Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Old laptop had many infections. Runs slow [Solved]


  • This topic is locked This topic is locked

#1
peter plus

peter plus

    Member

  • Member
  • PipPipPip
  • 246 posts

Follow up from previous thread. This is my daughter's old laptop which Malwarebytes found 76 infections .

 

It runs pretty slow so I fear there may be others

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2020
Ran by sworton (administrator) on SOPH-PC (TOSHIBA SATELLITE C55D-A-14W) (25-06-2020 19:22:14)
Running from C:\Users\sworton\Desktop
Loaded Profiles: sworton
Platform: Windows 10 Home Version 1803 17134.1246 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <10>
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\sworton\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(TOSHIBA CORPORATION -> ) C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe <3>
(Toshiba Europe GmbH -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688472 2013-07-24] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\Run: [Google Update] => C:\Users\sworton\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-06-18] (Google LLC -> Google LLC)
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\Run: [Chromium] => "c:\users\sworton\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\Run: [GoogleChromeAutoLaunch_BDD88F478892A6EF92770702062E4753] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKLM\...\Windows x64\Print Processors\hpzpp5k2: C:\Windows\System32\spool\prtprocs\x64\hpzpp5k2.dll [224768 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP B111 Status Monitor: C:\WINDOWS\system32\hpinkstsB111LM.dll [328552 2012-01-11] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\IppMon: C:\WINDOWS\system32\IPPMon.dll [251392 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\PCL hpz3l5k2: C:\WINDOWS\system32\hpz3l5k2.dll [130048 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-25] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0513DFE3-4711-476C-89BA-5A4BEA3552E8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0CA46D15-3C30-4541-B56D-99E57180FFE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {338659AF-3D22-427A-A3AE-7F84B5F2050E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3FA264C8-86D1-4101-88A0-4FD89F2E5739} - \WPD\SqmUpload_S-1-5-21-809454615-2631668767-2191910371-1001 -> No File <==== ATTENTION
Task: {4D05EC48-0D2A-4A21-A50B-9AA2F364FCE3} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {55804AD8-0106-4821-B01F-F0C174D3B5A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {56483286-D005-43E7-86B2-7226598D21E1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
Task: {5D689AAC-C438-4296-998F-B8AE6450E664} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6FEB9B68-D8BE-44A9-AA8C-D00EE0BC24BE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7A7108D1-26E7-4515-A06E-C240B8DD3C8A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [655464 2013-07-31] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {862FEC28-DC03-4445-8206-92F9E3DFFBF2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [120636720 2020-06-18] (Microsoft Windows -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {894B2297-CA30-4661-9629-10BA16F03CC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {960F3A6C-88C2-4CA9-8060-886BAED09A6A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ACDAC615-4439-419D-97EC-F75728FC06C9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AF2DE1F3-FC1B-4D45-ABE6-4D06416228FB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BE629869-F646-4110-BCA4-BA4CD95E018E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CBE43BA4-2D39-4307-B81C-2352FB56F757} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D0C6704F-1B13-4227-B403-01DD6BAD7D46} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D8F9FFE1-3FA1-49D7-ADFA-55E6D9C01BFB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DD68579D-7C0A-4DD5-A6A0-C6CA02EC3428} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-809454615-2631668767-2191910371-1001UA => C:\Users\sworton\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-04-02] (Google Inc -> Google Inc.)
Task: {DDB41C3C-91C2-42B8-BDC5-2F820F4B3033} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-809454615-2631668767-2191910371-1001Core => C:\Users\sworton\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-04-02] (Google Inc -> Google Inc.)
Task: {EEF5480B-7550-4FB1-B151-1D00BE940CDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {F0A50F69-CC86-45FF-AFDF-5A0A842445AB} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [471416 2013-07-18] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{765dbe02-54bc-4ea3-a003-9995c5aa1a43}: [DhcpNameServer] 192.168.160.1
Tcpip\..\Interfaces\{8ca3a220-721b-4b53-8b2f-7b28100c8ecf}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] (Apple Inc. -> )
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-10-12]
CHR Profile: C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-06-25]
CHR DownloadDir: C:\Users\sworton\Desktop
CHR Notifications: Profile 1 -> hxxps://mail.google.com; hxxps://mail.google.com; hxxps://teams.microsoft.com; hxxps://www.facebook.com
CHR Extension: (Slides) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-01]
CHR Extension: (Docs) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-01]
CHR Extension: (Google Drive) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-29]
CHR Extension: (IBM Security Rapport) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2020-06-18]
CHR Extension: (YouTube) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-29]
CHR Extension: (Sheets) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-18]
CHR Extension: (Google Hangouts) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2019-05-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-18]
CHR Extension: (Gmail) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-08]
CHR Extension: (Chrome Media Router) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-18]
CHR Profile: C:\Users\sworton\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-31]
CHR HKU\S-1-5-21-809454615-2631668767-2191910371-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-30] () [File not signed]
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [264224 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc. -> Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-10-01] (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] (DTS, Inc. -> )
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] (TOSHIBA CORPORATION -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-18] (Malwarebytes Inc -> Malwarebytes)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-09-04] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-10] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-10] (Microsoft Corporation -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17504 2013-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21653520 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [686080 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (APPEX NETWORKS CORPORATION -> AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-18] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-18] (Malwarebytes Inc -> Malwarebytes)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
S1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-07-30] (IBM -> IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [567336 2016-09-04] (IBM -> IBM Corp.)
S0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [215560 2016-07-11] (IBM -> IBM Corp.)
S0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [470056 2016-07-11] (IBM -> IBM Corp.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548968 2016-09-04] (IBM -> IBM Corp.)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (TOSHIBA CORPORATION -> Toshiba Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46184 2018-11-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [328696 2018-11-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-10] (Microsoft Windows -> Microsoft Corporation)
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-25 19:22 - 2020-06-25 19:25 - 000020749 _____ C:\Users\sworton\Desktop\FRST.txt
2020-06-25 19:21 - 2020-06-25 19:24 - 000000000 ____D C:\FRST
2020-06-25 19:19 - 2020-06-25 19:19 - 002290688 _____ (Farbar) C:\Users\sworton\Desktop\FRST64.exe
2020-06-25 17:03 - 2020-06-25 17:03 - 000000000 ____D C:\Users\sworton\AppData\Roaming\CrystalIdea Software
2020-06-25 17:01 - 2020-06-25 17:01 - 001514640 _____ (SpeedyFox) C:\Users\sworton\Desktop\speedyfox.exe
2020-06-18 15:05 - 2020-06-18 15:05 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-18 14:13 - 2019-03-28 07:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2020-06-18 14:13 - 2019-03-28 07:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2020-06-18 14:13 - 2019-03-28 07:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2020-06-18 14:13 - 2019-03-28 07:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2020-06-18 14:12 - 2019-03-28 10:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2020-06-18 14:12 - 2019-03-28 10:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2020-06-18 14:12 - 2019-03-28 10:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2020-06-18 14:12 - 2019-03-28 10:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2020-06-18 14:12 - 2019-03-28 07:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2020-06-18 14:12 - 2019-03-28 07:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2020-06-18 13:24 - 2020-06-18 13:24 - 000000000 ___HD C:\$WINDOWS.~BT
2020-06-18 12:06 - 2019-09-04 06:15 - 000323904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2020-06-18 12:04 - 2019-09-04 10:42 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2020-06-18 12:02 - 2020-01-07 10:36 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-06-18 12:02 - 2020-01-07 10:35 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2020-06-18 12:02 - 2020-01-07 09:03 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2020-06-18 12:02 - 2019-11-08 08:45 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2020-06-18 12:02 - 2019-11-08 07:03 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2020-06-18 12:02 - 2019-11-08 03:40 - 000060216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2020-06-18 12:02 - 2019-11-08 03:30 - 000785776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-06-18 12:02 - 2019-11-08 03:12 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2020-06-18 12:02 - 2019-10-02 05:14 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-06-18 12:02 - 2019-09-04 10:44 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2020-06-18 12:01 - 2020-01-07 10:35 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2020-06-18 12:01 - 2020-01-07 04:58 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-06-18 12:01 - 2019-11-28 11:30 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-06-18 12:01 - 2019-11-28 09:52 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-06-18 12:01 - 2019-11-08 03:38 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2020-06-18 12:01 - 2019-11-08 03:38 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2020-06-18 12:01 - 2019-10-02 11:11 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\compact.exe
