assignment from Auto to Manual then choose a different unused channel (1 or 2) you might see some improvement.
Sometimes shutting up windows will help:
Search for
task scheduler
hit Enter
Click on the arrow in front of Task Scheduler Library then
Click on the arrow in front of Microsoft
Click on the arrow in front of Windows
Click on Application Experience. In the next pane to the right, right click on each Task and Disable. Should be three tasks.
Click on Customer Experience Improvement Program. In the next pane to the right, right click on each Task and Disable. Should be two tasks.
Download OOSU10.exe:
https://www.oo-softw...com/en/shutup10
Download and Save it (You will get a popup while it's downloading. You can X out of it)
then Right click and Run As Admin.
Allow it to make a System Restore Point.
Click on Actions then on Apply Recommended Settings.
Close the program and reboot.
Also give me another FRST scan with addition.txt checked so I can see if we are still getting a lot of errors.
#19
Posted 28 June 2020 - 01:15 PM
peter plus
- Topic Starter
-
- Member
-
- 278 posts
Member
Changed to Channel 1. Much improved speed!!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2020
Ran by Nigel (administrator) on NIGEL-PC (Medion E6234) (28-06-2020 19:42:24)
Running from C:\Users\Nigel\Desktop
Loaded Profiles: Nigel
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: English (United Kingdom)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\GPMTray.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\PHotkey.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\POsd.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CrypKey (Canada) Ltd.) [File not signed] [File is in use] C:\Windows\System32\Crypserv.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(PEGATRON CORPORATION -> TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\Avast Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258592 2012-11-27] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [2774040 2019-12-19] (Opera Software AS -> Opera Software)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\Run: [utweb] => "C:\Users\Nigel\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKLM\...\Windows x64\Print Processors\hpzpp5k2: C:\Windows\System32\spool\prtprocs\x64\hpzpp5k2.dll [224768 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3l5k2: C:\WINDOWS\system32\hpz3l5k2.dll [130048 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\83.1.10.97\Installer\chrmstp.exe [2020-06-24] (Brave Software, Inc.) [File not signed] [File is in use]
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2012-11-27] (CyberLink Corp. -> CyberLink)
Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2020-05-05]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01C437B0-56ED-40D9-B5E3-0C1F38DC6BFE} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {0DDB73BB-E9A8-48C7-85F5-43E1321ED4B3} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {0E3DB4CE-AF71-44B2-92AB-D191AD493998} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
Task: {0FFAE542-7BB9-4A04-AEB0-99B7D9D321CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {1311D7FB-EBBB-4170-B44B-98EC12D6697E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {14C2DEB0-9A3C-4D70-BA59-A6A2662ACFB7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {2C917EC3-7D15-46D6-BC2C-4936B6F6CEA9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_pepper.exe [1454648 2020-06-09] (Adobe Inc. -> Adobe)
Task: {2F0BCB97-A472-42F3-A2B6-CA48498B4F6C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-09] (Adobe Inc. -> Adobe)
Task: {2FD8A124-C028-41BF-9A40-C7E5CB375C01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3141AAC7-DE44-4B29-9D2D-F58CA6F46ABD} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3BCA7890-7D00-4553-905F-2D71D8E8D0EC} - System32\Tasks\Opera scheduled Autoupdate 1526203677 => C:\Program Files\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {53DD12F4-F2CC-4E6A-9100-C885108EF2A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [120636720 2020-05-13] (Microsoft Windows -> Microsoft Corporation)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {6087B43D-6CAD-4401-B75B-0A743CE9AB12} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {62C4A8CD-9106-4A28-ADC3-EA65B0C2CEF0} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2020-01-29] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {745819C7-B794-409E-9046-0E87BEBED62A} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {7C0C03ED-4D20-4255-B657-BB8A2195D44E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {84BF2CA5-C49E-4F8F-A2B5-EE0130618888} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {88C2DD99-9005-4BA8-9752-E3FC8750C43A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {90BBD27A-0AF2-470A-80A6-6FDA657DF6D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {94CD9053-54E4-4574-ADC3-46C128E1EEF8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {96FBB6C0-8062-4B2A-A8AC-337F4B66166E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {9BC6554B-2264-4AA6-99F4-ED466CDE89A7} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157368 2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {A75B5455-7AEB-4924-8B0E-41496DCF4BC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {C06DFBDA-FDA4-4007-85BB-B52EFC1EEDC4} - System32\Tasks\GoogleUpdateTaskMachineCore1d5b20961366e42 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D0359883-2105-4816-A1BD-334787A7A5FB} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157368 2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {EAEC3DF0-9365-4205-B9CD-3ABB3054DEA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EC3DD447-1885-404A-ADBE-2B2201F18213} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {ECCCD5C4-9877-4CDC-8EDC-F9C97D990E56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F50F9C5A-8AB7-403A-AEC2-E4D19BF05AAA} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Opera scheduled assistant Autoupdate 1576860502.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{32a5e555-f93c-4cdf-93c2-ca42ebc72347}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{66cb41a6-c2e0-4e78-8a4c-ef22656af993}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Edge:
======
Edge Profile: C:\Users\Nigel\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-28]
Edge StartupUrls: Default -> "hxxp://go.microsoft.com/fwlink/?LinkId=525990"
FireFox:
========
FF DefaultProfile: gv7jttb3.default
FF DefaultProfile: ar9pl8tr.default
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\TomTom\HOME\Profiles\abjn7h7c.default [2015-07-05]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default [2020-06-28]
FF Homepage: Mozilla\Firefox\Profiles\gv7jttb3.default -> hxxps://www.google.co.uk/?gws_rd=cr
FF Extension: (EPUBReader) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2020-04-10]
FF Extension: (No Name) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-10]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Comodo\IceDragon\Profiles\ar9pl8tr.default [2020-06-25]
FF Homepage: Comodo\IceDragon\Profiles\ar9pl8tr.default -> hxxps://www.youtube.com/feed/subscriptions
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] (Apple Inc. -> )
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4040141387-3011007431-2631040067-1001: @acestream.net/acestreamplugin,version=2.1.7.2 -> C:\Users\Nigel\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default [2020-06-28]
CHR DownloadDir: C:\Users\Nigel\Desktop
CHR Notifications: Default -> hxxp://sportstvonline.net; hxxps://draxe.com; hxxps://m.facebook.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Extension: (Google Docs) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-09]
CHR Extension: (Google Drive) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-10]
CHR Extension: (Google Search) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-23]
CHR Extension: (Google Docs Offline) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (Gmail) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-29]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-04-10]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Opera:
=======
OPR Notifications: hxxps://click.notify.support; hxxps://ctih.apparedistride.club; hxxps://dioh.veirregnant.club; hxxps://en.softonic.com; hxxps://plby.spirationsstrated.club; hxxps://uniquecaptcha.com; hxxps://videoommooth.com; hxxps://vidlox.tv; hxxps://vshare.eu; hxxps://www.footballstreamings.com; hxxps://www.techradar.com; hxxps://www.youtube.com
OPR Extension: (WhatsApp™ Messenger) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\dldmjnlgpemdnceadnpcfenlhhnlbbnl [2020-04-01]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2020-04-02]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] (Ashampoo GmbH & Co. KG -> )
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] (Ashampoo GmbH & Co. KG -> )
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc. -> Apple Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157368 2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157368 2020-05-17] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed] [File is in use]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink -> CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink -> CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] () [File not signed] [File is in use]
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [150400 2019-09-13] (AnchorFree Inc -> AnchorFree Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel® pGFX -> Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [635104 2012-04-20] (Intel® Upgrade Service -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-07] (Malwarebytes Inc -> Malwarebytes)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [101184 2020-06-04] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-06-04] (ProtonVPN AG -> )
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-09] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] (Ashampoo GmbH & Co. KG -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ELANUSB; C:\WINDOWS\System32\Drivers\elanusb.sys [44408 2016-03-12] (CIC COMPONENTS INDUSTRIES CO., LTD. -> Windows ® Codename Longhorn DDK provider)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-07] (Malwarebytes Inc -> Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2019-03-19] (Microsoft Windows -> Intel Corporation)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [28664 2008-03-17] (CrypKey (Canada) Inc. -> )
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [401120 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-28 19:42 - 2020-06-28 19:48 - 000029712 _____ C:\Users\Nigel\Desktop\FRST.txt
2020-06-28 19:41 - 2020-06-28 19:47 - 000000000 ____D C:\FRST
2020-06-28 19:40 - 2020-06-28 19:40 - 002291712 _____ (Farbar) C:\Users\Nigel\Desktop\FRST64.exe
2020-06-28 18:04 - 2020-06-28 18:04 - 001368440 _____ (O&O Software GmbH) C:\Users\Nigel\Desktop\OOSU10.exe
2020-06-27 15:55 - 2020-06-28 08:58 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-27 15:55 - 2020-06-28 08:58 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-06-27 15:55 - 2020-06-28 08:58 - 000002280 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-06-27 15:54 - 2020-06-28 08:51 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-27 15:54 - 2020-06-28 08:51 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-25 12:00 - 2020-06-28 13:53 - 000001084 _____ C:\Users\Nigel\Desktop\SpeedFan.lnk
2020-06-25 12:00 - 2020-06-25 12:00 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2020-06-21 18:20 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Local\calibre-ebook.com
2020-06-21 18:19 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\Calibre Library
2020-06-21 18:19 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Local\calibre-cache
2020-06-21 18:18 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\calibre
2020-06-21 18:17 - 2020-06-21 18:17 - 000001033 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2020-06-21 18:17 - 2020-06-21 18:17 - 000001033 _____ C:\ProgramData\Desktop\calibre - E-book management.lnk
2020-06-21 18:17 - 2020-06-21 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2020-06-21 18:17 - 2020-06-21 18:17 - 000000000 ____D C:\Program Files (x86)\Calibre2
2020-06-21 18:15 - 2020-06-21 18:16 - 110407680 _____ C:\Users\Nigel\Desktop\calibre-4.19.0.msi
2020-06-21 11:28 - 2020-06-23 10:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-06-21 11:25 - 2020-06-21 11:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-06-14 15:25 - 2020-06-14 15:27 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-06-14 15:25 - 2020-06-14 15:25 - 000001973 _____ C:\Users\Nigel\Desktop\Zoom.lnk
2020-06-14 11:12 - 2020-06-14 15:25 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Zoom
2020-06-14 10:49 - 2020-06-14 10:54 - 000837452 _____ C:\WINDOWS\Minidump\061420-60890-01.dmp
2020-06-14 10:49 - 2020-06-14 10:49 - 000000000 ____D C:\WINDOWS\Minidump
2020-06-13 18:04 - 2020-06-13 18:09 - 000000000 ____D C:\ProgramData\ProtonVPN
2020-06-13 18:04 - 2020-06-13 18:04 - 000003756 _____ C:\WINDOWS\system32\Tasks\ProtonVPN Update
2020-06-13 18:04 - 2020-06-13 18:04 - 000001234 _____ C:\Users\Public\Desktop\ProtonVPN.lnk
2020-06-13 18:04 - 2020-06-13 18:04 - 000001234 _____ C:\ProgramData\Desktop\ProtonVPN.lnk
2020-06-13 18:03 - 2020-06-13 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2020-06-13 18:01 - 2020-06-13 18:09 - 000000000 ____D C:\Users\Nigel\AppData\Local\ProtonVPN
2020-06-13 18:01 - 2020-06-13 18:03 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2020-06-13 17:51 - 2020-06-13 17:52 - 000000000 ____D C:\ProgramData\Hotspot Shield
2020-06-13 17:51 - 2020-06-13 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2020-06-13 17:51 - 2020-06-13 17:51 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield
2020-06-13 17:39 - 2020-06-13 17:40 - 000000000 ____D C:\Program Files\TAP-Windows
2020-06-13 13:52 - 2020-06-13 13:52 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\CrystalIdea Software
2020-06-11 07:57 - 2020-06-05 22:03 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-11 07:57 - 2020-06-05 22:03 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-10 08:34 - 2020-06-10 08:34 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 018029056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 011608064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 009712640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 007012864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 006292480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 005909504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003822592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003525608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003515392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-06-10 08:34 - 2020-06-10 08:34 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 002230240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 002204160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001704448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001539072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 001467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001410048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMNetMgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001272160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001151824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMNetMgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi3.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdosys.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000747832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2020-06-10 08:34 - 2020-06-10 08:34 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2020-06-10 08:34 - 2020-06-10 08:34 - 000484864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psisdecd.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000478208 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\SysWOW64\wvc.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswmdm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\termmgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswmdm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WlanMM.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wavemsp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-06-10 08:34 - 2020-06-10 08:34 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmidx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmidx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkspbrokerAx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000083600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 000028368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SecurityCenterBrokerPS.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-06-10 08:33 - 2020-06-10 08:34 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 025902080 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 019851776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 008015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007760384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007604592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007268864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 006526448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 006091048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005765144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005195432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005111808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005004344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 004858880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 004610560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 003398656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002831872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002798592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-06-10 08:33 - 2020-06-10 08:33 - 002583496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002184504 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001654960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001416224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001397560 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagperf.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001284608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001283072 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001261568 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001250816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001138688 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001100288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdosys.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001055184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001003832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000994304 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000992256 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi3.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000932256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000894024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000783496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DismApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000690176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkObjCore.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000684856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000651776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000628408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\azroles.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000614400 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\psisdecd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000593424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000575488 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\wvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000508720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000508216 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroles.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassdo.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000453944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000451864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\termmgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000407864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwizeng.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000405936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassdo.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000357176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpviewerax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\RASMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Preview.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000280376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpviewerax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wavemsp.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-06-10 08:33 - 2020-06-10 08:33 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000204008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBroker.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000199992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psr.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrecst.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaatext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000150328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrecst.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000130112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000129600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkspbrokerAx.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaatext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000108856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000093448 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000090952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000089344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwanRadioManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-06-10 08:33 - 2020-06-10 08:33 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcEpMap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasads.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-06-10 08:33 - 2020-06-10 08:33 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000063288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasads.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000041864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBrokerPS.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-06-10 08:32 - 2020-06-10 08:32 - 009931576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 007911176 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 007266080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 006066808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 005283264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 004565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 004012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003726848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003581240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 003368104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003187200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 002656256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001683968 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001583104 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001486336 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001393952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001260744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001158144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkObjCore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000892048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000797464 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000760296 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000716320 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000548984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000531768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-06-10 08:32 - 2020-06-10 08:32 - 000518456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000467952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000425056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\psr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtp.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000221496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000209216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000165832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtpUS.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000132424 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000128312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanRadioManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxGipRadioManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-06-10 08:11 - 2020-05-15 05:29 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-06-10 08:11 - 2020-05-15 05:10 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-06-07 18:15 - 2020-06-07 18:15 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-07 18:15 - 2020-06-07 18:15 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-07 18:15 - 2020-06-07 18:15 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-07 18:15 - 2020-06-07 18:15 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-07 18:15 - 2020-06-07 18:14 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-07 18:15 - 2020-06-07 18:14 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-06-07 18:14 - 2020-06-07 18:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-07 17:54 - 2020-06-07 17:54 - 000000000 ____D C:\Malwarebytes
2020-06-07 11:35 - 2020-06-28 18:52 - 000541598 _____ C:\WINDOWS\ntbtlog.txt
2020-06-07 09:11 - 2020-06-07 11:07 - 000009927 _____ C:\Users\Nigel\Pictures\Documents\catspeak.xlsx
2020-06-07 08:20 - 2020-06-08 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2020-06-07 08:20 - 2020-06-08 18:58 - 000000000 ____D C:\Program Files (x86)\HD Tune
2020-06-06 19:29 - 2020-06-06 19:29 - 000000000 ____D C:\Users\Nigel\Intel
2020-06-06 19:12 - 2020-06-06 19:12 - 000007604 _____ C:\Users\Nigel\AppData\Local\Resmon.ResmonCfg
2020-06-06 12:08 - 2020-06-06 12:08 - 000000000 ____D C:\Users\Nigel\AppData\Local\OO Software
2020-06-06 09:52 - 2020-06-06 09:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2020-06-06 09:51 - 2020-06-06 09:51 - 000000000 ____D C:\Program Files (x86)\Seagate
2020-06-06 09:12 - 2020-06-28 13:53 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2020-06-06 09:12 - 2020-06-25 12:00 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2020-06-05 18:28 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2020-06-05 18:02 - 2020-06-05 18:02 - 000014582 _____ C:\junk.txt
2020-06-05 17:41 - 2020-06-25 14:25 - 000036408 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2020-06-05 12:42 - 2020-06-13 13:51 - 001578808 _____ (SpeedyFox) C:\Users\Nigel\Desktop\speedyfox.exe
2020-05-31 15:43 - 2020-05-31 21:55 - 000489846 _____ C:\Users\Nigel\Pictures\Documents\brandsquiz.pptx
2020-05-30 08:42 - 2020-05-30 08:42 - 003716578 _____ C:\Users\Nigel\Pictures\Documents\facesquiz2020a.pptx
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-28 19:26 - 2020-01-29 12:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-28 19:07 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-28 18:51 - 2020-01-29 13:27 - 000842708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-28 18:51 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-06-28 18:50 - 2015-08-26 10:42 - 000000000 __SHD C:\Users\Nigel\IntelGraphicsProfiles
2020-06-28 18:47 - 2020-01-29 13:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-28 18:46 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-06-28 18:45 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-28 18:01 - 2020-01-29 13:56 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B36B5B0B-3BFB-42EB-BDEA-CF50958C5376}
2020-06-28 08:53 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-28 08:53 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-27 22:54 - 2013-08-27 21:23 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\vlc
2020-06-27 08:25 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-24 18:44 - 2014-12-31 14:56 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-24 18:44 - 2014-12-31 14:56 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-24 18:44 - 2014-12-31 14:56 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-24 08:44 - 2020-05-17 19:26 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2020-06-24 08:44 - 2020-05-17 19:26 - 000002381 _____ C:\Users\Public\Desktop\Brave.lnk
2020-06-24 08:44 - 2020-05-17 19:26 - 000002381 _____ C:\ProgramData\Desktop\Brave.lnk
2020-06-23 17:36 - 2018-05-13 10:26 - 000000000 ____D C:\Program Files\Opera
2020-06-23 17:36 - 2015-11-14 19:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-23 10:25 - 2018-02-23 21:20 - 000000000 ____D C:\Users\Nigel\AppData\LocalLow\Mozilla
2020-06-23 10:20 - 2015-11-14 19:15 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-22 15:52 - 2020-05-11 17:49 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Telegram Desktop
2020-06-22 15:18 - 2020-01-29 13:56 - 000003944 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1526203677
2020-06-22 15:18 - 2018-05-13 10:28 - 000001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2020-06-21 19:56 - 2014-02-06 17:45 - 000000000 ____D C:\Users\Nigel\AppData\Local\ElevatedDiagnostics
2020-06-21 18:19 - 2020-01-29 13:13 - 000000000 ____D C:\Users\Nigel
2020-06-19 20:52 - 2013-08-29 17:50 - 000095976 _____ C:\Users\Nigel\AppData\Local\GDIPFONTCACHEV1.DAT
2020-06-15 20:26 - 2015-12-09 14:51 - 000000000 ____D C:\Users\Nigel\AppData\LocalLow\Temp
2020-06-14 10:49 - 2019-08-08 15:04 - 523328468 _____ C:\WINDOWS\MEMORY.DMP
2020-06-13 17:51 - 2015-08-31 13:37 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-11 07:58 - 2015-09-16 10:10 - 000000000 ___RD C:\Users\Nigel\3D Objects
2020-06-11 07:58 - 2013-04-17 10:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-06-11 07:56 - 2020-01-29 12:59 - 000454432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-11 01:48 - 2019-03-19 12:37 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-06-11 01:48 - 2019-03-19 12:37 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-06-10 08:32 - 2020-01-29 13:05 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-06-09 19:51 - 2020-01-29 13:56 - 000004586 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-06-09 19:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-09 19:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-09 18:52 - 2020-01-29 13:56 - 000004574 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-06-09 08:14 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Registration
2020-06-08 18:04 - 2013-11-12 01:47 - 000000000 ____D C:\Program Files (x86)\Intel
2020-06-08 17:56 - 2017-08-02 11:35 - 000000000 ____D C:\Program Files\Intel
2020-06-07 18:15 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-06-07 11:46 - 2020-05-01 21:57 - 000000000 ____D C:\Users\Nigel\AppData\Local\CrashDumps
2020-06-06 17:00 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-04 10:15 - 2018-02-17 02:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-06-04 00:01 - 2017-12-07 00:36 - 000000000 ____D C:\Users\Nigel\AppData\Local\Packages
2020-06-02 16:34 - 2016-01-05 11:38 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-05-30 08:40 - 2014-10-17 14:06 - 000000000 ____D C:\Users\Nigel\Pictures\Documents\My Received Files
2020-05-29 08:31 - 2017-07-07 12:23 - 000000000 ____D C:\Program Files\UNP
==================== Files in the root of some directories ========
2018-05-20 16:24 - 2018-05-20 16:25 - 075565632 _____ (Malwarebytes ) C:\Users\Nigel\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5170.exe
2014-12-26 21:19 - 2014-12-26 21:19 - 000085130 _____ () C:\Users\Nigel\AppData\Local\ars.cache
2014-12-26 21:19 - 2014-12-26 21:19 - 000135658 _____ () C:\Users\Nigel\AppData\Local\census.cache
2015-07-06 22:43 - 2020-04-18 18:50 - 000005632 _____ () C:\Users\Nigel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-26 21:11 - 2014-12-26 21:11 - 000000036 _____ () C:\Users\Nigel\AppData\Local\housecall.guid.cache
2020-06-06 19:12 - 2020-06-06 19:12 - 000007604 _____ () C:\Users\Nigel\AppData\Local\Resmon.ResmonCfg
2014-12-26 21:16 - 2014-12-26 21:16 - 000000010 _____ () C:\Users\Nigel\AppData\Local\sponge.last.runtime.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2020
Ran by Nigel (28-06-2020 19:49:34)
Running from C:\Users\Nigel\Desktop
Windows 10 Home Version 1909 18363.900 (X64) (2020-01-29 12:58:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4040141387-3011007431-2631040067-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4040141387-3011007431-2631040067-503 - Limited - Disabled)
Guest (S-1-5-21-4040141387-3011007431-2631040067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4040141387-3011007431-2631040067-1005 - Limited - Enabled)
Nigel (S-1-5-21-4040141387-3011007431-2631040067-1001 - Administrator - Enabled) => C:\Users\Nigel
WDAGUtilityAccount (S-1-5-21-4040141387-3011007431-2631040067-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20067 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.387 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.387 - Adobe)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 83.1.10.97 - The Brave Authors)
calibre (HKLM-x32\...\{0E691C85-5591-47B1-AA8A-4C7CB3713F61}) (Version: 4.19.0 - Kovid Goyal)
CyberLink PowerRecover (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (HKLM-x32\...\{1F0C818D-4A41-4E40-BAFB-BB940C82A518}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (HKLM-x32\...\{E354D495-5DA4-4CCF-AB39-080F6A4141BE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (HKLM-x32\...\{9F470E17-4FC3-4091-A508-D5347A16A2B9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (HKLM-x32\...\{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (HKLM-x32\...\{E50E3DBC-46AA-4827-B2A6-F995D81DF526}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (HKLM-x32\...\{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (HKLM-x32\...\{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Hotspot Shield 8.7.1 (HKLM-x32\...\{58599c2c-07bd-4d55-b68e-e8df3c698c39}) (Version: 8.7.1.11380 - AnchorFree Inc.)
Hotspot Shield 8.7.1 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925D197BF97}) (Version: 8.7.1.11380 - AnchorFree Inc.) Hidden
Hotspot Shield 8.7.1 (HKLM-x32\...\HotspotShield) (Version: 8.7.1 - AnchorFree Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c4a581e8-a702-448c-80c7-4b6192985db2}) (Version: 10.1.18228.8176 - Intel® Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.1924 - CyberLink Corp.) Hidden
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{058EDEC8-1873-4B49-9A08-54ADE9CC129B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{306C7AEF-16C7-428D-93AA-99D4A4090243}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{36BEC461-B58A-414D-993E-E2BDD1F1A14B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{62BBCDDC-4979-4E59-9D97-5B8E874C3191}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{751EB657-3F22-4150-8CE4-D79A262F1D92}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{7E63F102-A9E9-4F4C-8004-BC62974736BF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A47EA9D4-BB87-415E-9239-28860434E5A0}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 77.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 77.0.1 (x64 en-GB)) (Version: 77.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 77.0.1.7458 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Opera Stable 68.0.3618.173 (HKLM-x32\...\Opera 68.0.3618.173) (Version: 68.0.3618.173 - Opera Software)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0081 - Pegatron Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Podstawowe programy Windows Live (HKLM-x32\...\{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
ProtonVPN (HKLM-x32\...\{CC56589D-2FE8-4B38-9024-0ABCD9F3CB0E}) (Version: 1.16.1 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.16.1) (Version: 1.16.1 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stellar Phoenix Outlook PST Repair (HKLM-x32\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd.)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Telegram Desktop version 2.1.6 (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.1.6 - Telegram FZ-LLC)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Valokuvavalikoima (HKLM-x32\...\{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Συλλογή φωτογραφιών (HKLM-x32\...\{A19A8C25-272A-4CD6-8BA8-3772321A021B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Packages:
=========
Ashampoo ImageFX for Medion -> C:\Program Files\WindowsApps\AshampooMedion.AshampooImageFXforMedion_1.0.2.14_x64__g53hytncy48pj [2013-08-27] (Ashampoo GmbH & Co. KG)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-01-29] (Autodesk Inc.)
Cyberlink PowerDVD_BE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.PowerDVDforMedion_1.1.918.19562_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
Cyberlink YouCam_DE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.YouCamforMedion_1.1.2118.27406_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-28] (HP Inc.)
Kaspersky Now -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyNow_1.0.0.43_neutral__8jx5e25qw3tdc [2014-06-09] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.11.6020.0_x64__8wekyb3d8bbwe [2020-06-09] (Microsoft Studios) [MS Ad]
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.9.1913.0_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-04] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.6.10070.0_x64__8wekyb3d8bbwe [2020-01-29] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-29] (MAGIX)
Pinball FX2 -> C:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.8.1.957_x86__8wekyb3d8bbwe [2015-04-14] (Microsoft Studios)
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2018-10-25] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Nigel\Desktop\Programs\eBay.co.uk.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://rover.ebay.com/rover/1/710-154513-44482-12/4
ShortcutWithArgument: C:\Users\Nigel\Desktop\Programs\Windows 8 Info.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.windows.com/getstarted
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com
==================== Loaded Modules (Whitelisted) =============
2011-03-31 16:52 - 2011-03-31 16:52 - 000499712 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\MSVCP71.dll
2011-03-31 16:52 - 2011-03-31 16:52 - 000348160 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\MSVCR71.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2020-06-28 18:48 - 000001306 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nigel\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "Nigel.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "F.lux"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "utweb"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{1C8DA673-F458-4BAA-BAEF-861A2E8393B2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{8328AFFF-8E8B-4A59-B42F-FFA59BABEF22}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F898E098-8226-49AC-A2AB-50D8CA2C408D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7903EFD5-936F-406E-819A-FA0F75472286}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{8B0238E8-8977-48E9-829D-A544D5ADC6AC}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{EF66AF92-541B-4E8F-988D-4883C5391C21}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{F9B9E328-11FA-4F8D-A125-A89D29316FDE}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{077D7CB9-51D9-4968-8C3F-A46366973E64}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{873454CA-BB93-42D0-9381-713EC7027C3E}] => (Allow) C:\Program Files\Opera\68.0.3618.165\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{449D2AFF-ECDF-4B15-8FB5-CD854F13A2D2}] => (Allow) C:\Program Files\Opera\68.0.3618.173\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{2019BB63-11B1-4F43-AF2D-1F251577489B}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{21AA5019-6C55-4523-A90F-C4384162DC2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
08-06-2020 15:15:13 Removed Google Update Helper
13-06-2020 18:02:10 Installed ProtonVPN
23-06-2020 16:07:26 Scheduled Checkpoint
27-06-2020 08:23:58 Windows Update
28-06-2020 18:07:24 O&O ShutUp10
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/28/2020 12:39:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (06/28/2020 12:39:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (06/28/2020 12:39:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (06/28/2020 12:39:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (06/27/2020 04:04:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2020.19111.24110.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: a00
Start Time: 01d64c942cac3d94
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Report Id: 807a0ce4-09a7-4c18-8a8c-e8efe7ff6770
Faulting package full name: Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (06/27/2020 03:49:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (06/27/2020 03:49:37 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (06/27/2020 03:49:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
System errors:
=============
Error: (06/28/2020 06:55:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (06/28/2020 06:51:44 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (06/28/2020 06:50:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/28/2020 06:50:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Error: (06/28/2020 06:49:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/28/2020 06:49:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hshld service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/28/2020 06:49:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the hshld service to connect.
Error: (06/28/2020 06:49:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the WsAppService service to connect.
Windows Defender:
===================================
Date: 2020-06-24 20:17:26.859
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1B860EC3-FEBD-47A1-B388-CFDF59E67B44}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-06-24 19:58:30.647
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C920791D-F342-4E45-9951-04E4DE317401}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-06-24 19:49:30.340
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {43360794-407A-4893-B765-399B1991396D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-06-24 19:15:25.640
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EB8D61E3-7E02-4AE0-BE9A-2DCB1571BABC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-06-24 18:39:38.570
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F2B7771C-BF07-419E-91E7-F0BD80F7599B}
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===================================
Date: 2020-06-25 22:42:35.704
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-06-25 22:42:34.070
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-06-25 22:42:32.343
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-06-25 22:42:27.111
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-06-25 22:42:26.678
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-06-25 22:42:26.402
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-06-25 22:42:25.767
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-06-25 22:42:25.103
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 503 09/29/2012
Motherboard: Medion E6234
Processor: Intel® Celeron® CPU 1000M @ 1.80GHz
Percentage of memory in use: 69%
Total physical RAM: 3976.96 MB
Available physical RAM: 1230 MB
Total Virtual: 4680.96 MB
Available Virtual: 2170.7 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:402.36 GB) (Free:266.03 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:39.33 GB) NTFS
\\?\Volume{28093404-c710-4e21-8095-578ed04ea020}\ () (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
\\?\Volume{f0292acd-d868-4d82-aebe-70b13313b326}\ () (Fixed) (Total:1.69 GB) (Free:1.09 GB) NTFS
\\?\Volume{1b7803ef-dedf-4406-bbfc-e017c55c457f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
#20
Posted 28 June 2020 - 03:59 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Uninstall:
Hotspot Shield 8.7.1 (not working correctly)
Malwarebytes version 4.1.0.56 (not working correctly - reinstall might work better)
Microsoft Silverlight (no longer supported)
ProtonVPN Unless you need Proton for work. VPNs slow you down considerably.