2020-06-18 12:01 - 2019-10-02 10:12 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compact.exe
2020-06-18 12:01 - 2019-10-02 06:04 - 002774120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-06-18 12:01 - 2019-10-02 06:00 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-06-18 12:01 - 2019-10-02 05:51 - 000192312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2020-06-18 12:01 - 2019-10-02 05:48 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-06-18 12:01 - 2019-10-02 05:47 - 002260928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-06-18 12:01 - 2019-10-02 05:14 - 001222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2020-06-18 12:01 - 2019-10-02 05:14 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-06-18 12:01 - 2019-09-13 05:21 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2020-06-18 12:01 - 2019-09-13 05:13 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2020-06-18 12:01 - 2019-09-13 05:11 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2020-06-18 12:01 - 2019-09-04 05:43 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2020-06-18 12:01 - 2019-09-04 05:40 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2020-06-18 12:00 - 2020-01-07 10:34 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-06-18 12:00 - 2019-11-28 11:31 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-06-18 12:00 - 2019-11-28 11:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-06-18 12:00 - 2019-11-28 05:41 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2020-06-18 12:00 - 2019-11-28 05:36 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-18 12:00 - 2019-11-08 03:13 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-06-18 12:00 - 2019-11-08 03:12 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2020-06-18 12:00 - 2019-11-08 03:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2020-06-18 12:00 - 2019-10-02 05:48 - 000402744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2020-06-18 12:00 - 2019-10-02 05:14 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-06-18 12:00 - 2019-10-02 05:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2020-06-18 12:00 - 2019-09-13 05:47 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2020-06-18 12:00 - 2019-09-13 05:47 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2020-06-18 12:00 - 2019-09-13 05:13 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-06-18 12:00 - 2019-08-13 15:44 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2020-06-18 12:00 - 2019-08-13 15:43 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2020-06-18 12:00 - 2019-08-13 05:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2020-06-18 12:00 - 2019-08-13 05:12 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2020-06-18 12:00 - 2019-08-13 05:11 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-06-18 11:59 - 2020-01-07 04:29 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-06-18 11:59 - 2020-01-07 04:28 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2020-06-18 11:59 - 2020-01-07 04:23 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-06-18 11:59 - 2020-01-07 04:23 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-06-18 11:59 - 2020-01-07 04:22 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2020-06-18 11:59 - 2019-10-02 11:09 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2020-06-18 11:59 - 2019-10-02 10:11 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prntvpt.dll
2020-06-18 11:59 - 2019-10-02 06:05 - 000092472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2020-06-18 11:59 - 2019-10-02 05:50 - 000536832 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2020-06-18 11:59 - 2019-10-02 05:35 - 000465832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2020-06-18 11:59 - 2019-09-13 11:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2020-06-18 11:59 - 2019-09-13 05:21 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2020-06-18 11:59 - 2019-09-04 06:14 - 000594032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-06-18 11:59 - 2019-09-04 05:45 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2020-06-18 11:59 - 2019-09-04 05:45 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
2020-06-18 11:58 - 2020-01-07 10:34 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-06-18 11:58 - 2020-01-07 09:00 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2020-06-18 11:58 - 2020-01-07 04:58 - 000694184 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-06-18 11:58 - 2020-01-07 04:48 - 000538912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-06-18 11:58 - 2019-11-28 05:28 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-18 11:58 - 2019-11-08 08:41 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-06-18 11:58 - 2019-11-08 03:39 - 000227848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2020-06-18 11:58 - 2019-11-08 03:38 - 000605712 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-06-18 11:58 - 2019-10-02 11:07 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-06-18 11:58 - 2019-09-13 05:47 - 000081720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2020-06-18 11:58 - 2019-09-13 05:17 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2020-06-18 11:58 - 2019-08-13 03:51 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
2020-06-18 11:57 - 2020-01-07 10:37 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2020-06-18 11:57 - 2020-01-07 04:59 - 000791352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-06-18 11:57 - 2020-01-07 04:58 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-06-18 11:57 - 2019-11-28 09:53 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-06-18 11:57 - 2019-11-28 09:53 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-06-18 11:57 - 2019-11-08 08:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2020-06-18 11:57 - 2019-10-02 11:47 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-06-18 11:57 - 2019-10-02 09:41 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-06-18 11:57 - 2019-10-02 05:28 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2020-06-18 11:57 - 2019-10-02 05:27 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2020-06-18 11:57 - 2019-09-13 05:20 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2020-06-18 11:57 - 2019-09-04 06:14 - 000420984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2020-06-18 11:56 - 2019-11-28 05:52 - 025857024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-06-18 11:56 - 2019-10-02 11:09 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2020-06-18 11:56 - 2019-10-02 06:01 - 000491208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-06-18 11:56 - 2019-10-02 06:00 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-06-18 11:56 - 2019-10-02 05:49 - 000550512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2020-06-18 11:56 - 2019-10-02 05:25 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-06-18 11:56 - 2019-10-02 05:18 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-06-18 11:56 - 2019-09-13 05:48 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-06-18 11:56 - 2019-09-13 05:20 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2020-06-18 11:56 - 2019-09-13 05:20 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2020-06-18 11:56 - 2019-09-13 05:17 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2020-06-18 11:56 - 2019-09-04 06:13 - 000129040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2020-06-18 11:55 - 2020-01-07 05:00 - 000568312 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-06-18 11:55 - 2020-01-07 04:24 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-06-18 11:55 - 2019-11-28 05:40 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-06-18 11:55 - 2019-11-08 08:42 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-06-18 11:55 - 2019-10-02 11:45 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-06-18 11:55 - 2019-10-02 05:23 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-06-18 11:55 - 2019-10-02 05:22 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-06-18 11:55 - 2019-10-02 05:17 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys
2020-06-18 11:55 - 2019-09-13 05:17 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2020-06-18 11:55 - 2019-09-13 05:14 - 001809408 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-06-18 11:55 - 2019-09-13 05:12 - 001634304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-06-18 11:55 - 2019-09-04 05:43 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2020-06-18 11:55 - 2019-08-13 05:11 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-06-18 11:54 - 2020-01-07 10:33 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2020-06-18 11:54 - 2020-01-07 04:47 - 000222736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2020-06-18 11:54 - 2020-01-07 03:02 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2020-06-18 11:54 - 2019-11-28 11:52 - 000094216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-06-18 11:54 - 2019-11-28 06:09 - 000636848 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2020-06-18 11:54 - 2019-11-08 08:40 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-18 11:54 - 2019-11-08 08:38 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2020-06-18 11:54 - 2019-11-08 06:57 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-06-18 11:54 - 2019-11-08 06:55 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-18 11:54 - 2019-11-08 03:13 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2020-06-18 11:54 - 2019-11-08 03:12 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2020-06-18 11:54 - 2019-11-08 03:11 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-06-18 11:54 - 2019-11-08 03:10 - 001827328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-06-18 11:54 - 2019-11-08 03:10 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-06-18 11:54 - 2019-11-08 03:09 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2020-06-18 11:54 - 2019-10-02 11:48 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2020-06-18 11:54 - 2019-10-02 09:25 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2020-06-18 11:54 - 2019-10-02 06:19 - 000374584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-06-18 11:54 - 2019-10-02 06:01 - 002468048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2020-06-18 11:54 - 2019-10-02 05:48 - 001990056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2020-06-18 11:54 - 2019-10-02 05:48 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2020-06-18 11:54 - 2019-09-13 11:40 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2020-06-18 11:54 - 2019-09-13 05:16 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2020-06-18 11:54 - 2019-09-13 05:14 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2020-06-18 11:54 - 2019-09-04 10:39 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-06-18 11:54 - 2019-08-13 05:16 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2020-06-18 11:53 - 2020-01-07 10:32 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-18 11:53 - 2020-01-07 08:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-18 11:53 - 2019-11-28 06:09 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-18 11:53 - 2019-11-28 05:48 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-18 11:53 - 2019-11-08 08:46 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-06-18 11:53 - 2019-11-08 08:43 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-18 11:53 - 2019-11-08 08:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2020-06-18 11:53 - 2019-11-08 06:58 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2020-06-18 11:53 - 2019-11-08 03:38 - 000466744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-06-18 11:53 - 2019-11-08 03:12 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2020-06-18 11:53 - 2019-10-02 11:46 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2020-06-18 11:53 - 2019-10-02 11:29 - 001517480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-18 11:53 - 2019-10-02 10:24 - 001320640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-18 11:53 - 2019-10-02 05:40 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-06-18 11:53 - 2019-10-02 05:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2020-06-18 11:53 - 2019-10-02 05:19 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2020-06-18 11:53 - 2019-10-02 05:18 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2020-06-18 11:53 - 2019-09-13 05:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-06-18 11:53 - 2019-08-13 03:49 - 000806328 _____ C:\WINDOWS\SysWOW64\locale.nls
2020-06-18 11:53 - 2019-08-13 03:49 - 000806328 _____ C:\WINDOWS\system32\locale.nls
2020-06-18 11:52 - 2020-01-07 05:00 - 001224504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-06-18 11:52 - 2020-01-07 05:00 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-06-18 11:52 - 2019-10-02 06:01 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2020-06-18 11:52 - 2019-10-02 06:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2020-06-18 11:52 - 2019-10-02 05:48 - 000103736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2020-06-18 11:52 - 2019-10-02 05:19 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2020-06-18 11:52 - 2019-10-02 05:18 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2020-06-18 11:52 - 2019-10-02 05:13 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-06-18 11:52 - 2019-09-13 05:15 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2020-06-18 11:52 - 2019-09-13 05:15 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2020-06-18 11:52 - 2019-09-13 05:12 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2020-06-18 11:52 - 2019-09-13 05:11 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2020-06-18 11:52 - 2019-09-04 05:40 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2020-06-18 11:52 - 2019-09-04 05:39 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2020-06-18 11:51 - 2020-01-07 04:30 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-06-18 11:51 - 2020-01-07 04:23 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-06-18 11:51 - 2019-11-28 06:10 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2020-06-18 11:51 - 2019-11-28 05:49 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2020-06-18 11:51 - 2019-11-08 09:20 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-06-18 11:51 - 2019-11-08 09:20 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-06-18 11:51 - 2019-11-08 09:20 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-06-18 11:51 - 2019-11-08 03:13 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2020-06-18 11:51 - 2019-10-02 11:46 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-06-18 11:51 - 2019-10-02 11:45 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-06-18 11:51 - 2019-10-02 11:45 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-06-18 11:51 - 2019-10-02 11:45 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-06-18 11:51 - 2019-10-02 11:34 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-06-18 11:51 - 2019-10-02 11:07 - 001262592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-06-18 11:51 - 2019-10-02 06:01 - 000514576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-06-18 11:51 - 2019-10-02 06:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-06-18 11:51 - 2019-10-02 05:28 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2020-06-18 11:51 - 2019-10-02 05:28 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2020-06-18 11:51 - 2019-10-02 05:26 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2020-06-18 11:51 - 2019-10-02 05:26 - 000468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-06-18 11:51 - 2019-10-02 05:24 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2020-06-18 11:51 - 2019-10-02 05:24 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2020-06-18 11:51 - 2019-10-02 05:24 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-06-18 11:51 - 2019-10-02 05:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2020-06-18 11:51 - 2019-09-13 11:56 - 000341392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2020-06-18 11:51 - 2019-09-13 11:44 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2020-06-18 11:51 - 2019-09-13 11:44 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2020-06-18 11:51 - 2019-09-13 05:21 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2020-06-18 11:51 - 2019-09-13 05:13 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2020-06-18 11:51 - 2019-09-10 08:17 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-06-18 11:51 - 2019-09-04 05:39 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-06-18 11:51 - 2019-09-04 05:39 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2020-06-18 11:51 - 2019-09-04 05:39 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2020-06-18 11:51 - 2019-09-04 05:38 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2020-06-18 11:51 - 2019-09-04 05:38 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2020-06-18 11:51 - 2019-08-13 15:42 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-06-18 11:51 - 2019-08-13 15:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-06-18 11:50 - 2020-01-07 10:34 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-06-18 11:50 - 2020-01-07 09:01 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-06-18 11:50 - 2020-01-07 04:28 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-06-18 11:50 - 2020-01-07 04:27 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-06-18 11:50 - 2019-11-28 11:47 - 000490336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-06-18 11:50 - 2019-11-08 03:39 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-06-18 11:50 - 2019-11-08 03:13 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2020-06-18 11:50 - 2019-10-02 11:50 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-06-18 11:50 - 2019-10-02 11:45 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2020-06-18 11:50 - 2019-10-02 05:50 - 000148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2020-06-18 11:50 - 2019-10-02 05:49 - 000088016 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2020-06-18 11:50 - 2019-10-02 05:34 - 000129360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2020-06-18 11:50 - 2019-10-02 05:17 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2020-06-18 11:50 - 2019-10-02 05:16 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
2020-06-18 11:50 - 2019-10-02 05:15 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2020-06-18 11:50 - 2019-09-13 05:21 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2020-06-18 11:50 - 2019-09-04 06:14 - 000361752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-06-18 11:50 - 2019-08-13 10:49 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2020-06-18 11:49 - 2020-01-07 04:59 - 001798664 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-06-18 11:49 - 2020-01-07 04:29 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2020-06-18 11:49 - 2020-01-07 04:28 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2020-06-18 11:49 - 2020-01-07 04:28 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-06-18 11:49 - 2019-11-28 11:47 - 000790928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-06-18 11:49 - 2019-11-28 11:47 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2020-06-18 11:49 - 2019-11-28 11:26 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2020-06-18 11:49 - 2019-11-28 10:07 - 000662840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-06-18 11:49 - 2019-11-28 10:06 - 000322360 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2020-06-18 11:49 - 2019-11-28 06:09 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2020-06-18 11:49 - 2019-11-28 05:48 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2020-06-18 11:49 - 2019-11-08 03:39 - 000727584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-06-18 11:49 - 2019-11-08 03:39 - 000435728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-06-18 11:49 - 2019-11-08 03:31 - 000379432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-06-18 11:49 - 2019-11-08 03:12 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-06-18 11:49 - 2019-11-08 03:10 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-06-18 11:49 - 2019-11-08 03:09 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-06-18 11:49 - 2019-10-02 06:02 - 000210448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2020-06-18 11:49 - 2019-10-02 06:02 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2020-06-18 11:49 - 2019-10-02 06:00 - 000039032 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2020-06-18 11:49 - 2019-10-02 05:50 - 000095224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2020-06-18 