ProtonVPNTap
TAP-Windows 9.21.2 (part of Proton)
Windows Live Essentials (Unless you are still using it for something. Program is obsolete and no longer supported)
See if you can rebuild the font cache :
https://troubleshoot...-in-windows-10/
Unless this PC is used in a company setting you can turn off DCOM:
- Go to Start | Administrative Tools | Component Services.
- Choose Component Services | Computers.
- Right-click My Computer, and choose Properties.
- On the Default Properties tab, deselect the Enable Distributed COM On This Computer check box.
- Click OK, and close the Component Services window.
Go to All Programs, Apps. Uninstall any programs you do not use. Especially
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
The above are always constantly updating their data so put an extra load on your network.
Download the attached fixlist.txt to the same location as FRST
fixlist.txt 7.54KB
187 downloads
Run FRST and press Fix
A fix log will be generated please post that
Reboot if the fix doesn't reboot it for you
Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.
#21
Posted 29 June 2020 - 05:01 AM
peter plus
- Topic Starter
-
- Member
-
- 278 posts
Member
PC is better than ever!!!
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-06-2020
Ran by Nigel (29-06-2020 11:22:13) Run:1
Running from C:\Users\Nigel\Desktop
Loaded Profiles: Nigel
Boot Mode: Normal
==============================================
fixlist content:
*****************
Task: {0DDB73BB-E9A8-48C7-85F5-43E1321ED4B3} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {1311D7FB-EBBB-4170-B44B-98EC12D6697E} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {2FD8A124-C028-41BF-9A40-C7E5CB375C01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3141AAC7-DE44-4B29-9D2D-F58CA6F46ABD} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {90BBD27A-0AF2-470A-80A6-6FDA657DF6D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {94CD9053-54E4-4574-ADC3-46C128E1EEF8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {96FBB6C0-8062-4B2A-A8AC-337F4B66166E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {EAEC3DF0-9365-4205-B9CD-3ABB3054DEA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ECCCD5C4-9877-4CDC-8EDC-F9C97D990E56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MpCmdRun.exe [491104 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F50F9C5A-8AB7-403A-AEC2-E4D19BF05AAA} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Opera scheduled assistant Autoupdate 1576860502.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [150400 2019-09-13] (AnchorFree Inc -> AnchorFree Inc.)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
CMD: dir /a C:\Windows\ServiceProfiles\LocalService\AppData\Local\Fontcache
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
*****************
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DDB73BB-E9A8-48C7-85F5-43E1321ED4B3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DDB73BB-E9A8-48C7-85F5-43E1321ED4B3}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1311D7FB-EBBB-4170-B44B-98EC12D6697E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1311D7FB-EBBB-4170-B44B-98EC12D6697E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyUpload" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FD8A124-C028-41BF-9A40-C7E5CB375C01}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FD8A124-C028-41BF-9A40-C7E5CB375C01}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3141AAC7-DE44-4B29-9D2D-F58CA6F46ABD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3141AAC7-DE44-4B29-9D2D-F58CA6F46ABD}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\BthSQM" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Routine Maintenance Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90BBD27A-0AF2-470A-80A6-6FDA657DF6D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90BBD27A-0AF2-470A-80A6-6FDA657DF6D3}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94CD9053-54E4-4574-ADC3-46C128E1EEF8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94CD9053-54E4-4574-ADC3-46C128E1EEF8}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96FBB6C0-8062-4B2A-A8AC-337F4B66166E}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAEC3DF0-9365-4205-B9CD-3ABB3054DEA9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAEC3DF0-9365-4205-B9CD-3ABB3054DEA9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Verification" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECCCD5C4-9877-4CDC-8EDC-F9C97D990E56}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECCCD5C4-9877-4CDC-8EDC-F9C97D990E56}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F50F9C5A-8AB7-403A-AEC2-E4D19BF05AAA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F50F9C5A-8AB7-403A-AEC2-E4D19BF05AAA}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\AutoWake => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
C:\WINDOWS\Tasks\Opera scheduled assistant Autoupdate 1576860502.job => moved successfully
C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => moved successfully
hshld => service not found.
HKLM\System\CurrentControlSet\Services\WsAppService => removed successfully
WsAppService => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\McAfee Security Scan Plus.lnk" => removed successfully
========= dir /a C:\Windows\ServiceProfiles\LocalService\AppData\Local\Fontcache =========
Volume in drive C is Boot
Volume Serial Number is 90A5-5346
Directory of C:\Windows\ServiceProfiles\LocalService\AppData\Local\Fontcache
29/06/2020 11:22 <DIR> .
29/06/2020 11:22 <DIR> ..
29/06/2020 11:14 252 FontCache-FontSet-S-1-5-18.dat
29/06/2020 11:14 8,388,608 FontCache-S-1-5-18.dat
25/06/2020 13:39 <DIR> Fonts
23/06/2020 10:23 16,777,216 ~FontCache-FontFace.dat
29/06/2020 11:11 252 ~FontCache-FontSet-S-1-5-21-4040141387-3011007431-2631040067-1001.dat
14/06/2020 10:57 8,388,608 ~FontCache-S-1-5-21-4040141387-3011007431-2631040067-1001.dat
14/06/2020 10:51 513,136 ~FontCache-System.dat
6 File(s) 34,068,072 bytes
3 Dir(s) 287,285,395,456 bytes free
========= End of CMD: =========
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic.
The instance name passed was not recognized as valid by a WMI data provider.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 11:23:16 ====
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2020
Ran by Nigel (administrator) on NIGEL-PC (Medion E6234) (29-06-2020 11:31:03)
Running from C:\Users\Nigel\Desktop
Loaded Profiles: Nigel
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: English (United Kingdom)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\GPMTray.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\PHotkey.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\POsd.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CrypKey (Canada) Ltd.) [File not signed] [File is in use] C:\Windows\System32\Crypserv.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(PEGATRON CORPORATION -> TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\Avast Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258592 2012-11-27] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [2774040 2019-12-19] (Opera Software AS -> Opera Software)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\Run: [utweb] => "C:\Users\Nigel\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKLM\...\Windows x64\Print Processors\hpzpp5k2: C:\Windows\System32\spool\prtprocs\x64\hpzpp5k2.dll [224768 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3l5k2: C:\WINDOWS\system32\hpz3l5k2.dll [130048 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2012-11-27] (CyberLink Corp. -> CyberLink)
Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2020-05-05]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01C437B0-56ED-40D9-B5E3-0C1F38DC6BFE} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {0FFAE542-7BB9-4A04-AEB0-99B7D9D321CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {14C2DEB0-9A3C-4D70-BA59-A6A2662ACFB7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {2C917EC3-7D15-46D6-BC2C-4936B6F6CEA9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_pepper.exe [1454648 2020-06-09] (Adobe Inc. -> Adobe)
Task: {2F0BCB97-A472-42F3-A2B6-CA48498B4F6C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-09] (Adobe Inc. -> Adobe)
Task: {3BCA7890-7D00-4553-905F-2D71D8E8D0EC} - System32\Tasks\Opera scheduled Autoupdate 1526203677 => C:\Program Files\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {53DD12F4-F2CC-4E6A-9100-C885108EF2A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [120636720 2020-05-13] (Microsoft Windows -> Microsoft Corporation)
Task: {6087B43D-6CAD-4401-B75B-0A743CE9AB12} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {62C4A8CD-9106-4A28-ADC3-EA65B0C2CEF0} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2020-01-29] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
Task: {745819C7-B794-409E-9046-0E87BEBED62A} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {7C0C03ED-4D20-4255-B657-BB8A2195D44E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {84BF2CA5-C49E-4F8F-A2B5-EE0130618888} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
Task: {88C2DD99-9005-4BA8-9752-E3FC8750C43A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {A75B5455-7AEB-4924-8B0E-41496DCF4BC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {C06DFBDA-FDA4-4007-85BB-B52EFC1EEDC4} - System32\Tasks\GoogleUpdateTaskMachineCore1d5b20961366e42 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {EC3DD447-1885-404A-ADBE-2B2201F18213} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{32a5e555-f93c-4cdf-93c2-ca42ebc72347}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{66cb41a6-c2e0-4e78-8a4c-ef22656af993}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Edge:
======
Edge Profile: C:\Users\Nigel\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-29]
Edge StartupUrls: Default -> "hxxp://go.microsoft.com/fwlink/?LinkId=525990"
FireFox:
========
FF DefaultProfile: gv7jttb3.default
FF DefaultProfile: ar9pl8tr.default
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\TomTom\HOME\Profiles\abjn7h7c.default [2015-07-05]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default [2020-06-28]
FF Homepage: Mozilla\Firefox\Profiles\gv7jttb3.default -> hxxps://www.google.co.uk/?gws_rd=cr
FF Extension: (EPUBReader) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2020-04-10]
FF Extension: (No Name) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-10]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Comodo\IceDragon\Profiles\ar9pl8tr.default [2020-06-25]
FF Homepage: Comodo\IceDragon\Profiles\ar9pl8tr.default -> hxxps://www.youtube.com/feed/subscriptions
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] (Apple Inc. -> )
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4040141387-3011007431-2631040067-1001: @acestream.net/acestreamplugin,version=2.1.7.2 -> C:\Users\Nigel\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default [2020-06-29]
CHR DownloadDir: C:\Users\Nigel\Desktop
CHR Notifications: Default -> hxxp://sportstvonline.net; hxxps://draxe.com; hxxps://m.facebook.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Extension: (Google Docs) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-09]
CHR Extension: (Google Drive) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-10]
CHR Extension: (Google Search) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-23]
CHR Extension: (Google Docs Offline) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (Gmail) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-29]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-04-10]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Opera:
=======
OPR Notifications: hxxps://click.notify.support; hxxps://ctih.apparedistride.club; hxxps://dioh.veirregnant.club; hxxps://en.softonic.com; hxxps://plby.spirationsstrated.club; hxxps://uniquecaptcha.com; hxxps://videoommooth.com; hxxps://vidlox.tv; hxxps://vshare.eu; hxxps://www.footballstreamings.com; hxxps://www.techradar.com; hxxps://www.youtube.com
OPR Extension: (WhatsApp™ Messenger) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\dldmjnlgpemdnceadnpcfenlhhnlbbnl [2020-04-01]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2020-04-02]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] (Ashampoo GmbH & Co. KG -> )
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] (Ashampoo GmbH & Co. KG -> )
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc. -> Apple Inc.)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed] [File is in use]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink -> CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink -> CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] () [File not signed] [File is in use]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel® pGFX -> Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [635104 2012-04-20] (Intel® Upgrade Service -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-29] (Malwarebytes Inc -> Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-09] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] (Ashampoo GmbH & Co. KG -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ELANUSB; C:\WINDOWS\System32\Drivers\elanusb.sys [44408 2016-03-12] (CIC COMPONENTS INDUSTRIES CO., LTD. -> Windows ® Codename Longhorn DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-29] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-29] (Malwarebytes Inc -> Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2019-03-19] (Microsoft Windows -> Intel Corporation)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [28664 2008-03-17] (CrypKey (Canada) Inc. -> )
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [401120 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-29 11:27 - 2020-06-29 11:27 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-29 11:22 - 2020-06-29 11:23 - 000014304 _____ C:\Users\Nigel\Desktop\Fixlog.txt
2020-06-29 11:15 - 2020-06-29 11:15 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-29 11:15 - 2020-06-29 11:15 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-29 11:15 - 2020-06-29 11:15 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-06-29 11:15 - 2020-06-29 11:15 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-29 11:15 - 2020-06-29 11:15 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-29 11:15 - 2020-06-29 11:15 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-29 11:15 - 2020-06-29 11:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-29 11:14 - 2020-06-29 11:14 - 001988280 _____ (Malwarebytes) C:\Users\Nigel\Desktop\MBSetup.exe
2020-06-29 11:04 - 2020-06-29 11:06 - 000454432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-28 19:49 - 2020-06-28 20:02 - 000040624 _____ C:\Users\Nigel\Desktop\Addition.txt
2020-06-28 19:42 - 2020-06-29 11:37 - 000023503 _____ C:\Users\Nigel\Desktop\FRST.txt
2020-06-28 19:41 - 2020-06-29 11:36 - 000000000 ____D C:\FRST
2020-06-28 19:40 - 2020-06-28 19:40 - 002291712 _____ (Farbar) C:\Users\Nigel\Desktop\FRST64.exe
2020-06-28 18:04 - 2020-06-28 18:04 - 001368440 _____ (O&O Software GmbH) C:\Users\Nigel\Desktop\OOSU10.exe
2020-06-27 15:55 - 2020-06-28 08:58 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-27 15:55 - 2020-06-28 08:58 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-06-27 15:55 - 2020-06-28 08:58 - 000002280 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-06-27 15:54 - 2020-06-28 08:51 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-27 15:54 - 2020-06-28 08:51 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-25 12:00 - 2020-06-28 13:53 - 000001084 _____ C:\Users\Nigel\Desktop\SpeedFan.lnk
2020-06-25 12:00 - 2020-06-25 12:00 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2020-06-21 18:20 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Local\calibre-ebook.com
2020-06-21 18:19 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\Calibre Library
2020-06-21 18:19 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Local\calibre-cache
2020-06-21 18:18 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\calibre
2020-06-21 18:17 - 2020-06-21 18:17 - 000001033 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2020-06-21 18:17 - 2020-06-21 18:17 - 000001033 _____ C:\ProgramData\Desktop\calibre - E-book management.lnk
2020-06-21 18:17 - 2020-06-21 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2020-06-21 18:17 - 2020-06-21 18:17 - 000000000 ____D C:\Program Files (x86)\Calibre2
2020-06-21 18:15 - 2020-06-21 18:16 - 110407680 _____ C:\Users\Nigel\Desktop\calibre-4.19.0.msi
2020-06-21 11:28 - 2020-06-23 10:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-06-21 11:25 - 2020-06-21 11:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-06-14 15:25 - 2020-06-14 15:27 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-06-14 15:25 - 2020-06-14 15:25 - 000001973 _____ C:\Users\Nigel\Desktop\Zoom.lnk
2020-06-14 11:12 - 2020-06-14 15:25 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Zoom
2020-06-14 10:49 - 2020-06-14 10:54 - 000837452 _____ C:\WINDOWS\Minidump\061420-60890-01.dmp
2020-06-14 10:49 - 2020-06-14 10:49 - 000000000 ____D C:\WINDOWS\Minidump
2020-06-13 13:52 - 2020-06-13 13:52 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\CrystalIdea Software
2020-06-11 07:57 - 2020-06-05 22:03 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-11 07:57 - 2020-06-05 22:03 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-10 08:34 - 2020-06-10 08:34 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 018029056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 011608064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 009712640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 007012864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 006292480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 005909504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003822592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003525608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003515392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-06-10 08:34 - 2020-06-10 08:34 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 002230240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 002204160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001704448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001539072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 001467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001410048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMNetMgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001272160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001151824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMNetMgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi3.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdosys.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000747832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2020-06-10 08:34 - 2020-06-10 08:34 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2020-06-10 08:34 - 2020-06-10 08:34 - 000484864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psisdecd.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000478208 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\SysWOW64\wvc.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswmdm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\termmgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswmdm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WlanMM.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wavemsp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-06-10 08:34 - 2020-06-10 08:34 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmidx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmidx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkspbrokerAx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000083600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 000028368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SecurityCenterBrokerPS.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-06-10 08:33 - 2020-06-10 08:34 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 025902080 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 019851776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 008015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007760384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007604592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007268864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 006526448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 006091048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005765144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005195432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005111808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005004344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 004858880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 004610560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 003398656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002831872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002798592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-06-10 08:33 - 2020-06-10 08:33 - 002583496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002184504 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001654960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001416224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001397560 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagperf.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001284608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001283072 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001261568 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001250816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001138688 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001100288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdosys.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001055184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001003832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000994304 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000992256 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi3.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000932256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000894024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000783496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DismApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000690176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkObjCore.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000684856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000651776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000628408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\azroles.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000614400 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\psisdecd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000593424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000575488 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\wvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000508720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000508216 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroles.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassdo.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000453944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000451864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\termmgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000407864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwizeng.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000405936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassdo.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000357176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpviewerax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\RASMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Preview.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000280376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpviewerax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wavemsp.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-06-10 08:33 - 2020-06-10 08:33 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000204008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBroker.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000199992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psr.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrecst.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaatext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000150328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrecst.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000130112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000129600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkspbrokerAx.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaatext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000108856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000093448 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000090952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000089344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwanRadioManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-06-10 08:33 - 2020-06-10 08:33 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcEpMap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasads.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-06-10 08:33 - 2020-06-10 08:33 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000063288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasads.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000041864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBrokerPS.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-06-10 08:32 - 2020-06-10 08:32 - 009931576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 007911176 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 007266080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 006066808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 005283264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 004565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 004012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003726848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003581240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 003368104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003187200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 002656256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001683968 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001583104 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001486336 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001393952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001260744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001158144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkObjCore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000892048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000797464 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000760296 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000716320 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000548984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000531768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-06-10 08:32 - 2020-06-10 08:32 - 000518456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000467952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000425056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\psr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtp.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000221496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000209216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000165832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtpUS.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000132424 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000128312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanRadioManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxGipRadioManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-06-10 08:11 - 2020-05-15 05:29 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-06-10 08:11 - 2020-05-15 05:10 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-06-07 17:54 - 2020-06-07 17:54 - 000000000 ____D C:\Malwarebytes
2020-06-07 11:35 - 2020-06-29 11:28 - 000589998 _____ C:\WINDOWS\ntbtlog.txt
2020-06-07 09:11 - 2020-06-07 11:07 - 000009927 _____ C:\Users\Nigel\Pictures\Documents\catspeak.xlsx
2020-06-07 08:20 - 2020-06-08 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2020-06-07 08:20 - 2020-06-08 18:58 - 000000000 ____D C:\Program Files (x86)\HD Tune
2020-06-06 19:29 - 2020-06-06 19:29 - 000000000 ____D C:\Users\Nigel\Intel
2020-06-06 19:12 - 2020-06-06 19:12 - 000007604 _____ C:\Users\Nigel\AppData\Local\Resmon.ResmonCfg
2020-06-06 12:08 - 2020-06-06 12:08 - 000000000 ____D C:\Users\Nigel\AppData\Local\OO Software
2020-06-06 09:52 - 2020-06-06 09:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2020-06-06 09:51 - 2020-06-06 09:51 - 000000000 ____D C:\Program Files (x86)\Seagate
2020-06-06 09:12 - 2020-06-28 13:53 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2020-06-06 09:12 - 2020-06-25 12:00 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2020-06-05 18:28 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2020-06-05 18:02 - 2020-06-05 18:02 - 000014582 _____ C:\junk.txt
2020-06-05 17:41 - 2020-06-25 14:25 - 000036408 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2020-06-05 12:42 - 2020-06-13 13:51 - 001578808 _____ (SpeedyFox) C:\Users\Nigel\Desktop\speedyfox.exe
2020-05-31 15:43 - 2020-05-31 21:55 - 000489846 _____ C:\Users\Nigel\Pictures\Documents\brandsquiz.pptx
2020-05-30 08:42 - 2020-05-30 08:42 - 003716578 _____ C:\Users\Nigel\Pictures\Documents\facesquiz2020a.pptx
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-29 11:30 - 2020-05-17 19:24 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2020-06-29 11:29 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-29 11:28 - 2015-08-26 10:42 - 000000000 __SHD C:\Users\Nigel\IntelGraphicsProfiles
2020-06-29 11:25 - 2020-01-29 13:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-29 11:24 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-06-29 11:15 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-06-29 10:43 - 2015-07-05 11:40 - 000000000 ____D C:\Program Files (x86)\TomTom International B.V
2020-06-29 10:42 - 2020-05-17 19:24 - 000000000 ____D C:\Users\Nigel\AppData\Local\BraveSoftware
2020-06-29 10:42 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-29 10:42 - 2017-12-07 00:36 - 000000000 ____D C:\Users\Nigel\AppData\Local\Packages
2020-06-29 10:31 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Registration
2020-06-29 10:30 - 2013-08-27 20:57 - 000000000 ____D C:\Users\Nigel\AppData\Local\Windows Live
2020-06-29 10:30 - 2013-03-25 09:24 - 000000000 ____D C:\Program Files (x86)\Windows Live
2020-06-29 10:29 - 2019-03-19 12:35 - 000000000 ____D C:\WINDOWS\en-GB
2020-06-29 10:18 - 2015-08-31 13:37 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-29 10:07 - 2020-01-29 13:27 - 000842708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-29 10:07 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-06-28 21:11 - 2020-01-29 12:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-28 18:45 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-28 18:01 - 2020-01-29 13:56 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B36B5B0B-3BFB-42EB-BDEA-CF50958C5376}
2020-06-28 08:53 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-27 22:54 - 2013-08-27 21:23 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\vlc
2020-06-27 08:25 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-24 18:44 - 2014-12-31 14:56 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-24 18:44 - 2014-12-31 14:56 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-24 18:44 - 2014-12-31 14:56 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-23 17:36 - 2018-05-13 10:26 - 000000000 ____D C:\Program Files\Opera
2020-06-23 17:36 - 2015-11-14 19:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-23 10:25 - 2018-02-23 21:20 - 000000000 ____D C:\Users\Nigel\AppData\LocalLow\Mozilla
2020-06-23 10:20 - 2015-11-14 19:15 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-22 15:52 - 2020-05-11 17:49 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Telegram Desktop
2020-06-22 15:18 - 2020-01-29 13:56 - 000003944 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1526203677
2020-06-22 15:18 - 2018-05-13 10:28 - 000001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2020-06-21 19:56 - 2014-02-06 17:45 - 000000000 ____D C:\Users\Nigel\AppData\Local\ElevatedDiagnostics
2020-06-21 18:19 - 2020-01-29 13:13 - 000000000 ____D C:\Users\Nigel
2020-06-19 20:52 - 2013-08-29 17:50 - 000095976 _____ C:\Users\Nigel\AppData\Local\GDIPFONTCACHEV1.DAT
2020-06-15 20:26 - 2015-12-09 14:51 - 000000000 ____D C:\Users\Nigel\AppData\LocalLow\Temp
2020-06-14 10:49 - 2019-08-08 15:04 - 523328468 _____ C:\WINDOWS\MEMORY.DMP
2020-06-11 07:58 - 2015-09-16 10:10 - 000000000 ___RD C:\Users\Nigel\3D Objects
2020-06-11 07:58 - 2013-04-17 10:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-06-11 01:48 - 2019-03-19 12:37 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-06-11 01:48 - 2019-03-19 12:37 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-06-10 08:32 - 2020-01-29 13:05 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-06-09 19:51 - 2020-01-29 13:56 - 000004586 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-06-09 19:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-09 19:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-09 18:52 - 2020-01-29 13:56 - 000004574 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-06-08 18:04 - 2013-11-12 01:47 - 000000000 ____D C:\Program Files (x86)\Intel
2020-06-08 17:56 - 2017-08-02 11:35 - 000000000 ____D C:\Program Files\Intel
2020-06-07 11:46 - 2020-05-01 21:57 - 000000000 ____D C:\Users\Nigel\AppData\Local\CrashDumps
2020-06-06 17:00 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-04 10:15 - 2018-02-17 02:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-06-02 16:34 - 2016-01-05 11:38 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-05-30 08:40 - 2014-10-17 14:06 - 000000000 ____D C:\Users\Nigel\Pictures\Documents\My Received Files
==================== Files in the root of some directories ========
2018-05-20 16:24 - 2018-05-20 16:25 - 075565632 _____ (Malwarebytes ) C:\Users\Nigel\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5170.exe
2014-12-26 21:19 - 2014-12-26 21:19 - 000085130 _____ () C:\Users\Nigel\AppData\Local\ars.cache
2014-12-26 21:19 - 2014-12-26 21:19 - 000135658 _____ () C:\Users\Nigel\AppData\Local\census.cache
2015-07-06 22:43 - 2020-04-18 18:50 - 000005632 _____ () C:\Users\Nigel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-26 21:11 - 2014-12-26 21:11 - 000000036 _____ () C:\Users\Nigel\AppData\Local\housecall.guid.cache
2020-06-06 19:12 - 2020-06-06 19:12 - 000007604 _____ () C:\Users\Nigel\AppData\Local\Resmon.ResmonCfg
2014-12-26 21:16 - 2014-12-26 21:16 - 000000010 _____ () C:\Users\Nigel\AppData\Local\sponge.last.runtime.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2020
Ran by Nigel (29-06-2020 11:38:56)
Running from C:\Users\Nigel\Desktop
Windows 10 Home Version 1909 18363.900 (X64) (2020-01-29 12:58:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4040141387-3011007431-2631040067-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4040141387-3011007431-2631040067-503 - Limited - Disabled)
Guest (S-1-5-21-4040141387-3011007431-2631040067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4040141387-3011007431-2631040067-1005 - Limited - Enabled)
Nigel (S-1-5-21-4040141387-3011007431-2631040067-1001 - Administrator - Enabled) => C:\Users\Nigel
WDAGUtilityAccount (S-1-5-21-4040141387-3011007431-2631040067-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20067 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.387 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.387 - Adobe)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
calibre (HKLM-x32\...\{0E691C85-5591-47B1-AA8A-4C7CB3713F61}) (Version: 4.19.0 - Kovid Goyal)
CyberLink PowerRecover (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (HKLM-x32\...\{1F0C818D-4A41-4E40-BAFB-BB940C82A518}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (HKLM-x32\...\{E354D495-5DA4-4CCF-AB39-080F6A4141BE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (HKLM-x32\...\{9F470E17-4FC3-4091-A508-D5347A16A2B9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (HKLM-x32\...\{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (HKLM-x32\...\{E50E3DBC-46AA-4827-B2A6-F995D81DF526}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (HKLM-x32\...\{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (HKLM-x32\...\{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Intel® Chipset Device Software (HKLM-x32\...\{c4a581e8-a702-448c-80c7-4b6192985db2}) (Version: 10.1.18228.8176 - Intel® Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.1924 - CyberLink Corp.) Hidden
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{058EDEC8-1873-4B49-9A08-54ADE9CC129B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{306C7AEF-16C7-428D-93AA-99D4A4090243}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{36BEC461-B58A-414D-993E-E2BDD1F1A14B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{62BBCDDC-4979-4E59-9D97-5B8E874C3191}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{751EB657-3F22-4150-8CE4-D79A262F1D92}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{7E63F102-A9E9-4F4C-8004-BC62974736BF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A47EA9D4-BB87-415E-9239-28860434E5A0}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 77.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 77.0.1 (x64 en-GB)) (Version: 77.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 77.0.1.7458 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Opera Stable 68.0.3618.173 (HKLM-x32\...\Opera 68.0.3618.173) (Version: 68.0.3618.173 - Opera Software)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0081 - Pegatron Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Podstawowe programy Windows Live (HKLM-x32\...\{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stellar Phoenix Outlook PST Repair (HKLM-x32\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd.)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
Telegram Desktop version 2.1.6 (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.1.6 - Telegram FZ-LLC)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Valokuvavalikoima (HKLM-x32\...\{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Συλλογή φωτογραφιών (HKLM-x32\...\{A19A8C25-272A-4CD6-8BA8-3772321A021B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Packages:
=========
Ashampoo ImageFX for Medion -> C:\Program Files\WindowsApps\AshampooMedion.AshampooImageFXforMedion_1.0.2.14_x64__g53hytncy48pj [2013-08-27] (Ashampoo GmbH & Co. KG)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-01-29] (Autodesk Inc.)
Cyberlink PowerDVD_BE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.PowerDVDforMedion_1.1.918.19562_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
Cyberlink YouCam_DE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.YouCamforMedion_1.1.2118.27406_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-28] (HP Inc.)
Kaspersky Now -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyNow_1.0.0.43_neutral__8jx5e25qw3tdc [2014-06-09] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.11.6020.0_x64__8wekyb3d8bbwe [2020-06-09] (Microsoft Studios) [MS Ad]
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.9.1913.0_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-04] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.6.10070.0_x64__8wekyb3d8bbwe [2020-01-29] (Microsoft Studios) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-29] (MAGIX)
Pinball FX2 -> C:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.8.1.957_x86__8wekyb3d8bbwe [2015-04-14] (Microsoft Studios)
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2018-10-25] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-29] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Nigel\Desktop\Programs\eBay.co.uk.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://rover.ebay.com/rover/1/710-154513-44482-12/4
ShortcutWithArgument: C:\Users\Nigel\Desktop\Programs\Windows 8 Info.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.windows.com/getstarted
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com
==================== Loaded Modules (Whitelisted) =============
2011-03-31 16:52 - 2011-03-31 16:52 - 000499712 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\MSVCP71.dll
2011-03-31 16:52 - 2011-03-31 16:52 - 000348160 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\MSVCR71.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2020-06-29 11:26 - 000001306 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nigel\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "Nigel.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "F.lux"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "utweb"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{1C8DA673-F458-4BAA-BAEF-861A2E8393B2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{8328AFFF-8E8B-4A59-B42F-FFA59BABEF22}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F898E098-8226-49AC-A2AB-50D8CA2C408D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7903EFD5-936F-406E-819A-FA0F75472286}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{8B0238E8-8977-48E9-829D-A544D5ADC6AC}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{EF66AF92-541B-4E8F-988D-4883C5391C21}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{F9B9E328-11FA-4F8D-A125-A89D29316FDE}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{077D7CB9-51D9-4968-8C3F-A46366973E64}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{873454CA-BB93-42D0-9381-713EC7027C3E}] => (Allow) C:\Program Files\Opera\68.0.3618.165\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{449D2AFF-ECDF-4B15-8FB5-CD854F13A2D2}] => (Allow) C:\Program Files\Opera\68.0.3618.173\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{21AA5019-6C55-4523-A90F-C4384162DC2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
08-06-2020 15:15:13 Removed Google Update Helper
13-06-2020 18:02:10 Installed ProtonVPN
23-06-2020 16:07:26 Scheduled Checkpoint
27-06-2020 08:23:58 Windows Update
28-06-2020 18:07:24 O&O ShutUp10
29-06-2020 10:19:58 Removed Microsoft Silverlight
29-06-2020 10:25:13 WLSetup
29-06-2020 10:28:38 WLSetup
29-06-2020 10:43:13 Removed TomTom HOME Visual Studio Merge Modules
29-06-2020 10:50:47 Font cache
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
System errors:
=============
Error: (06/29/2020 11:31:26 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (06/29/2020 11:27:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FontCache3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/29/2020 11:27:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
CodeIntegrity:
===================================
Date: 2020-06-29 11:30:37.971
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-06-29 11:30:37.534
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 503 09/29/2012
Motherboard: Medion E6234
Processor: Intel® Celeron® CPU 1000M @ 1.80GHz
Percentage of memory in use: 58%
Total physical RAM: 3976.96 MB
Available physical RAM: 1648.23 MB
Total Virtual: 4680.96 MB
Available Virtual: 2711.33 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:402.36 GB) (Free:267.4 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:39.33 GB) NTFS
Drive g: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:77.39 GB) NTFS
\\?\Volume{28093404-c710-4e21-8095-578ed04ea020}\ () (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
\\?\Volume{f0292acd-d868-4d82-aebe-70b13313b326}\ () (Fixed) (Total:1.69 GB) (Free:1.09 GB) NTFS
\\?\Volume{1b7803ef-dedf-4406-bbfc-e017c55c457f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 28676295)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
#22
Posted 29 June 2020 - 06:41 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Error: (06/29/2020 11:27:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The FontCache3.0.0.0 service failed to start due to the following error:The service did not respond to the start or control request in a timely fashion.Error: (06/29/2020 11:27:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (45000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
This is usually caused by a corrupt font cache. Let's see if removing it will fix the problem. Windows will recreate it automatically.