11:49 - 2019-10-02 05:48 - 000430304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2020-06-18 11:49 - 2019-10-02 05:48 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2020-06-18 11:49 - 2019-10-02 05:34 - 000081040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2020-06-18 11:49 - 2019-10-02 05:32 - 000412696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2020-06-18 11:49 - 2019-10-02 05:28 - 002929152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2020-06-18 11:49 - 2019-10-02 05:25 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2020-06-18 11:49 - 2019-10-02 05:16 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-06-18 11:49 - 2019-10-02 05:14 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-06-18 11:49 - 2019-09-13 05:49 - 000274792 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-06-18 11:49 - 2019-09-13 05:48 - 000710240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2020-06-18 11:49 - 2019-09-13 05:13 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-06-18 11:49 - 2019-09-13 05:11 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-06-18 11:49 - 2019-09-04 06:13 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-06-18 11:49 - 2019-09-04 06:02 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-06-18 11:49 - 2019-09-04 05:41 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2020-06-18 11:49 - 2019-09-04 05:40 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2020-06-18 11:49 - 2019-09-04 05:38 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2020-06-18 11:49 - 2019-08-13 05:13 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-06-18 11:49 - 2019-08-13 05:13 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2020-06-18 11:48 - 2019-11-28 05:41 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-06-18 11:48 - 2019-11-28 05:40 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-06-18 11:48 - 2019-11-28 05:39 - 000929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-06-18 11:48 - 2019-11-28 05:36 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2020-06-18 11:48 - 2019-11-28 05:35 - 001418752 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2020-06-18 11:48 - 2019-10-02 12:14 - 000349216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-06-18 11:48 - 2019-10-02 12:08 - 001047568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2020-06-18 11:48 - 2019-10-02 11:27 - 000117240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2020-06-18 11:48 - 2019-10-02 11:06 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2020-06-18 11:48 - 2019-10-02 10:23 - 000106560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2020-06-18 11:48 - 2019-10-02 10:07 - 000486400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2020-06-18 11:48 - 2019-10-02 09:53 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2020-06-18 11:48 - 2019-10-02 05:49 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2020-06-18 11:48 - 2019-10-02 05:47 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2020-06-18 11:48 - 2019-10-02 05:18 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2020-06-18 11:48 - 2019-10-02 05:09 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-06-18 11:48 - 2019-09-13 12:03 - 000586680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2020-06-18 11:48 - 2019-09-13 11:41 - 001644032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-06-18 11:48 - 2019-09-13 11:41 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2020-06-18 11:48 - 2019-09-13 11:40 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2020-06-18 11:48 - 2019-09-13 10:18 - 000470512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2020-06-18 11:48 - 2019-09-13 10:01 - 001300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-06-18 11:48 - 2019-09-13 10:01 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2020-06-18 11:48 - 2019-09-13 05:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-06-18 11:48 - 2019-09-13 05:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-06-18 11:48 - 2019-09-13 05:17 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2020-06-18 11:48 - 2019-09-13 05:16 - 000910336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2020-06-18 11:48 - 2019-09-13 05:15 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-06-18 11:48 - 2019-09-13 05:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-06-18 11:48 - 2019-09-13 05:14 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2020-06-18 11:48 - 2019-09-13 05:14 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-06-18 11:48 - 2019-09-13 05:12 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-06-18 11:48 - 2019-08-13 19:06 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe
2020-06-18 11:48 - 2019-08-13 16:04 - 001585304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2020-06-18 11:48 - 2019-08-13 10:49 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
2020-06-18 11:48 - 2019-08-13 05:44 - 001793472 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2020-06-18 11:47 - 2020-01-07 10:54 - 001639864 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-06-18 11:47 - 2020-01-07 09:15 - 001628496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-06-18 11:47 - 2020-01-07 05:00 - 000076328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-06-18 11:47 - 2020-01-07 04:59 - 001964176 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-06-18 11:47 - 2020-01-07 04:48 - 001659944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-06-18 11:47 - 2020-01-07 04:25 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-06-18 11:47 - 2020-01-07 04:24 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-06-18 11:47 - 2020-01-07 04:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-06-18 11:47 - 2019-11-28 06:11 - 000498072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-06-18 11:47 - 2019-11-28 05:51 - 000424208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-06-18 11:47 - 2019-11-28 05:39 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-06-18 11:47 - 2019-11-28 05:38 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-06-18 11:47 - 2019-11-28 05:28 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-06-18 11:47 - 2019-10-02 11:05 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2020-06-18 11:47 - 2019-10-02 10:08 - 000472576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2020-06-18 11:47 - 2019-10-02 05:49 - 000769288 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-06-18 11:47 - 2019-10-02 05:34 - 000526512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-06-18 11:47 - 2019-10-02 05:23 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-06-18 11:47 - 2019-10-02 05:23 - 004517376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-06-18 11:47 - 2019-10-02 05:19 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2020-06-18 11:47 - 2019-10-02 05:18 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2020-06-18 11:47 - 2019-10-02 05:14 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2020-06-18 11:47 - 2019-10-02 05:14 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2020-06-18 11:47 - 2019-10-02 05:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2020-06-18 11:47 - 2019-10-02 05:13 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2020-06-18 11:47 - 2019-10-02 05:09 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2020-06-18 11:47 - 2019-09-13 11:40 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-06-18 11:47 - 2019-09-13 10:00 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-06-18 11:47 - 2019-09-13 05:11 - 000979456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2020-06-18 11:47 - 2019-09-04 06:24 - 000705336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2020-06-18 11:47 - 2019-09-04 06:14 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-06-18 11:47 - 2019-09-04 06:13 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2020-06-18 11:47 - 2019-09-04 06:03 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-06-18 11:47 - 2019-09-04 05:42 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-06-18 11:47 - 2019-09-04 05:41 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-06-18 11:46 - 2020-01-07 04:27 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2020-06-18 11:46 - 2019-11-28 11:46 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-06-18 11:46 - 2019-11-28 10:09 - 001453624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-06-18 11:46 - 2019-11-28 06:09 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-06-18 11:46 - 2019-11-28 06:09 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-06-18 11:46 - 2019-11-28 06:09 - 001141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-06-18 11:46 - 2019-11-28 06:09 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-06-18 11:46 - 2019-11-08 03:39 - 000500752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-06-18 11:46 - 2019-11-08 03:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2020-06-18 11:46 - 2019-11-08 03:09 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-06-18 11:46 - 2019-11-08 03:08 - 003203072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2020-06-18 11:46 - 2019-11-08 03:08 - 002603008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2020-06-18 11:46 - 2019-11-01 03:10 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-18 11:46 - 2019-10-02 11:09 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2020-06-18 11:46 - 2019-10-02 10:06 - 002406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2020-06-18 11:46 - 2019-10-02 06:00 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-06-18 11:46 - 2019-10-02 05:59 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2020-06-18 11:46 - 2019-10-02 05:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-06-18 11:46 - 2019-10-02 05:47 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2020-06-18 11:46 - 2019-10-02 05:15 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2020-06-18 11:46 - 2019-09-13 05:58 - 007900880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2020-06-18 11:46 - 2019-09-13 05:56 - 005821448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2020-06-18 11:46 - 2019-09-13 05:15 - 002913792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-06-18 11:46 - 2019-09-10 02:20 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-18 11:46 - 2019-09-10 02:20 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-06-18 11:46 - 2019-09-04 05:41 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2020-06-18 11:46 - 2019-08-13 05:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2020-06-18 11:46 - 2019-08-13 05:12 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2020-06-18 11:46 - 2019-08-13 02:24 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2020-06-18 11:46 - 2019-08-13 01:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2020-06-18 11:45 - 2020-01-07 10:33 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-06-18 11:45 - 2020-01-07 08:59 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-06-18 11:45 - 2020-01-07 04:59 - 002810896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-06-18 11:45 - 2020-01-07 04:58 - 009080848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-18 11:45 - 2020-01-07 04:24 - 002163712 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-06-18 11:45 - 2020-01-07 04:24 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-18 11:45 - 2020-01-07 04:23 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-18 11:45 - 2019-11-28 05:35 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-18 11:45 - 2019-11-28 05:25 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-18 11:45 - 2019-11-08 03:38 - 002711352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-06-18 11:45 - 2019-10-02 06:01 - 001288928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-06-18 11:45 - 2019-10-02 05:59 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-06-18 11:45 - 2019-10-02 05:59 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2020-06-18 11:45 - 2019-10-02 05:48 - 002421776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-06-18 11:45 - 2019-10-02 05:48 - 001922056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2020-06-18 11:45 - 2019-10-02 05:47 - 001380312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-06-18 11:45 - 2019-10-02 05:47 - 001020280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-06-18 11:45 - 2019-10-02 05:47 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2020-06-18 11:45 - 2019-10-02 05:22 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2020-06-18 11:45 - 2019-10-02 05:11 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2020-06-18 11:45 - 2019-09-13 05:47 - 001947168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2020-06-18 11:45 - 2019-09-13 05:35 - 001559272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2020-06-18 11:45 - 2019-09-04 06:04 - 000286616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-06-18 11:44 - 2020-01-07 11:02 - 000403584 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-06-18 11:44 - 2020-01-07 09:15 - 000358128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-06-18 11:44 - 2020-01-07 05:03 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-06-18 11:44 - 2020-01-07 04:30 - 003403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-06-18 11:44 - 2020-01-07 04:27 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-06-18 11:44 - 2020-01-07 04:26 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-06-18 11:44 - 2020-01-07 04:25 - 002179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-06-18 11:44 - 2020-01-07 04:25 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-06-18 11:44 - 2020-01-07 04:24 - 001563648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-06-18 11:44 - 2020-01-07 04:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-06-18 11:44 - 2020-01-07 04:23 - 001058816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-06-18 11:44 - 2020-01-07 04:23 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-06-18 11:44 - 2019-11-28 06:10 - 002571336 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-06-18 11:44 - 2019-11-28 05:49 - 001979960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-06-18 11:44 - 2019-11-08 08:38 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-06-18 11:44 - 2019-11-08 08:38 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-06-18 11:44 - 2019-11-08 06:56 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-06-18 11:44 - 2019-11-08 03:39 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-06-18 11:44 - 2019-11-08 03:39 - 000494904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-18 11:44 - 2019-11-08 03:39 - 000440768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-18 11:44 - 2019-11-08 03:39 - 000209936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-06-18 11:44 - 2019-11-08 03:39 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-06-18 11:44 - 2019-11-08 03:32 - 000435216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-18 11:44 - 2019-11-08 03:32 - 000385272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-18 11:44 - 2019-11-08 03:32 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-06-18 11:44 - 2019-11-08 03:32 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-06-18 11:44 - 2019-11-08 03:31 - 000665432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-06-18 11:44 - 2019-11-08 03:10 - 003091968 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-06-18 11:44 - 2019-10-02 11:50 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-06-18 11:44 - 2019-10-02 11:50 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-06-18 11:44 - 2019-10-02 11:48 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2020-06-18 11:44 - 2019-10-02 11:45 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-06-18 11:44 - 2019-10-02 11:06 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2020-06-18 11:44 - 2019-10-02 10:07 - 000645632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2020-06-18 11:44 - 2019-10-02 09:42 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-06-18 11:44 - 2019-10-02 05:20 - 001647616 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-06-18 11:44 - 2019-09-13 11:57 - 001375456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-06-18 11:44 - 2019-09-13 11:40 - 000806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2020-06-18 11:44 - 2019-09-13 11:40 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2020-06-18 11:44 - 2019-09-13 11:39 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2020-06-18 11:44 - 2019-09-13 10:17 - 001026280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-06-18 11:44 - 2019-09-13 05:48 - 003290584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-18 11:44 - 2019-09-13 05:36 - 002478152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-18 11:44 - 2019-09-13 05:15 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-06-18 11:44 - 2019-09-13 05:15 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2020-06-18 11:44 - 2019-09-13 05:13 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-06-18 11:44 - 2019-09-13 05:12 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2020-06-18 11:44 - 2019-09-13 05:11 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-06-18 11:44 - 2019-08-13 19:21 - 000221016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2020-06-18 11:43 - 2020-01-07 04:49 - 001462192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-06-18 11:43 - 2019-10-02 11:28 - 021411976 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-18 11:43 - 2019-10-02 05:16 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2020-06-18 11:43 - 2019-10-02 05:10 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2020-06-18 11:43 - 2019-09-13 05:17 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2020-06-18 11:43 - 2019-09-13 05:13 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2020-06-18 11:43 - 2019-08-13 19:06 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2020-06-18 11:43 - 2019-08-13 15:43 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2020-06-18 11:43 - 2019-08-13 10:46 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2020-06-18 11:43 - 2019-08-13 05:11 - 000737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2020-06-18 11:42 - 2020-01-07 10:54 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-06-18 11:42 - 2020-01-07 10:37 - 008628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-06-18 11:42 - 2020-01-07 09:00 - 007991808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-06-18 11:42 - 2020-01-07 04:59 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-06-18 11:42 - 2020-01-07 04:48 - 006566448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-06-18 11:42 - 2019-11-28 11:27 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-06-18 11:42 - 2019-11-28 05:38 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-06-18 11:42 - 2019-11-28 05:28 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-06-18 11:42 - 2019-11-08 03:17 - 022736384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-06-18 11:42 - 2019-10-02 12:10 - 004527072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-06-18 11:42 - 2019-10-02 05:25 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2020-06-18 11:42 - 2019-10-02 05:23 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2020-06-18 11:42 - 2019-09-13 11:39 - 002085888 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2020-06-18 11:42 - 2019-09-13 09:59 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2020-06-18 11:42 - 2019-09-13 05:48 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-18 11:42 - 2019-09-04 05:44 - 003687424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-18 11:42 - 2019-09-04 05:43 - 004849664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-18 11:42 - 2019-09-04 05:42 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2020-06-18 11:42 - 2019-09-04 05:40 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2020-06-18 11:42 - 2019-09-04 05:40 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2020-06-18 11:42 - 2019-09-04 05:39 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2020-06-18 11:41 - 2020-01-07 04:30 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-06-18 11:41 - 2020-01-07 04:27 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-06-18 11:41 - 2020-01-07 04:26 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-06-18 11:41 - 2020-01-07 04:24 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-06-18 11:41 - 2019-11-28 06:10 - 002161072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-06-18 11:41 - 2019-11-28 05:49 - 001651040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-06-18 11:41 - 2019-10-02 06:02 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-06-18 11:41 - 2019-10-02 05:50 - 006979128 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-06-18 11:41 - 2019-10-02 05:47 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-06-18 11:41 - 2019-10-02 05:33 - 003330880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-06-18 11:41 - 2019-10-02 05:16 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2020-06-18 11:41 - 2019-09-04 05:48 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2020-06-18 11:41 - 2019-09-04 05:45 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2020-06-18 