Download the attached fixlist.txt to the same location as FRST
fixlist.txt 728bytes
167 downloads
Run FRST and press Fix
A fix log will be generated please post that
Reboot if the fix doesn't reboot it for you
Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.
#23
Posted 29 June 2020 - 07:12 AM
peter plus
- Topic Starter
-
- Member
-
- 278 posts
Member
Font Cache seems to be causing problem. There were three .dat files that I couldnt clear when following uninstall procedure earlier.
Posting fixlog now. About to run FRST now
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-06-2020
Ran by Nigel (29-06-2020 13:59:38) Run:2
Running from C:\Users\Nigel\Desktop
Loaded Profiles: Nigel
Boot Mode: Normal
==============================================
fixlist content:
*****************
CMD: sc stop FontCache
c:\windows\serviceprofiles\localservice\appdata\local\fontcache\FontCache-FontSet-S-1-5-18.dat
c:\windows\serviceprofiles\localservice\appdata\local\fontcache\FontCache-S-1-5-18.dat
c:\windows\serviceprofiles\localservice\appdata\local\fontcache\*.dat
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
*****************
========= sc stop FontCache =========
SERVICE_NAME: FontCache
TYPE : 30 WIN32
STATE : 3 STOP_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
========= End of CMD: =========
c:\windows\serviceprofiles\localservice\appdata\local\fontcache\FontCache-FontSet-S-1-5-18.dat => moved successfully
c:\windows\serviceprofiles\localservice\appdata\local\fontcache\FontCache-S-1-5-18.dat => moved successfully
=========== "c:\windows\serviceprofiles\localservice\appdata\local\fontcache\*.dat" ==========
c:\windows\serviceprofiles\localservice\appdata\local\fontcache\~FontCache-FontFace.dat => moved successfully
"c:\windows\serviceprofiles\localservice\appdata\local\fontcache\~FontCache-FontSet-S-1-5-21-4040141387-3011007431-2631040067-1001.dat" => not found
c:\windows\serviceprofiles\localservice\appdata\local\fontcache\~FontCache-S-1-5-21-4040141387-3011007431-2631040067-1001.dat => moved successfully
c:\windows\serviceprofiles\localservice\appdata\local\fontcache\~FontCache-System.dat => moved successfully
========= End -> "c:\windows\serviceprofiles\localservice\appdata\local\fontcache\*.dat" ========
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic.
The instance name passed was not recognized as valid by a WMI data provider.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 14:01:03 ====
#24
Posted 29 June 2020 - 07:36 AM
peter plus
- Topic Starter
-
- Member
-
- 278 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2020
Ran by Nigel (administrator) on NIGEL-PC (Medion E6234) (29-06-2020 14:12:36)
Running from C:\Users\Nigel\Desktop
Loaded Profiles: Nigel
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: English (United Kingdom)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\GPMTray.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\PHotkey.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\POsd.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CrypKey (Canada) Ltd.) [File not signed] [File is in use] C:\Windows\System32\Crypserv.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(PEGATRON CORPORATION -> TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\Avast Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258592 2012-11-27] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [2774040 2019-12-19] (Opera Software AS -> Opera Software)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\Run: [utweb] => "C:\Users\Nigel\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKLM\...\Windows x64\Print Processors\hpzpp5k2: C:\Windows\System32\spool\prtprocs\x64\hpzpp5k2.dll [224768 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3l5k2: C:\WINDOWS\system32\hpz3l5k2.dll [130048 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2012-11-27] (CyberLink Corp. -> CyberLink)
Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2020-05-05]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01C437B0-56ED-40D9-B5E3-0C1F38DC6BFE} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {0FFAE542-7BB9-4A04-AEB0-99B7D9D321CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {14C2DEB0-9A3C-4D70-BA59-A6A2662ACFB7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {2C917EC3-7D15-46D6-BC2C-4936B6F6CEA9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_pepper.exe [1454648 2020-06-09] (Adobe Inc. -> Adobe)
Task: {2F0BCB97-A472-42F3-A2B6-CA48498B4F6C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-09] (Adobe Inc. -> Adobe)
Task: {3BCA7890-7D00-4553-905F-2D71D8E8D0EC} - System32\Tasks\Opera scheduled Autoupdate 1526203677 => C:\Program Files\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {53DD12F4-F2CC-4E6A-9100-C885108EF2A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [120636720 2020-05-13] (Microsoft Windows -> Microsoft Corporation)
Task: {6087B43D-6CAD-4401-B75B-0A743CE9AB12} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {62C4A8CD-9106-4A28-ADC3-EA65B0C2CEF0} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2020-01-29] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
Task: {745819C7-B794-409E-9046-0E87BEBED62A} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {7C0C03ED-4D20-4255-B657-BB8A2195D44E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {84BF2CA5-C49E-4F8F-A2B5-EE0130618888} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
Task: {88C2DD99-9005-4BA8-9752-E3FC8750C43A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {A75B5455-7AEB-4924-8B0E-41496DCF4BC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {C06DFBDA-FDA4-4007-85BB-B52EFC1EEDC4} - System32\Tasks\GoogleUpdateTaskMachineCore1d5b20961366e42 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {EC3DD447-1885-404A-ADBE-2B2201F18213} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{32a5e555-f93c-4cdf-93c2-ca42ebc72347}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{66cb41a6-c2e0-4e78-8a4c-ef22656af993}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Edge:
======
Edge Profile: C:\Users\Nigel\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-29]
Edge StartupUrls: Default -> "hxxp://go.microsoft.com/fwlink/?LinkId=525990"
FireFox:
========
FF DefaultProfile: gv7jttb3.default
FF DefaultProfile: ar9pl8tr.default
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\TomTom\HOME\Profiles\abjn7h7c.default [2015-07-05]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default [2020-06-28]
FF Homepage: Mozilla\Firefox\Profiles\gv7jttb3.default -> hxxps://www.google.co.uk/?gws_rd=cr
FF Extension: (EPUBReader) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2020-04-10]
FF Extension: (No Name) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-10]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Comodo\IceDragon\Profiles\ar9pl8tr.default [2020-06-25]
FF Homepage: Comodo\IceDragon\Profiles\ar9pl8tr.default -> hxxps://www.youtube.com/feed/subscriptions
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] (Apple Inc. -> )
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4040141387-3011007431-2631040067-1001: @acestream.net/acestreamplugin,version=2.1.7.2 -> C:\Users\Nigel\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default [2020-06-29]
CHR DownloadDir: C:\Users\Nigel\Desktop
CHR Notifications: Default -> hxxp://sportstvonline.net; hxxps://draxe.com; hxxps://m.facebook.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Extension: (Google Docs) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-09]
CHR Extension: (Google Drive) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-10]
CHR Extension: (Google Search) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-23]
CHR Extension: (Google Docs Offline) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (Gmail) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-29]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-04-10]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Opera:
=======
OPR Notifications: hxxps://click.notify.support; hxxps://ctih.apparedistride.club; hxxps://dioh.veirregnant.club; hxxps://en.softonic.com; hxxps://plby.spirationsstrated.club; hxxps://uniquecaptcha.com; hxxps://videoommooth.com; hxxps://vidlox.tv; hxxps://vshare.eu; hxxps://www.footballstreamings.com; hxxps://www.techradar.com; hxxps://www.youtube.com
OPR Extension: (WhatsApp™ Messenger) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\dldmjnlgpemdnceadnpcfenlhhnlbbnl [2020-04-01]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2020-04-02]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] (Ashampoo GmbH & Co. KG -> )
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] (Ashampoo GmbH & Co. KG -> )
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc. -> Apple Inc.)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed] [File is in use]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink -> CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink -> CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] () [File not signed] [File is in use]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel® pGFX -> Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [635104 2012-04-20] (Intel® Upgrade Service -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-29] (Malwarebytes Inc -> Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-09] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] (Ashampoo GmbH & Co. KG -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ELANUSB; C:\WINDOWS\System32\Drivers\elanusb.sys [44408 2016-03-12] (CIC COMPONENTS INDUSTRIES CO., LTD. -> Windows ® Codename Longhorn DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-29] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-29] (Malwarebytes Inc -> Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2019-03-19] (Microsoft Windows -> Intel Corporation)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [28664 2008-03-17] (CrypKey (Canada) Inc. -> )
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [401120 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-29 14:05 - 2020-06-29 14:05 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-29 11:22 - 2020-06-29 14:01 - 000002523 _____ C:\Users\Nigel\Desktop\Fixlog.txt
2020-06-29 11:15 - 2020-06-29 11:15 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-29 11:15 - 2020-06-29 11:15 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-29 11:15 - 2020-06-29 11:15 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-06-29 11:15 - 2020-06-29 11:15 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-29 11:15 - 2020-06-29 11:15 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-29 11:15 - 2020-06-29 11:15 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-29 11:15 - 2020-06-29 11:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-29 11:14 - 2020-06-29 11:14 - 001988280 _____ (Malwarebytes) C:\Users\Nigel\Desktop\MBSetup.exe
2020-06-29 11:04 - 2020-06-29 11:06 - 000454432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-28 19:49 - 2020-06-29 11:50 - 000031612 _____ C:\Users\Nigel\Desktop\Addition.txt
2020-06-28 19:42 - 2020-06-29 14:18 - 000023518 _____ C:\Users\Nigel\Desktop\FRST.txt
2020-06-28 19:41 - 2020-06-29 14:17 - 000000000 ____D C:\FRST
2020-06-28 19:40 - 2020-06-28 19:40 - 002291712 _____ (Farbar) C:\Users\Nigel\Desktop\FRST64.exe
2020-06-28 18:04 - 2020-06-28 18:04 - 001368440 _____ (O&O Software GmbH) C:\Users\Nigel\Desktop\OOSU10.exe
2020-06-27 15:55 - 2020-06-28 08:58 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-27 15:55 - 2020-06-28 08:58 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-06-27 15:55 - 2020-06-28 08:58 - 000002280 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-06-27 15:54 - 2020-06-28 08:51 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-27 15:54 - 2020-06-28 08:51 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-25 12:00 - 2020-06-28 13:53 - 000001084 _____ C:\Users\Nigel\Desktop\SpeedFan.lnk
2020-06-25 12:00 - 2020-06-25 12:00 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2020-06-21 18:20 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Local\calibre-ebook.com
2020-06-21 18:19 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\Calibre Library
2020-06-21 18:19 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Local\calibre-cache
2020-06-21 18:18 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\calibre
2020-06-21 18:17 - 2020-06-21 18:17 - 000001033 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2020-06-21 18:17 - 2020-06-21 18:17 - 000001033 _____ C:\ProgramData\Desktop\calibre - E-book management.lnk
2020-06-21 18:17 - 2020-06-21 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2020-06-21 18:17 - 2020-06-21 18:17 - 000000000 ____D C:\Program Files (x86)\Calibre2
2020-06-21 18:15 - 2020-06-21 18:16 - 110407680 _____ C:\Users\Nigel\Desktop\calibre-4.19.0.msi
2020-06-21 11:28 - 2020-06-23 10:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-06-21 11:25 - 2020-06-21 11:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-06-14 15:25 - 2020-06-14 15:27 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-06-14 15:25 - 2020-06-14 15:25 - 000001973 _____ C:\Users\Nigel\Desktop\Zoom.lnk
2020-06-14 11:12 - 2020-06-14 15:25 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Zoom
2020-06-14 10:49 - 2020-06-14 10:54 - 000837452 _____ C:\WINDOWS\Minidump\061420-60890-01.dmp
2020-06-14 10:49 - 2020-06-14 10:49 - 000000000 ____D C:\WINDOWS\Minidump
2020-06-13 13:52 - 2020-06-13 13:52 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\CrystalIdea Software
2020-06-11 07:57 - 2020-06-05 22:03 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-11 07:57 - 2020-06-05 22:03 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-10 08:34 - 2020-06-10 08:34 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 018029056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 011608064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 009712640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 007012864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 006292480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 005909504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003822592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003525608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003515392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-06-10 08:34 - 2020-06-10 08:34 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 002230240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 002204160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001704448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001539072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 001467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001410048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMNetMgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001272160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001151824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMNetMgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi3.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdosys.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000747832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2020-06-10 08:34 - 2020-06-10 08:34 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2020-06-10 08:34 - 2020-06-10 08:34 - 000484864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psisdecd.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000478208 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\SysWOW64\wvc.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswmdm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\termmgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswmdm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WlanMM.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wavemsp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-06-10 08:34 - 2020-06-10 08:34 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmidx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmidx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkspbrokerAx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000083600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 000028368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SecurityCenterBrokerPS.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-06-10 08:33 - 2020-06-10 08:34 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 025902080 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 019851776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 008015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007760384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007604592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007268864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 006526448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 006091048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005765144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005195432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005111808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005004344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 004858880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 004610560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 003398656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002831872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002798592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-06-10 08:33 - 2020-06-10 08:33 - 002583496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002184504 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001654960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001416224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001397560 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagperf.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001284608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001283072 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001261568 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001250816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001138688 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001100288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdosys.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001055184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001003832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000994304 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000992256 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi3.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000932256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000894024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000783496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DismApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000690176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkObjCore.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000684856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000651776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000628408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\azroles.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000614400 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\psisdecd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000593424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000575488 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\wvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000508720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000508216 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroles.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassdo.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000453944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000451864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\termmgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000407864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwizeng.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000405936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassdo.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000357176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpviewerax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\RASMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Preview.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000280376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpviewerax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wavemsp.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-06-10 08:33 - 2020-06-10 08:33 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000204008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBroker.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000199992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psr.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrecst.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaatext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000150328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrecst.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000130112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000129600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkspbrokerAx.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaatext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000108856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000093448 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000090952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000089344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwanRadioManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-06-10 08:33 - 2020-06-10 08:33 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcEpMap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasads.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-06-10 08:33 - 2020-06-10 08:33 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000063288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasads.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000041864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBrokerPS.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-06-10 08:32 - 2020-06-10 08:32 - 009931576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 007911176 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 007266080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 006066808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 005283264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 004565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 004012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003726848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003581240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 003368104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003187200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 002656256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001683968 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001583104 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001486336 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001393952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001260744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001158144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkObjCore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000892048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000797464 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000760296 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000716320 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000548984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000531768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-06-10 08:32 - 2020-06-10 08:32 - 000518456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000467952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000425056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\psr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtp.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000221496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000209216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000165832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtpUS.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000132424 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000128312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanRadioManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxGipRadioManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-06-10 08:11 - 2020-05-15 05:29 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-06-10 08:11 - 2020-05-15 05:10 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-06-07 17:54 - 2020-06-07 17:54 - 000000000 ____D C:\Malwarebytes
2020-06-07 11:35 - 2020-06-29 14:07 - 000615750 _____ C:\WINDOWS\ntbtlog.txt
2020-06-07 09:11 - 2020-06-07 11:07 - 000009927 _____ C:\Users\Nigel\Pictures\Documents\catspeak.xlsx
2020-06-07 08:20 - 2020-06-08 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2020-06-07 08:20 - 2020-06-08 18:58 - 000000000 ____D C:\Program Files (x86)\HD Tune
2020-06-06 19:29 - 2020-06-06 19:29 - 000000000 ____D C:\Users\Nigel\Intel
2020-06-06 19:12 - 2020-06-06 19:12 - 000007604 _____ C:\Users\Nigel\AppData\Local\Resmon.ResmonCfg
2020-06-06 12:08 - 2020-06-06 12:08 - 000000000 ____D C:\Users\Nigel\AppData\Local\OO Software
2020-06-06 09:52 - 2020-06-06 09:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2020-06-06 09:51 - 2020-06-06 09:51 - 000000000 ____D C:\Program Files (x86)\Seagate
2020-06-06 09:12 - 2020-06-28 13:53 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2020-06-06 09:12 - 2020-06-25 12:00 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2020-06-05 18:28 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2020-06-05 18:02 - 2020-06-05 18:02 - 000014582 _____ C:\junk.txt
2020-06-05 17:41 - 2020-06-25 14:25 - 000036408 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2020-06-05 12:42 - 2020-06-13 13:51 - 001578808 _____ (SpeedyFox) C:\Users\Nigel\Desktop\speedyfox.exe
2020-05-31 15:43 - 2020-05-31 21:55 - 000489846 _____ C:\Users\Nigel\Pictures\Documents\brandsquiz.pptx
2020-05-30 08:42 - 2020-05-30 08:42 - 003716578 _____ C:\Users\Nigel\Pictures\Documents\facesquiz2020a.pptx
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-29 14:18 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-29 14:07 - 2015-08-26 10:42 - 000000000 __SHD C:\Users\Nigel\IntelGraphicsProfiles
2020-06-29 14:04 - 2020-01-29 13:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-29 14:02 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-06-29 11:30 - 2020-05-17 19:24 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2020-06-29 11:15 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-06-29 10:43 - 2015-07-05 11:40 - 000000000 ____D C:\Program Files (x86)\TomTom International B.V
2020-06-29 10:42 - 2020-05-17 19:24 - 000000000 ____D C:\Users\Nigel\AppData\Local\BraveSoftware
2020-06-29 10:42 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-29 10:42 - 2017-12-07 00:36 - 000000000 ____D C:\Users\Nigel\AppData\Local\Packages
2020-06-29 10:31 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Registration
2020-06-29 10:30 - 2013-08-27 20:57 - 000000000 ____D C:\Users\Nigel\AppData\Local\Windows Live
2020-06-29 10:30 - 2013-03-25 09:24 - 000000000 ____D C:\Program Files (x86)\Windows Live
2020-06-29 10:29 - 2019-03-19 12:35 - 000000000 ____D C:\WINDOWS\en-GB
2020-06-29 10:18 - 2015-08-31 13:37 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-29 10:07 - 2020-01-29 13:27 - 000842708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-29 10:07 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-06-28 21:11 - 2020-01-29 12:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-28 18:45 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-28 18:01 - 2020-01-29 13:56 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B36B5B0B-3BFB-42EB-BDEA-CF50958C5376}
2020-06-28 08:53 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-27 22:54 - 2013-08-27 21:23 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\vlc
2020-06-27 08:25 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-24 18:44 - 2014-12-31 14:56 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-24 18:44 - 2014-12-31 14:56 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-24 18:44 - 2014-12-31 14:56 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-23 17:36 - 2018-05-13 10:26 - 000000000 ____D C:\Program Files\Opera
2020-06-23 17:36 - 2015-11-14 19:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-23 10:25 - 2018-02-23 21:20 - 000000000 ____D C:\Users\Nigel\AppData\LocalLow\Mozilla
2020-06-23 10:20 - 2015-11-14 19:15 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-22 15:52 - 2020-05-11 17:49 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Telegram Desktop
2020-06-22 15:18 - 2020-01-29 13:56 - 000003944 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1526203677
2020-06-22 15:18 - 2018-05-13 10:28 - 000001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2020-06-21 19:56 - 2014-02-06 17:45 - 000000000 ____D C:\Users\Nigel\AppData\Local\ElevatedDiagnostics
2020-06-21 18:19 - 2020-01-29 13:13 - 000000000 ____D C:\Users\Nigel
2020-06-19 20:52 - 2013-08-29 17:50 - 000095976 _____ C:\Users\Nigel\AppData\Local\GDIPFONTCACHEV1.DAT
2020-06-15 20:26 - 2015-12-09 14:51 - 000000000 ____D C:\Users\Nigel\AppData\LocalLow\Temp
2020-06-14 10:49 - 2019-08-08 15:04 - 523328468 _____ C:\WINDOWS\MEMORY.DMP
2020-06-11 07:58 - 2015-09-16 10:10 - 000000000 ___RD C:\Users\Nigel\3D Objects
2020-06-11 07:58 - 2013-04-17 10:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-06-11 01:48 - 2019-03-19 12:37 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-06-11 01:48 - 2019-03-19 12:37 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-06-10 08:32 - 2020-01-29 13:05 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-06-09 19:51 - 2020-01-29 13:56 - 000004586 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-06-09 19:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-09 19:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-09 18:52 - 2020-01-29 13:56 - 000004574 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-06-08 18:04 - 2013-11-12 01:47 - 000000000 ____D C:\Program Files (x86)\Intel
2020-06-08 17:56 - 2017-08-02 11:35 - 000000000 ____D C:\Program Files\Intel
2020-06-07 11:46 - 2020-05-01 21:57 - 000000000 ____D C:\Users\Nigel\AppData\Local\CrashDumps
2020-06-06 17:00 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-04 10:15 - 2018-02-17 02:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-06-02 16:34 - 2016-01-05 11:38 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-05-30 08:40 - 2014-10-17 14:06 - 000000000 ____D C:\Users\Nigel\Pictures\Documents\My Received Files
==================== Files in the root of some directories ========
2018-05-20 16:24 - 2018-05-20 16:25 - 075565632 _____ (Malwarebytes ) C:\Users\Nigel\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5170.exe
2014-12-26 21:19 - 2014-12-26 21:19 - 000085130 _____ () C:\Users\Nigel\AppData\Local\ars.cache
2014-12-26 21:19 - 2014-12-26 21:19 - 000135658 _____ () C:\Users\Nigel\AppData\Local\census.cache
2015-07-06 22:43 - 2020-04-18 18:50 - 000005632 _____ () C:\Users\Nigel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-26 21:11 - 2014-12-26 21:11 - 000000036 _____ () C:\Users\Nigel\AppData\Local\housecall.guid.cache
2020-06-06 19:12 - 2020-06-06 19:12 - 000007604 _____ () C:\Users\Nigel\AppData\Local\Resmon.ResmonCfg
2014-12-26 21:16 - 2014-12-26 21:16 - 000000010 _____ () C:\Users\Nigel\AppData\Local\sponge.last.runtime.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2020
Ran by Nigel (29-06-2020 14:19:49)
Running from C:\Users\Nigel\Desktop
Windows 10 Home Version 1909 18363.900 (X64) (2020-01-29 12:58:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4040141387-3011007431-2631040067-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4040141387-3011007431-2631040067-503 - Limited - Disabled)
Guest (S-1-5-21-4040141387-3011007431-2631040067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4040141387-3011007431-2631040067-1005 - Limited - Enabled)
Nigel (S-1-5-21-4040141387-3011007431-2631040067-1001 - Administrator - Enabled) => C:\Users\Nigel
WDAGUtilityAccount (S-1-5-21-4040141387-3011007431-2631040067-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20067 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.387 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.387 - Adobe)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
calibre (HKLM-x32\...\{0E691C85-5591-47B1-AA8A-4C7CB3713F61}) (Version: 4.19.0 - Kovid Goyal)
CyberLink PowerRecover (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (HKLM-x32\...\{1F0C818D-4A41-4E40-BAFB-BB940C82A518}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (HKLM-x32\...\{E354D495-5DA4-4CCF-AB39-080F6A4141BE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (HKLM-x32\...\{9F470E17-4FC3-4091-A508-D5347A16A2B9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (HKLM-x32\...\{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (HKLM-x32\...\{E50E3DBC-46AA-4827-B2A6-F995D81DF526}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (HKLM-x32\...\{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (HKLM-x32\...\{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Intel® Chipset Device Software (HKLM-x32\...\{c4a581e8-a702-448c-80c7-4b6192985db2}) (Version: 10.1.18228.8176 - Intel® Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.1924 - CyberLink Corp.) Hidden
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{058EDEC8-1873-4B49-9A08-54ADE9CC129B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{306C7AEF-16C7-428D-93AA-99D4A4090243}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{36BEC461-B58A-414D-993E-E2BDD1F1A14B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{62BBCDDC-4979-4E59-9D97-5B8E874C3191}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{751EB657-3F22-4150-8CE4-D79A262F1D92}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{7E63F102-A9E9-4F4C-8004-BC62974736BF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A47EA9D4-BB87-415E-9239-28860434E5A0}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 77.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 77.0.1 (x64 en-GB)) (Version: 77.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 77.0.1.7458 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Opera Stable 68.0.3618.173 (HKLM-x32\...\Opera 68.0.3618.173) (Version: 68.0.3618.173 - Opera Software)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0081 - Pegatron Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Podstawowe programy Windows Live (HKLM-x32\...\{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stellar Phoenix Outlook PST Repair (HKLM-x32\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd.)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
Telegram Desktop version 2.1.6 (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.1.6 - Telegram FZ-LLC)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Valokuvavalikoima (HKLM-x32\...\{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Συλλογή φωτογραφιών (HKLM-x32\...\{A19A8C25-272A-4CD6-8BA8-3772321A021B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Packages:
=========
Ashampoo ImageFX for Medion -> C:\Program Files\WindowsApps\AshampooMedion.AshampooImageFXforMedion_1.0.2.14_x64__g53hytncy48pj [2013-08-27] (Ashampoo GmbH & Co. KG)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-01-29] (Autodesk Inc.)
Cyberlink PowerDVD_BE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.PowerDVDforMedion_1.1.918.19562_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
Cyberlink YouCam_DE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.YouCamforMedion_1.1.2118.27406_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-28] (HP Inc.)
Kaspersky Now -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyNow_1.0.0.43_neutral__8jx5e25qw3tdc [2014-06-09] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.11.6020.0_x64__8wekyb3d8bbwe [2020-06-09] (Microsoft Studios) [MS Ad]
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.9.1913.0_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-04] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.6.10070.0_x64__8wekyb3d8bbwe [2020-01-29] (Microsoft Studios) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-29] (MAGIX)
Pinball FX2 -> C:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.8.1.957_x86__8wekyb3d8bbwe [2015-04-14] (Microsoft Studios)
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2018-10-25] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-29] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Nigel\Desktop\Programs\eBay.co.uk.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://rover.ebay.com/rover/1/710-154513-44482-12/4
ShortcutWithArgument: C:\Users\Nigel\Desktop\Programs\Windows 8 Info.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.windows.com/getstarted
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com
==================== Loaded Modules (Whitelisted) =============
2011-03-31 16:52 - 2011-03-31 16:52 - 000499712 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\MSVCP71.dll
2011-03-31 16:52 - 2011-03-31 16:52 - 000348160 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\MSVCR71.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2020-06-29 14:05 - 000001306 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nigel\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "Nigel.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "F.lux"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "utweb"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{1C8DA673-F458-4BAA-BAEF-861A2E8393B2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{8328AFFF-8E8B-4A59-B42F-FFA59BABEF22}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F898E098-8226-49AC-A2AB-50D8CA2C408D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7903EFD5-936F-406E-819A-FA0F75472286}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{8B0238E8-8977-48E9-829D-A544D5ADC6AC}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{EF66AF92-541B-4E8F-988D-4883C5391C21}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{F9B9E328-11FA-4F8D-A125-A89D29316FDE}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{077D7CB9-51D9-4968-8C3F-A46366973E64}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{873454CA-BB93-42D0-9381-713EC7027C3E}] => (Allow) C:\Program Files\Opera\68.0.3618.165\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{449D2AFF-ECDF-4B15-8FB5-CD854F13A2D2}] => (Allow) C:\Program Files\Opera\68.0.3618.173\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{21AA5019-6C55-4523-A90F-C4384162DC2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
08-06-2020 15:15:13 Removed Google Update Helper
13-06-2020 18:02:10 Installed ProtonVPN
23-06-2020 16:07:26 Scheduled Checkpoint
27-06-2020 08:23:58 Windows Update
28-06-2020 18:07:24 O&O ShutUp10
29-06-2020 10:19:58 Removed Microsoft Silverlight
29-06-2020 10:25:13 WLSetup
29-06-2020 10:28:38 WLSetup
29-06-2020 10:43:13 Removed TomTom HOME Visual Studio Merge Modules
29-06-2020 10:50:47 Font cache
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/29/2020 02:01:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (06/29/2020 02:01:42 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (06/29/2020 02:01:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (06/29/2020 02:01:41 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
System errors:
=============
Error: (06/29/2020 02:10:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (06/29/2020 02:05:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FontCache3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/29/2020 02:05:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 503 09/29/2012
Motherboard: Medion E6234
Processor: Intel® Celeron® CPU 1000M @ 1.80GHz
Percentage of memory in use: 72%
Total physical RAM: 3976.96 MB
Available physical RAM: 1096.66 MB
Total Virtual: 4680.96 MB
Available Virtual: 1987.56 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:402.36 GB) (Free:266.35 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:39.33 GB) NTFS
Drive g: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:77.39 GB) NTFS
\\?\Volume{28093404-c710-4e21-8095-578ed04ea020}\ () (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
\\?\Volume{f0292acd-d868-4d82-aebe-70b13313b326}\ () (Fixed) (Total:1.69 GB) (Free:1.09 GB) NTFS
\\?\Volume{1b7803ef-dedf-4406-bbfc-e017c55c457f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 28676295)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
#25
Posted 29 June 2020 - 10:44 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
That didn't work.
Put
PresentationFontCache.exe
in the FRST search box and hit Search Files. You will get one log. Please post.
Search for
services.msc
hit Enter
find
Windows Presentation Foundation Font Cache 3.0.0.0
right click and select Properties. If the Startup Type: is not set to Manual please change it and OK. (Tell me)
#26
Posted 29 June 2020 - 11:25 AM
peter plus
- Topic Starter
-
- Member
-
- 278 posts
Member
Windows Presentation Foundation Font Cache 3.0.0.0 was set to Automatic. Changed to Manual.
Farbar Recovery Scan Tool (x64) Version: 28-06-2020
Ran by Nigel (29-06-2020 18:00:46)
Running from C:\Users\Nigel\Desktop
Boot Mode: Normal
================== Search Files: "PresentationFontCache.exe" =============
C:\Windows\WinSxS\msil_presentationfontcache_31bf3856ad364e35_10.0.18362.1_none_8409a545750f6333\PresentationFontCache.exe
[2020-01-29 11:47][2020-01-29 11:47] 000043712 _____ (Microsoft Corporation) 2D5A68EEA706673DD06BC134CFB07734 [File is digitally signed]
C:\Windows\WinSxS\amd64_wpf-presentationfontcache_31bf3856ad364e35_10.0.18362.1_none_d7f706ca8f66809a\PresentationFontCache.exe
[2020-01-29 11:47][2020-01-29 11:47] 000043704 _____ (Microsoft Corporation) 6431A8760ACC8616B0C3A36B9E74C062 [File is digitally signed]
C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
[2020-01-29 11:47][2020-01-29 11:47] 000043704 _____ (Microsoft Corporation) 6431A8760ACC8616B0C3A36B9E74C062 [File is digitally signed]
C:\Windows\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
[2020-01-29 11:47][2020-01-29 11:47] 000043712 _____ (Microsoft Corporation) 2D5A68EEA706673DD06BC134CFB07734 [File is digitally signed]
====== End of Search ======
#27
Posted 29 June 2020 - 01:22 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
The file is the correct one and doesn't appear to be corrupt. My Win 10 has it at Manual so that's probably what it is supposed to be.
If you go back into services.msc can you Start it now? Do you get an error?
#28
Posted 30 June 2020 - 01:50 AM
peter plus
- Topic Starter
-
- Member
-
- 278 posts
Member
Starts OK.
Only thing this morning was I had to connect manually to wifi.
Same happened yesterday
#29
Posted 30 June 2020 - 05:03 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Do you have to select the Wireless then put in the password or is selecting it enough?
When you select the Wireless is the "Connect Automatically" box checked?
If you open an elevated Command Prompt
win 10: http://www.howtogeek...-in-windows-10/
and type:
netsh wlan show profile name=VM5221480 key=clear
(I'm using the SSID shown in your Speccy log. If it has changed then change where it says name=VM5221480 to the new SSID)
You should get something like:
Profile VM5221480 on interface Wi-Fi:
=======================================================================
Applied: All User Profile
Profile information
-------------------
Version : 1
Type : Wireless LAN
Name : VM5221480
Control options :
Connection mode : Connect manually <== Does this say manually or auto?
Network broadcast : Connect only if this network is broadcasting
AutoSwitch : Do not switch to other networks
MAC Randomization : Disabled
Connectivity settings
---------------------
Number of SSIDs : 1
SSID name : "VM5221480"
Network type : Infrastructure
Radio type : [ Any Radio Type ]
Vendor extension : Not present
Security settings
-----------------
Authentication : WPA2-Personal
Cipher : CCMP
Authentication : WPA2-Personal
Cipher : GCMP
Security key : Present
Key Content : ********** <==Your Password should be where the stars are.
Cost settings
-------------
Cost : Unrestricted
Congested : No
Approaching Data Limit : No
Over Data Limit : No
Roaming : No
Cost Source : Default
Could I see a new FRST scan to see if any new errors have shown up?
#30
Posted 30 June 2020 - 05:46 AM
peter plus
- Topic Starter
-
- Member
-
- 278 posts
Member
Connect automatically wasn't checked....Duh
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2020
Ran by Nigel (administrator) on NIGEL-PC (Medion E6234) (30-06-2020 12:19:08)
Running from C:\Users\Nigel\Desktop
Loaded Profiles: Nigel
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: English (United Kingdom)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\GPMTray.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\PHotkey.exe
() [File not signed] [File is in use] C:\Program Files (x86)\PHotkey\POsd.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(CrypKey (Canada) Ltd.) [File not signed] [File is in use] C:\Windows\System32\Crypserv.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
(PEGATRON CORPORATION -> ) C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(PEGATRON CORPORATION -> TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\Avast Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258592 2012-11-27] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [2774040 2019-12-19] (Opera Software AS -> Opera Software)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\Run: [utweb] => "C:\Users\Nigel\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKLM\...\Windows x64\Print Processors\hpzpp5k2: C:\Windows\System32\spool\prtprocs\x64\hpzpp5k2.dll [224768 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3l5k2: C:\WINDOWS\system32\hpz3l5k2.dll [130048 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-24] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2012-11-27] (CyberLink Corp. -> CyberLink)
Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2020-05-05]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01C437B0-56ED-40D9-B5E3-0C1F38DC6BFE} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [124624 2020-06-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {0FFAE542-7BB9-4A04-AEB0-99B7D9D321CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {14C2DEB0-9A3C-4D70-BA59-A6A2662ACFB7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {2C917EC3-7D15-46D6-BC2C-4936B6F6CEA9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_pepper.exe [1454648 2020-06-09] (Adobe Inc. -> Adobe)
Task: {2F0BCB97-A472-42F3-A2B6-CA48498B4F6C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-09] (Adobe Inc. -> Adobe)
Task: {3BCA7890-7D00-4553-905F-2D71D8E8D0EC} - System32\Tasks\Opera scheduled Autoupdate 1526203677 => C:\Program Files\Opera\launcher.exe [1517592 2020-06-18] (Opera Software AS -> Opera Software)
Task: {53DD12F4-F2CC-4E6A-9100-C885108EF2A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [120636720 2020-05-13] (Microsoft Windows -> Microsoft Corporation)
Task: {6087B43D-6CAD-4401-B75B-0A743CE9AB12} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {62C4A8CD-9106-4A28-ADC3-EA65B0C2CEF0} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2020-01-29] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
Task: {745819C7-B794-409E-9046-0E87BEBED62A} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {7C0C03ED-4D20-4255-B657-BB8A2195D44E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {84BF2CA5-C49E-4F8F-A2B5-EE0130618888} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
Task: {88C2DD99-9005-4BA8-9752-E3FC8750C43A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {A75B5455-7AEB-4924-8B0E-41496DCF4BC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {C06DFBDA-FDA4-4007-85BB-B52EFC1EEDC4} - System32\Tasks\GoogleUpdateTaskMachineCore1d5b20961366e42 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {EC3DD447-1885-404A-ADBE-2B2201F18213} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{32a5e555-f93c-4cdf-93c2-ca42ebc72347}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{66cb41a6-c2e0-4e78-8a4c-ef22656af993}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Edge:
======
Edge Profile: C:\Users\Nigel\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-29]
Edge StartupUrls: Default -> "hxxp://go.microsoft.com/fwlink/?LinkId=525990"
FireFox:
========
FF DefaultProfile: gv7jttb3.default
FF DefaultProfile: ar9pl8tr.default
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\TomTom\HOME\Profiles\abjn7h7c.default [2015-07-05]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default [2020-06-28]
FF Homepage: Mozilla\Firefox\Profiles\gv7jttb3.default -> hxxps://www.google.co.uk/?gws_rd=cr
FF Extension: (EPUBReader) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2020-04-10]
FF Extension: (No Name) - C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\gv7jttb3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-10]
FF ProfilePath: C:\Users\Nigel\AppData\Roaming\Comodo\IceDragon\Profiles\ar9pl8tr.default [2020-06-25]
FF Homepage: Comodo\IceDragon\Profiles\ar9pl8tr.default -> hxxps://www.youtube.com/feed/subscriptions
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-09] (Adobe Inc. -> )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] (Apple Inc. -> )
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google Inc -> Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4040141387-3011007431-2631040067-1001: @acestream.net/acestreamplugin,version=2.1.7.2 -> C:\Users\Nigel\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default [2020-06-30]
CHR DownloadDir: C:\Users\Nigel\Desktop
CHR Notifications: Default -> hxxp://sportstvonline.net; hxxps://draxe.com; hxxps://m.facebook.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Extension: (Google Docs) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-09]
CHR Extension: (Google Drive) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-10]
CHR Extension: (Google Search) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-23]
CHR Extension: (Google Docs Offline) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-29]
CHR Extension: (Gmail) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-30]
CHR Extension: (Chrome Media Router) - C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-29]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-04-10]
CHR Profile: C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Opera:
=======
OPR Notifications: hxxps://click.notify.support; hxxps://ctih.apparedistride.club; hxxps://dioh.veirregnant.club; hxxps://en.softonic.com; hxxps://plby.spirationsstrated.club; hxxps://uniquecaptcha.com; hxxps://videoommooth.com; hxxps://vidlox.tv; hxxps://vshare.eu; hxxps://www.footballstreamings.com; hxxps://www.techradar.com; hxxps://www.youtube.com
OPR Extension: (WhatsApp™ Messenger) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\dldmjnlgpemdnceadnpcfenlhhnlbbnl [2020-04-01]
OPR Extension: (Adblock Plus - free ad blocker) - C:\Users\Nigel\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2020-04-02]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] (Ashampoo GmbH & Co. KG -> )
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-09] (Adobe Inc. -> Adobe)
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] (Ashampoo GmbH & Co. KG -> )
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc. -> Apple Inc.)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed] [File is in use]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink -> CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink -> CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] () [File not signed] [File is in use]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel® pGFX -> Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [635104 2012-04-20] (Intel® Upgrade Service -> Intel® Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-29] (Malwarebytes Inc -> Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-09] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] (Ashampoo GmbH & Co. KG -> )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ELANUSB; C:\WINDOWS\System32\Drivers\elanusb.sys [44408 2016-03-12] (CIC COMPONENTS INDUSTRIES CO., LTD. -> Windows ® Codename Longhorn DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-29] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-29] (Malwarebytes Inc -> Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2019-03-19] (Microsoft Windows -> Intel Corporation)
R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [28664 2008-03-17] (CrypKey (Canada) Inc. -> )
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Research In Motion Limited)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2018-01-31] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [401120 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-29 18:00 - 2020-06-29 18:24 - 000001244 _____ C:\Users\Nigel\Desktop\Search.txt
2020-06-29 14:05 - 2020-06-29 14:05 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-29 11:22 - 2020-06-29 14:01 - 000002523 _____ C:\Users\Nigel\Desktop\Fixlog.txt
2020-06-29 11:15 - 2020-06-29 11:15 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-29 11:15 - 2020-06-29 11:15 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-29 11:15 - 2020-06-29 11:15 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-06-29 11:15 - 2020-06-29 11:15 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-29 11:15 - 2020-06-29 11:15 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-29 11:15 - 2020-06-29 11:15 - 000002025 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-29 11:15 - 2020-06-29 11:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-29 11:04 - 2020-06-29 11:06 - 000454432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-28 19:49 - 2020-06-29 14:33 - 000031695 _____ C:\Users\Nigel\Desktop\Addition.txt
2020-06-28 19:42 - 2020-06-30 12:25 - 000023689 _____ C:\Users\Nigel\Desktop\FRST.txt
2020-06-28 19:41 - 2020-06-30 12:24 - 000000000 ____D C:\FRST
2020-06-28 19:40 - 2020-06-28 19:40 - 002291712 _____ (Farbar) C:\Users\Nigel\Desktop\FRST64.exe
2020-06-28 18:04 - 2020-06-28 18:04 - 001368440 _____ (O&O Software GmbH) C:\Users\Nigel\Desktop\OOSU10.exe
2020-06-27 15:55 - 2020-06-28 08:58 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-27 15:55 - 2020-06-28 08:58 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-06-27 15:55 - 2020-06-28 08:58 - 000002280 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-06-27 15:54 - 2020-06-28 08:51 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-27 15:54 - 2020-06-28 08:51 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-25 12:00 - 2020-06-29 14:41 - 000001084 _____ C:\Users\Nigel\Desktop\SpeedFan.lnk
2020-06-25 12:00 - 2020-06-25 12:00 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2020-06-21 18:20 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Local\calibre-ebook.com
2020-06-21 18:19 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\Calibre Library
2020-06-21 18:19 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Local\calibre-cache
2020-06-21 18:18 - 2020-06-21 18:20 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\calibre
2020-06-21 18:17 - 2020-06-21 18:17 - 000001033 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2020-06-21 18:17 - 2020-06-21 18:17 - 000001033 _____ C:\ProgramData\Desktop\calibre - E-book management.lnk
2020-06-21 18:17 - 2020-06-21 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2020-06-21 18:17 - 2020-06-21 18:17 - 000000000 ____D C:\Program Files (x86)\Calibre2
2020-06-21 18:15 - 2020-06-21 18:16 - 110407680 _____ C:\Users\Nigel\Desktop\calibre-4.19.0.msi
2020-06-21 11:28 - 2020-06-23 10:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-06-21 11:25 - 2020-06-21 11:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-06-14 15:25 - 2020-06-14 15:27 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-06-14 15:25 - 2020-06-14 15:25 - 000001973 _____ C:\Users\Nigel\Desktop\Zoom.lnk
2020-06-14 11:12 - 2020-06-14 15:25 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Zoom
2020-06-14 10:49 - 2020-06-14 10:54 - 000837452 _____ C:\WINDOWS\Minidump\061420-60890-01.dmp
2020-06-14 10:49 - 2020-06-14 10:49 - 000000000 ____D C:\WINDOWS\Minidump
2020-06-13 13:52 - 2020-06-13 13:52 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\CrystalIdea Software
2020-06-11 07:57 - 2020-06-05 22:03 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-11 07:57 - 2020-06-05 22:03 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-10 08:34 - 2020-06-10 08:34 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 018029056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 011608064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 009712640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 007012864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 006292480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 005909504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003822592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003525608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003515392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-06-10 08:34 - 2020-06-10 08:34 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 002230240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 002204160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001704448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001539072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 001467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001410048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMNetMgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001272160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001151824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMNetMgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 001012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi3.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdosys.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000747832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2020-06-10 08:34 - 2020-06-10 08:34 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2020-06-10 08:34 - 2020-06-10 08:34 - 000484864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psisdecd.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000478208 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\SysWOW64\wvc.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswmdm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\termmgr.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswmdm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WlanMM.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wavemsp.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-06-10 08:34 - 2020-06-10 08:34 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmidx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cic.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmidx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkspbrokerAx.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000083600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2020-06-10 08:34 - 2020-06-10 08:34 - 000028368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SecurityCenterBrokerPS.dll
2020-06-10 08:34 - 2020-06-10 08:34 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-06-10 08:33 - 2020-06-10 08:34 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 025902080 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 019851776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 008015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007760384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007604592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 007268864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 006526448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 006091048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005765144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005195432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005111808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 005004344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 004858880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 004610560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 003398656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002831872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002798592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-06-10 08:33 - 2020-06-10 08:33 - 002583496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 002184504 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001654960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001416224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001397560 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001314304 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagperf.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001284608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001283072 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001261568 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001250816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001138688 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001100288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdosys.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001055184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 001003832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000994304 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000992256 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi3.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000932256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000894024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000783496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DismApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000690176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkObjCore.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000684856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000651776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000628408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\azroles.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000614400 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\psisdecd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000593424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000575488 _____ (Microsoft® Windows® Operating System) C:\WINDOWS\system32\wvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000508720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000508216 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroles.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassdo.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000453944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000451864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\termmgr.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000407864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwizeng.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000405936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000398336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassdo.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000357176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpviewerax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-06-10 08:33 - 2020-06-10 08:33 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\RASMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Preview.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000280376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpviewerax.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wavemsp.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-06-10 08:33 - 2020-06-10 08:33 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000223544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cic.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000204008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBroker.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000199992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\psr.