11:41 - 2019-09-04 05:43 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2020-06-18 11:41 - 2019-09-04 05:42 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2020-06-18 11:41 - 2019-08-13 15:45 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2020-06-18 11:41 - 2019-08-13 05:17 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2020-06-18 11:40 - 2020-01-07 08:24 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2020-06-18 11:40 - 2020-01-07 06:27 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2020-06-18 11:40 - 2019-11-28 05:43 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-06-18 11:40 - 2019-11-28 05:34 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2020-06-18 11:40 - 2019-11-08 03:31 - 006053808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-06-18 11:40 - 2019-10-02 12:08 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2020-06-18 11:40 - 2019-10-02 11:13 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-06-18 11:40 - 2019-10-02 10:11 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-06-18 11:40 - 2019-10-02 09:52 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2020-06-18 11:40 - 2019-09-10 08:16 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-06-18 11:40 - 2019-09-04 06:14 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-06-18 11:40 - 2019-09-04 06:02 - 001805872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2020-06-18 11:40 - 2019-09-04 05:46 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2020-06-18 11:40 - 2019-09-04 05:44 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2020-06-18 11:40 - 2019-09-04 05:43 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2020-06-18 11:40 - 2019-09-04 05:43 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2020-06-18 11:40 - 2019-09-04 05:42 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2020-06-18 11:40 - 2019-09-04 05:41 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2020-06-18 11:40 - 2019-09-04 05:41 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2020-06-18 11:40 - 2019-09-04 05:39 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2020-06-18 11:39 - 2019-11-28 05:28 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-06-18 11:39 - 2019-11-08 08:43 - 012835328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-18 11:39 - 2019-11-08 07:00 - 012036096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-18 11:39 - 2019-11-08 03:40 - 005627280 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-06-18 11:39 - 2019-11-08 03:38 - 007447904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-06-18 11:39 - 2019-11-08 03:15 - 019386368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-18 11:39 - 2019-10-02 11:53 - 004852736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-06-18 11:39 - 2019-10-02 11:47 - 000957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-06-18 11:39 - 2019-10-02 11:34 - 004098912 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-06-18 11:39 - 2019-10-02 11:13 - 006594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-18 11:39 - 2019-10-02 11:12 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-06-18 11:39 - 2019-10-02 10:22 - 003751824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-06-18 11:39 - 2019-10-02 10:16 - 005662720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-18 11:39 - 2019-10-02 09:41 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-06-18 11:39 - 2019-10-02 06:21 - 002417744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2020-06-18 11:39 - 2019-10-02 06:20 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2020-06-18 11:39 - 2019-10-02 05:58 - 000795360 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-06-18 11:39 - 2019-10-02 05:49 - 001662480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2020-06-18 11:39 - 2019-10-02 05:33 - 001254712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2020-06-18 11:39 - 2019-10-02 05:27 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2020-06-18 11:39 - 2019-10-02 05:26 - 016598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-06-18 11:39 - 2019-10-02 05:21 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-06-18 11:39 - 2019-09-13 05:58 - 001613096 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2020-06-18 11:39 - 2019-09-13 05:56 - 001299472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2020-06-18 11:39 - 2019-08-13 19:21 - 000665400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2020-06-18 11:39 - 2019-08-13 11:09 - 000771384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2020-06-18 11:39 - 2019-08-13 11:09 - 000571688 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-06-18 11:39 - 2019-08-13 10:51 - 000905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2020-06-18 11:39 - 2019-08-13 10:50 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-06-18 11:38 - 2019-11-08 03:14 - 004383232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-06-18 11:38 - 2019-10-02 10:22 - 020402960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-18 11:38 - 2019-10-02 05:28 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-06-18 11:38 - 2019-10-02 05:16 - 002379264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-06-18 11:33 - 2020-06-18 11:33 - 000000000 ____D C:\Users\sworton\AppData\Local\mbam
2020-06-18 11:32 - 2020-06-18 11:32 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-18 11:32 - 2020-06-18 11:32 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-18 11:32 - 2020-06-18 11:32 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-18 11:32 - 2020-06-18 11:30 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-18 11:32 - 2020-06-18 11:30 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-06-18 11:28 - 2020-06-18 11:28 - 001988280 _____ (Malwarebytes) C:\Users\sworton\Downloads\MBSetup.exe
2020-06-18 11:28 - 2020-06-18 11:28 - 001988280 _____ (Malwarebytes) C:\Users\sworton\Downloads\MBSetup (1).exe
2020-06-18 11:28 - 2020-06-18 11:28 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-18 11:28 - 2020-06-18 11:28 - 000000000 ____D C:\Malwarebytes
2020-06-18 11:04 - 2020-06-18 11:04 - 000000000 ____D C:\681bb84162c83d4f03
2020-06-18 10:35 - 2020-06-18 10:36 - 011070192 _____ (McAfee, LLC) C:\Users\sworton\Downloads\MCPR.exe
2020-06-18 09:37 - 2020-06-18 09:37 - 000000000 ____D C:\Users\sworton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Ads Editor
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-25 19:16 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-25 19:15 - 2019-03-20 06:32 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-25 19:15 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-25 19:14 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2020-06-25 19:09 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-25 19:07 - 2019-03-20 06:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-25 19:07 - 2019-03-20 06:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-25 16:51 - 2019-03-20 06:46 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{99A5A314-FBF3-44F6-814D-483465A3D26C}
2020-06-25 16:33 - 2019-03-20 06:46 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-809454615-2631668767-2191910371-1001
2020-06-25 16:32 - 2019-03-20 06:18 - 000002418 _____ C:\Users\sworton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-25 16:32 - 2015-01-21 00:06 - 000000000 __RDO C:\Users\sworton\OneDrive
2020-06-18 16:08 - 2019-03-19 23:32 - 000000000 ___DC C:\WINDOWS\Panther
2020-06-18 15:04 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-06-18 15:04 - 2017-08-13 02:35 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-06-18 14:27 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-18 13:30 - 2014-09-17 13:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-06-18 13:26 - 2014-09-17 13:28 - 120636720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-06-18 13:25 - 2017-04-12 20:51 - 000000000 ____D C:\Program Files\UNP
2020-06-18 12:58 - 2018-02-01 09:12 - 000000000 ___RD C:\Users\sworton\3D Objects
2020-06-18 12:58 - 2014-09-15 17:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-06-18 12:54 - 2019-03-20 06:10 - 000405312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-18 12:50 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2020-06-18 12:50 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-06-18 12:50 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-06-18 12:49 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-06-18 12:47 - 2018-04-12 00:38 - 000017800 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2020-06-18 11:32 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-06-18 11:30 - 2014-09-15 16:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-18 11:28 - 2018-02-01 01:35 - 000000000 ____D C:\Users\sworton\AppData\Local\Packages
2020-06-18 11:23 - 2014-01-25 16:20 - 000000000 ____D C:\Program Files (x86)\TOSHIBA Games
2020-06-18 11:22 - 2014-01-25 15:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-06-18 11:22 - 2014-01-25 15:53 - 000000000 ____D C:\ProgramData\WildTangent
2020-06-18 11:19 - 2015-09-26 19:00 - 000000000 ____D C:\Users\sworton\AppData\Roaming\Spotify
2020-06-18 11:13 - 2017-04-02 13:48 - 000000000 ____D C:\Users\sworton\AppData\Roaming\Google
2020-06-18 11:11 - 2014-09-15 22:18 - 000000000 ____D C:\Users\sworton\AppData\Roaming\Apple Computer
2020-06-18 11:06 - 2014-09-15 18:34 - 000002162 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-18 10:25 - 2019-03-20 06:18 - 000000000 ____D C:\Users\sworton
2020-06-18 10:25 - 2015-10-18 11:10 - 000000000 ____D C:\Users\sworton\AppData\Local\Apple Inc
2020-06-18 10:05 - 2018-07-24 19:29 - 000000000 ____D C:\Program Files (x86)\Kingo ROOT
2020-06-18 10:01 - 2014-10-13 20:39 - 000000000 ____D C:\Users\sworton\AppData\Roaming\uTorrent
2020-06-18 10:00 - 2018-05-21 08:04 - 000000000 ____D C:\ProgramData\Citrix
2020-06-18 09:54 - 2018-05-21 08:03 - 000000000 ____D C:\Users\sworton\AppData\Local\Citrix
2020-06-18 09:34 - 2019-03-19 22:14 - 000000000 ____D C:\Program Files\CUAssistant
2020-06-18 09:29 - 2019-03-20 06:46 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-06-18 09:29 - 2019-03-20 06:46 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-06-18 09:25 - 2014-09-15 18:33 - 000000000 ____D C:\Program Files (x86)\Google
2020-06-18 09:22 - 2019-03-20 06:46 - 000003684 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-809454615-2631668767-2191910371-1001UA
2020-06-18 09:22 - 2019-03-20 06:46 - 000003416 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-809454615-2631668767-2191910371-1001Core
2020-06-18 09:20 - 2019-05-06 17:37 - 000000000 ____D C:\Users\sworton\AppData\Local\D3DSCache
 
==================== Files in the root of some directories ========
 
2016-02-14 20:15 - 2016-02-14 20:15 - 000000055 _____ () C:\Users\sworton\AppData\Roaming\MouseServer.ini
2018-09-01 00:26 - 2019-08-14 08:56 - 000000155 _____ () C:\Users\sworton\AppData\Roaming\WB.CFG
2015-04-26 23:26 - 2015-04-26 23:26 - 000000000 _____ () C:\Users\sworton\AppData\Local\{90113BD3-9F97-42E0-8275-9EC20952D062}
2015-06-21 13:26 - 2015-06-21 13:26 - 000000000 _____ () C:\Users\sworton\AppData\Local\{C50C774F-C764-4878-951E-460E9A29970A}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2020
Ran by sworton (25-06-2020 19:27:41)
Running from C:\Users\sworton\Desktop
Windows 10 Home Version 1803 17134.1246 (X64) (2019-03-20 05:48:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-809454615-2631668767-2191910371-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-809454615-2631668767-2191910371-503 - Limited - Disabled)
Guest (S-1-5-21-809454615-2631668767-2191910371-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-809454615-2631668767-2191910371-1003 - Limited - Enabled)
sworton (S-1-5-21-809454615-2631668767-2191910371-1001 - Administrator - Enabled) => C:\Users\sworton
WDAGUtilityAccount (S-1-5-21-809454615-2631668767-2191910371-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.303.509 - Alps Electric)
AMD Catalyst Install Manager (HKLM\...\{5D42947B-E961-C0B5-5A70-EA0F753331EB}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Chromium (HKLM-x32\...\{5B2FB3EF-0BAF-626F-BA2F-12EF6AAFC16F}) (Version:  - )
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Evernote (HKLM-x32\...\Evernote) (Version: 1.0.0 - Evernote Launcher by Toshiba Europe GmbH)
Google Ads Editor (HKLM-x32\...\{1DED8B00-79E5-11EA-9C71-DC4A3E998CF6}) (Version: 13.3.1.0 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\OneDriveSetup.exe) (Version: 20.084.0426.0007 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
MouseServer version 1.7.1 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.7.1 - Necta Co.)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1609.76 - Trusteer) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
TOSHIBA Addendum (HKLM-x32\...\{C1569944-FAD6-4B3B-85E5-C213C2FF8EFC}) (Version: 1.00 - TOSHIBA)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.346 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.00.6403 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.76 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
 
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2018-06-28] (Amazon.com)
Doodle God™ Free for Toshiba -> C:\Program Files\WindowsApps\7E440FBB.DoodleGodFreeforToshiba_2.0.0.48_x64__pvm5kvqj2rwym [2013-11-24] (JoyBits-Ltd.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.24.8919.0_x86__q4d96b2w5wcc2 [2020-06-25] (Evernote)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-19] (HP Inc.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-22] (AMZN Mobile LLC)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-05] (Microsoft Corporation) [MS Ad]
McAfee® Central for Toshiba -> C:\Program Files\WindowsApps\McAfeeInc.04.McAfeeSecurityAdvisorforToshiba_5.0.170.1_x64__m0mgz90br52t0 [2018-04-03] (McAfee_Incorporated)
Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.4.33.0_x64__679ekb9hp1h62 [2019-03-02] (sMedio)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-02] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-14] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-16] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-12] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-06-18] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-06-25] (Microsoft Corporation) [MS Ad]
My Toshiba -> C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_3.2.49.0_x64__3s2an63h56yee [2016-02-08] (Ennova Research)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-07-19] (Netflix, Inc.)
Parcelgenie for Toshiba -> C:\Program Files\WindowsApps\ParcelPokeLimited.ParcelgenieforToshiba_2.1.1.25_neutral__8xyyyq1qzh8hy [2014-09-17] (Parcel Poke Limited)
Sage 50 Accounts Pulse for Toshiba -> C:\Program Files\WindowsApps\FA176213.Sage50AccountsPulseforToshiba_1.2.0.128_x64__z9k4tam8pb7vw [2014-09-15] (Sage (UK) Ltd)
Skitch Touch -> C:\Program Files\WindowsApps\Evernote.Skitch_2.4.2000.1918_neutral__q4d96b2w5wcc2 [2014-09-17] (Evernote)
Skyscanner -> C:\Program Files\WindowsApps\Skyscanner.Skyscanner_1.4.2.0_neutral__623c9he0pwcym [2014-09-17] (Skyscanner)
The Telegraph -> C:\Program Files\WindowsApps\TelegraphMediaGroupLtd.TheTelegraph_2.0.1.134_x64__8zqgb9yvnry22 [2013-11-24] (Telegraph Media Group Ltd)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-16] (Twitter Inc.)
Vimeo for Toshiba (UK) -> C:\Program Files\WindowsApps\DEA48DA5.VimeoforToshibaUK_1.4.0.0_neutral__20zyggj7fjyag [2013-11-24] (Vimeo, LLC  .)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-04-26] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-18] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\sworton\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2020-06-18 09:51 - 000002105 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
Network Binding:
=============
WiFi: AppEx Networks Accelerator -> appex_acc (enabled) 
Ethernet: AppEx Networks Accelerator -> appex_acc (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "TCrdMain"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{E8D547E7-A3E1-4CF3-AE7E-49A8FE18AD65}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{0366120C-CE02-4697-B799-7B3B13F404D1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{135617A1-4FD0-45D9-9461-1EDF6C9700DB}] => (Allow) C:\WINDOWS\system32\config\systemprofile\AppData\Local\Chromium\Application\chrome.exe => No File
FirewallRules: [{E860DF75-880E-49B0-8413-66F2B4C629CD}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{110EBF6F-EA1F-4217-8232-8D4EB81AC3BD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{3AE946B0-2360-4429-81C8-3AEB4EE2760C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{8475EB15-45FA-4ED0-B9F8-5AC5C0131D6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F1786561-0306-4A9B-A3C2-D96D563C3E49}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{D994D0B8-706F-405E-B648-52216055DCE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{289A4F76-0FD9-4727-A5EA-8E3BBD25629E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{3B611E62-FAD6-4CDB-89A3-FA9BC8B3165A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{F66E6971-54AD-45A3-90BA-35756AF83C2B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{040BCEED-7D91-426C-B600-4D39548E85C7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{E743C8F7-6FBD-4D0F-8E32-6136CB3BBC2A}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{E1543919-C633-453D-BA60-844BB45B6854}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{DAD7730B-16B0-4642-8DF2-482423E6F362}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [TCP Query User{B52FCBCB-D94F-4F3B-BA30-870FC23D3999}C:\users\sworton\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sworton\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0AE8AA3E-A175-44AA-A39F-B7052D8E3839}C:\users\sworton\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sworton\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{54ED3B61-2E4D-4BC3-940E-EBEC8003E2E0}C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe] => (Block) C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe => No File
FirewallRules: [UDP Query User{A82ED1F1-E1F1-4284-9B73-4EA0855E26DC}C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe] => (Block) C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe => No File
FirewallRules: [TCP Query User{69818AB6-26FD-49BF-8CB6-D99AED5921FD}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{9C9D787C-3B24-485E-81CE-108F04CAEE85}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2E942837-69BF-4A9D-AFC4-FFAB5D6DE518}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
14-08-2019 09:33:59 Windows Update
04-09-2019 08:56:33 Windows Update
18-06-2020 09:27:34 Windows Update
25-06-2020 19:14:19 Windows Update
 
==================== Faulty Device Manager Devices ============
 
Name: TSSTcorp CDDVDW SU-208FB
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/25/2020 07:14:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/25/2020 07:14:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.27, time stamp: 0x52278080
Faulting module name: ntdll.dll, version: 10.0.17134.799, time stamp: 0x7f828745
Exception code: 0xc0000374
Fault offset: 0x00000000000f479b
Faulting process ID: 0x22f8
Faulting application start time: 0x01d64b1c7412b79f
Faulting application path: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 28dbec83-eac7-48fd-a3fc-d1de15ee8f28
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/25/2020 07:11:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\sworton\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/25/2020 07:09:16 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (06/25/2020 07:09:16 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (06/25/2020 07:09:16 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (06/25/2020 07:09:15 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (06/25/2020 07:08:05 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Trusteer\Rapport\bin\trf.dll".Error in manifest or policy file "C:\Program Files (x86)\Trusteer\Rapport\bin\Trusteer.PrivateCRT.MANIFEST" on line 0.
Invalid Xml syntax.
 