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrecst.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaatext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000165192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000150328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrecst.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000130112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000129600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkspbrokerAx.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaatext.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000108856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000093448 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000090952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000089344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwanRadioManager.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-06-10 08:33 - 2020-06-10 08:33 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcEpMap.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasads.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-06-10 08:33 - 2020-06-10 08:33 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000063288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasads.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000041864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityCenterBrokerPS.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-06-10 08:33 - 2020-06-10 08:33 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-06-10 08:33 - 2020-06-10 08:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-06-10 08:32 - 2020-06-10 08:32 - 009931576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 007911176 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 007266080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 006066808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 005283264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 004565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 004012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003726848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003581240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 003368104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 003187200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 002656256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 002235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001919488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001683968 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001583104 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001486336 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001393952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001260744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001158144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkObjCore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000892048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000797464 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000760296 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000716320 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000548984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000531768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-06-10 08:32 - 2020-06-10 08:32 - 000518456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000467952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000425056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\psr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtp.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000221496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000209216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-06-10 08:32 - 2020-06-10 08:32 - 000165832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtpUS.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000132424 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000128312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanRadioManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxGipRadioManager.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnosticsTool.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-06-10 08:32 - 2020-06-10 08:32 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2020-06-10 08:32 - 2020-06-10 08:32 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-06-10 08:11 - 2020-05-15 05:29 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-06-10 08:11 - 2020-05-15 05:10 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-06-07 17:54 - 2020-06-07 17:54 - 000000000 ____D C:\Malwarebytes
2020-06-07 11:35 - 2020-06-30 09:13 - 000618752 _____ C:\WINDOWS\ntbtlog.txt
2020-06-07 09:11 - 2020-06-07 11:07 - 000009927 _____ C:\Users\Nigel\Pictures\Documents\catspeak.xlsx
2020-06-07 08:20 - 2020-06-08 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2020-06-07 08:20 - 2020-06-08 18:58 - 000000000 ____D C:\Program Files (x86)\HD Tune
2020-06-06 19:29 - 2020-06-06 19:29 - 000000000 ____D C:\Users\Nigel\Intel
2020-06-06 19:12 - 2020-06-06 19:12 - 000007604 _____ C:\Users\Nigel\AppData\Local\Resmon.ResmonCfg
2020-06-06 12:08 - 2020-06-06 12:08 - 000000000 ____D C:\Users\Nigel\AppData\Local\OO Software
2020-06-06 09:52 - 2020-06-06 09:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2020-06-06 09:51 - 2020-06-06 09:51 - 000000000 ____D C:\Program Files (x86)\Seagate
2020-06-06 09:12 - 2020-06-29 14:41 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2020-06-06 09:12 - 2020-06-25 12:00 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2020-06-05 18:28 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2020-06-05 18:02 - 2020-06-05 18:02 - 000014582 _____ C:\junk.txt
2020-06-05 17:41 - 2020-06-25 14:25 - 000036408 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2020-06-05 12:42 - 2020-06-13 13:51 - 001578808 _____ (SpeedyFox) C:\Users\Nigel\Desktop\speedyfox.exe
2020-05-31 15:43 - 2020-05-31 21:55 - 000489846 _____ C:\Users\Nigel\Pictures\Documents\brandsquiz.pptx
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-06-30 12:26 - 2020-01-29 13:56 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B36B5B0B-3BFB-42EB-BDEA-CF50958C5376}
2020-06-30 12:18 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-30 08:36 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-30 08:31 - 2020-01-29 13:27 - 000842708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-30 08:31 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-06-30 08:29 - 2015-08-26 10:42 - 000000000 __SHD C:\Users\Nigel\IntelGraphicsProfiles
2020-06-29 22:08 - 2020-01-29 12:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-29 14:04 - 2020-01-29 13:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-29 14:02 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-06-29 11:30 - 2020-05-17 19:24 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2020-06-29 11:15 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-06-29 10:43 - 2015-07-05 11:40 - 000000000 ____D C:\Program Files (x86)\TomTom International B.V
2020-06-29 10:42 - 2020-05-17 19:24 - 000000000 ____D C:\Users\Nigel\AppData\Local\BraveSoftware
2020-06-29 10:42 - 2017-12-07 00:36 - 000000000 ____D C:\Users\Nigel\AppData\Local\Packages
2020-06-29 10:31 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Registration
2020-06-29 10:30 - 2013-08-27 20:57 - 000000000 ____D C:\Users\Nigel\AppData\Local\Windows Live
2020-06-29 10:30 - 2013-03-25 09:24 - 000000000 ____D C:\Program Files (x86)\Windows Live
2020-06-29 10:29 - 2019-03-19 12:35 - 000000000 ____D C:\WINDOWS\en-GB
2020-06-29 10:18 - 2015-08-31 13:37 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-28 18:45 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-06-28 08:53 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-27 22:54 - 2013-08-27 21:23 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\vlc
2020-06-27 08:25 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-24 18:44 - 2014-12-31 14:56 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-24 18:44 - 2014-12-31 14:56 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-24 18:44 - 2014-12-31 14:56 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-23 17:36 - 2018-05-13 10:26 - 000000000 ____D C:\Program Files\Opera
2020-06-23 17:36 - 2015-11-14 19:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-06-23 10:25 - 2018-02-23 21:20 - 000000000 ____D C:\Users\Nigel\AppData\LocalLow\Mozilla
2020-06-23 10:20 - 2015-11-14 19:15 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-06-22 15:52 - 2020-05-11 17:49 - 000000000 ____D C:\Users\Nigel\AppData\Roaming\Telegram Desktop
2020-06-22 15:18 - 2020-01-29 13:56 - 000003944 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1526203677
2020-06-22 15:18 - 2018-05-13 10:28 - 000001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2020-06-21 19:56 - 2014-02-06 17:45 - 000000000 ____D C:\Users\Nigel\AppData\Local\ElevatedDiagnostics
2020-06-21 18:19 - 2020-01-29 13:13 - 000000000 ____D C:\Users\Nigel
2020-06-19 20:52 - 2013-08-29 17:50 - 000095976 _____ C:\Users\Nigel\AppData\Local\GDIPFONTCACHEV1.DAT
2020-06-17 12:50 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ServiceState
2020-06-15 20:26 - 2015-12-09 14:51 - 000000000 ____D C:\Users\Nigel\AppData\LocalLow\Temp
2020-06-14 10:49 - 2019-08-08 15:04 - 523328468 _____ C:\WINDOWS\MEMORY.DMP
2020-06-11 07:58 - 2015-09-16 10:10 - 000000000 ___RD C:\Users\Nigel\3D Objects
2020-06-11 07:58 - 2013-04-17 10:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-06-11 01:48 - 2019-03-19 12:37 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2020-06-11 01:48 - 2019-03-19 12:37 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-06-11 01:48 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-06-10 08:32 - 2020-01-29 13:05 - 002876416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-06-09 19:51 - 2020-01-29 13:56 - 000004586 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-06-09 19:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-09 19:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-09 18:52 - 2020-01-29 13:56 - 000004574 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-06-08 18:04 - 2013-11-12 01:47 - 000000000 ____D C:\Program Files (x86)\Intel
2020-06-08 17:56 - 2017-08-02 11:35 - 000000000 ____D C:\Program Files\Intel
2020-06-07 11:46 - 2020-05-01 21:57 - 000000000 ____D C:\Users\Nigel\AppData\Local\CrashDumps
2020-06-06 17:00 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-04 10:15 - 2018-02-17 02:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-06-02 16:34 - 2016-01-05 11:38 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories ========
2018-05-20 16:24 - 2018-05-20 16:25 - 075565632 _____ (Malwarebytes ) C:\Users\Nigel\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5170.exe
2014-12-26 21:19 - 2014-12-26 21:19 - 000085130 _____ () C:\Users\Nigel\AppData\Local\ars.cache
2014-12-26 21:19 - 2014-12-26 21:19 - 000135658 _____ () C:\Users\Nigel\AppData\Local\census.cache
2015-07-06 22:43 - 2020-04-18 18:50 - 000005632 _____ () C:\Users\Nigel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-26 21:11 - 2014-12-26 21:11 - 000000036 _____ () C:\Users\Nigel\AppData\Local\housecall.guid.cache
2020-06-06 19:12 - 2020-06-06 19:12 - 000007604 _____ () C:\Users\Nigel\AppData\Local\Resmon.ResmonCfg
2014-12-26 21:16 - 2014-12-26 21:16 - 000000010 _____ () C:\Users\Nigel\AppData\Local\sponge.last.runtime.cache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2020
Ran by Nigel (30-06-2020 12:28:19)
Running from C:\Users\Nigel\Desktop
Windows 10 Home Version 1909 18363.900 (X64) (2020-01-29 12:58:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4040141387-3011007431-2631040067-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4040141387-3011007431-2631040067-503 - Limited - Disabled)
Guest (S-1-5-21-4040141387-3011007431-2631040067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4040141387-3011007431-2631040067-1005 - Limited - Enabled)
Nigel (S-1-5-21-4040141387-3011007431-2631040067-1001 - Administrator - Enabled) => C:\Users\Nigel
WDAGUtilityAccount (S-1-5-21-4040141387-3011007431-2631040067-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20067 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.387 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.387 - Adobe)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo AppLauncher v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG)
Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG)
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
calibre (HKLM-x32\...\{0E691C85-5591-47B1-AA8A-4C7CB3713F61}) (Version: 4.19.0 - Kovid Goyal)
CyberLink PowerRecover (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Fotogalerie (HKLM-x32\...\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (HKLM-x32\...\{1F0C818D-4A41-4E40-BAFB-BB940C82A518}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (HKLM-x32\...\{E354D495-5DA4-4CCF-AB39-080F6A4141BE}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (HKLM-x32\...\{9F470E17-4FC3-4091-A508-D5347A16A2B9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (HKLM-x32\...\{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (HKLM-x32\...\{E50E3DBC-46AA-4827-B2A6-F995D81DF526}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (HKLM-x32\...\{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{8F7FECEC-088F-431D-A5FB-2B59E1E69943}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (HKLM-x32\...\{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{446CC8CE-0E90-44F7-ADD0-774B243EF090}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Intel® Chipset Device Software (HKLM-x32\...\{c4a581e8-a702-448c-80c7-4b6192985db2}) (Version: 10.1.18228.8176 - Intel® Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion)
Medion Home Cinema 10 (HKLM-x32\...\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.1924 - CyberLink Corp.) Hidden
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{058EDEC8-1873-4B49-9A08-54ADE9CC129B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{306C7AEF-16C7-428D-93AA-99D4A4090243}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{36BEC461-B58A-414D-993E-E2BDD1F1A14B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{62BBCDDC-4979-4E59-9D97-5B8E874C3191}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{701FE1BC-834A-4857-AF62-6EBA50CFBC78}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{751EB657-3F22-4150-8CE4-D79A262F1D92}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{7E63F102-A9E9-4F4C-8004-BC62974736BF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A17946CA-18E5-4CF0-8D55-A56D804718F8}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{A47EA9D4-BB87-415E-9239-28860434E5A0}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 77.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 77.0.1 (x64 en-GB)) (Version: 77.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 77.0.1.7458 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Opera Stable 68.0.3618.173 (HKLM-x32\...\Opera 68.0.3618.173) (Version: 68.0.3618.173 - Opera Software)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0081 - Pegatron Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Podstawowe programy Windows Live (HKLM-x32\...\{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (HKLM-x32\...\{D04EBB49-C985-4A38-8695-62000861293A}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Stellar Phoenix Outlook PST Repair (HKLM-x32\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd.)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
Telegram Desktop version 2.1.6 (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.1.6 - Telegram FZ-LLC)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Valokuvavalikoima (HKLM-x32\...\{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Συλλογή φωτογραφιών (HKLM-x32\...\{A19A8C25-272A-4CD6-8BA8-3772321A021B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Packages:
=========
Ashampoo ImageFX for Medion -> C:\Program Files\WindowsApps\AshampooMedion.AshampooImageFXforMedion_1.0.2.14_x64__g53hytncy48pj [2013-08-27] (Ashampoo GmbH & Co. KG)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-01-29] (Autodesk Inc.)
Cyberlink PowerDVD_BE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.PowerDVDforMedion_1.1.918.19562_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
Cyberlink YouCam_DE -> C:\Program Files\WindowsApps\CyberLinkCorp.me.YouCamforMedion_1.1.2118.27406_x86__fyjd2029wheaw [2013-11-13] (CYBERLINK COM)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-28] (HP Inc.)
Kaspersky Now -> C:\Program Files\WindowsApps\KasperskyLab.KasperskyNow_1.0.0.43_neutral__8jx5e25qw3tdc [2014-06-09] (Kaspersky Lab)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.11.6020.0_x64__8wekyb3d8bbwe [2020-06-09] (Microsoft Studios) [MS Ad]
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.9.1913.0_x86__8wekyb3d8bbwe [2020-01-29] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-04] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.6.10070.0_x64__8wekyb3d8bbwe [2020-01-29] (Microsoft Studios) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2020-01-29] (MAGIX)
Pinball FX2 -> C:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.8.1.957_x86__8wekyb3d8bbwe [2015-04-14] (Microsoft Studios)
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2018-10-25] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4040141387-3011007431-2631040067-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nigel\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-08-04] (CyberLink -> Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-29] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Nigel\Desktop\Programs\eBay.co.uk.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://rover.ebay.com/rover/1/710-154513-44482-12/4
ShortcutWithArgument: C:\Users\Nigel\Desktop\Programs\Windows 8 Info.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.windows.com/getstarted
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com
==================== Loaded Modules (Whitelisted) =============
2011-03-31 16:52 - 2011-03-31 16:52 - 000499712 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\MSVCP71.dll
2011-03-31 16:52 - 2011-03-31 16:52 - 000348160 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\MSVCR71.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2020-06-29 14:05 - 000001306 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nigel\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "Nigel.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "F.lux"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-4040141387-3011007431-2631040067-1001\...\StartupApproved\Run: => "utweb"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{1C8DA673-F458-4BAA-BAEF-861A2E8393B2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{8328AFFF-8E8B-4A59-B42F-FFA59BABEF22}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F898E098-8226-49AC-A2AB-50D8CA2C408D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7903EFD5-936F-406E-819A-FA0F75472286}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{8B0238E8-8977-48E9-829D-A544D5ADC6AC}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{EF66AF92-541B-4E8F-988D-4883C5391C21}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{F9B9E328-11FA-4F8D-A125-A89D29316FDE}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{077D7CB9-51D9-4968-8C3F-A46366973E64}] => (Allow) C:\Users\Nigel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{873454CA-BB93-42D0-9381-713EC7027C3E}] => (Allow) C:\Program Files\Opera\68.0.3618.165\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{449D2AFF-ECDF-4B15-8FB5-CD854F13A2D2}] => (Allow) C:\Program Files\Opera\68.0.3618.173\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{21AA5019-6C55-4523-A90F-C4384162DC2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
13-06-2020 18:02:10 Installed ProtonVPN
23-06-2020 16:07:26 Scheduled Checkpoint
27-06-2020 08:23:58 Windows Update
28-06-2020 18:07:24 O&O ShutUp10
29-06-2020 10:19:58 Removed Microsoft Silverlight
29-06-2020 10:25:13 WLSetup
29-06-2020 10:28:38 WLSetup
29-06-2020 10:43:13 Removed TomTom HOME Visual Studio Merge Modules
29-06-2020 10:50:47 Font cache
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/29/2020 02:01:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (06/29/2020 02:01:42 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (06/29/2020 02:01:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.
Error: (06/29/2020 02:01:41 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
System errors:
=============
Error: (06/30/2020 08:35:17 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (06/30/2020 08:31:37 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (06/29/2020 02:10:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (06/29/2020 02:05:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FontCache3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/29/2020 02:05:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 503 09/29/2012
Motherboard: Medion E6234
Processor: Intel® Celeron® CPU 1000M @ 1.80GHz
Percentage of memory in use: 85%
Total physical RAM: 3976.96 MB
Available physical RAM: 582.45 MB
Total Virtual: 4726.61 MB
Available Virtual: 1295.84 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:402.36 GB) (Free:267.18 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:39.33 GB) NTFS
Drive g: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:75.39 GB) NTFS
\\?\Volume{28093404-c710-4e21-8095-578ed04ea020}\ () (Fixed) (Total:0.49 GB) (Free:0.14 GB) NTFS
\\?\Volume{f0292acd-d868-4d82-aebe-70b13313b326}\ () (Fixed) (Total:1.69 GB) (Free:1.09 GB) NTFS
\\?\Volume{1b7803ef-dedf-4406-bbfc-e017c55c457f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 28676295)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