 
System errors:
=============
Error: (06/25/2020 07:16:23 PM) (Source: DCOM) (EventID: 10010) (User: SOPH-PC)
Description: The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.
 
Error: (06/25/2020 07:14:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/25/2020 07:13:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/25/2020 07:12:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/25/2020 07:12:38 PM) (Source: DCOM) (EventID: 10016) (User: SOPH-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Soph-pc\sworton SID (S-1-5-21-809454615-2631668767-2191910371-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/25/2020 07:11:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (06/25/2020 07:08:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/25/2020 07:08:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2020-06-18 11:38:24.576
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:33:23.732
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:28:23.754
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:23:23.730
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:20:44.013
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:20:43.996
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:20:43.978
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:20:43.960
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Insyde Corp. 1.20 08/30/2013
Motherboard: AMD PT10AN
Processor: AMD A4-5000 APU with Radeon™ HD Graphics 
Percentage of memory in use: 59%
Total physical RAM: 3523.07 MB
Available physical RAM: 1416.25 MB
Total Virtual: 7107.07 MB
Available Virtual: 4701.43 MB
 
==================== Drives ================================
 
Drive c: (TI31254100A) (Fixed) (Total:919.64 GB) (Free:789.38 GB) NTFS
 
\\?\Volume{01773966-6472-11e3-aab2-ff588c914329}\ (System) (Fixed) (Total:1 GB) (Free:0.62 GB) NTFS
\\?\Volume{74f8e88f-38f6-42df-927c-a5e6362b427a}\ () (Fixed) (Total:0.86 GB) (Free:0.31 GB) NTFS
\\?\Volume{7abb33a6-85d5-11e3-8d59-2025642be837}\ (Recovery) (Fixed) (Total:9.79 GB) (Free:0.98 GB) NTFS
\\?\Volume{0177396e-6472-11e3-aab2-ff588c914329}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Hello peter plus and welcome to GeeksToGo.

 

I'm looking at your logs now and will reply shortly.

 

Satchfan


  • 0

#3
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

There is no actual sign of infection but we need to look further and deal with a couple of issues.

There are remnants of McAfee on the computer.

Run McAfee Removal Tool

===================================================

 Turn on Windows Security Real-Time Protection

  • click on Start, > Settings,  > Update & Security > Windows Security > Virus & threat protection
  • do one of the following:

In the current version of Windows 10: under 'Virus & threat protection' settings, select Manage settings and then switch the Real-time protection setting to On

In a previous version of Windows 10: select 'Virus & threat protection' settings, and then switch the Real-time protection setting to On.

===================================================

Note: Please complete these tasks in the order given in the instructions.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {0513DFE3-4711-476C-89BA-5A4BEA3552E8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0CA46D15-3C30-4541-B56D-99E57180FFE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {338659AF-3D22-427A-A3AE-7F84B5F2050E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3FA264C8-86D1-4101-88A0-4FD89F2E5739} - \WPD\SqmUpload_S-1-5-21-809454615-2631668767-2191910371-1001 -> No File <==== ATTENTION
Task: {56483286-D005-43E7-86B2-7226598D21E1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
Task: {5D689AAC-C438-4296-998F-B8AE6450E664} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6FEB9B68-D8BE-44A9-AA8C-D00EE0BC24BE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {960F3A6C-88C2-4CA9-8060-886BAED09A6A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ACDAC615-4439-419D-97EC-F75728FC06C9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AF2DE1F3-FC1B-4D45-ABE6-4D06416228FB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BE629869-F646-4110-BCA4-BA4CD95E018E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CBE43BA4-2D39-4307-B81C-2352FB56F757} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D0C6704F-1B13-4227-B403-01DD6BAD7D46} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D8F9FFE1-3FA1-49D7-ADFA-55E6D9C01BFB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
S3 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X] <==== ATTENTION
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
2020-06-18 11:04 - 2020-06-18 11:04 - 000000000 ____D C:\681bb84162c83d4f03
2020-06-18 10:35 - 2020-06-18 10:36 - 011070192 _____ (McAfee, LLC) C:\Users\sworton\Downloads\MCPR.exe
2020-06-18 10:01 - 2014-10-13 20:39 - 000000000 ____D C:\Users\sworton\AppData\Roaming\uTorrent
2016-02-14 20:15 - 2016-02-14 20:15 - 000000055 _____ () C:\Users\sworton\AppData\Roaming\MouseServer.ini
2018-09-01 00:26 - 2019-08-14 08:56 - 000000155 _____ () C:\Users\sworton\AppData\Roaming\WB.CFG
2015-04-26 23:26 - 2015-04-26 23:26 - 000000000 _____ () C:\Users\sworton\AppData\Local\{90113BD3-9F97-42E0-8275-9EC20952D062}
2015-06-21 13:26 - 2015-06-21 13:26 - 000000000 _____ () C:\Users\sworton\AppData\Local\{C50C774F-C764-4878-951E-460E9A29970A}
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
HKLM\...\StartupApproved\Run: => "TCrdMain"
FirewallRules: [{135617A1-4FD0-45D9-9461-1EDF6C9700DB}] => (Allow) C:\WINDOWS\system32\config\systemprofile\AppData\Local\Chromium\Application\chrome.exe => No File
FirewallRules: [{110EBF6F-EA1F-4217-8232-8D4EB81AC3BD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{3AE946B0-2360-4429-81C8-3AEB4EE2760C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{8475EB15-45FA-4ED0-B9F8-5AC5C0131D6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F1786561-0306-4A9B-A3C2-D96D563C3E49}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{D994D0B8-706F-405E-B648-52216055DCE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{289A4F76-0FD9-4727-A5EA-8E3BBD25629E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{3B611E62-FAD6-4CDB-89A3-FA9BC8B3165A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{F66E6971-54AD-45A3-90BA-35756AF83C2B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{040BCEED-7D91-426C-B600-4D39548E85C7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{E743C8F7-6FBD-4D0F-8E32-6136CB3BBC2A}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{E1543919-C633-453D-BA60-844BB45B6854}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{DAD7730B-16B0-4642-8DF2-482423E6F362}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [TCP Query User{54ED3B61-2E4D-4BC3-940E-EBEC8003E2E0}C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe] => (Block) C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe => No File
FirewallRules: [UDP Query User{A82ED1F1-E1F1-4284-9B73-4EA0855E26DC}C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe] => (Block) C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe => No File
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Uninstall programmes

Press the Windows Key + R at the same time, then type appwiz.cpl then Enter.

Uninstall the following programme:


Google Update Helper

 

===================================================

Please run FRST again and make sure there is a checkmark next to ‘Addition.txt’ before you hit Scan.

Logs to include with next post:

Fixlog.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


  • 0

#4
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

Ran McAfee Removal.

 

Problem turning on Rel Time Protaction.

Got this screen

 

Virus Screen.jpg


  • 0

#5
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Change Malwarebytes Settings

  • open Malwarebytes
  • when the programme opens, on the right, click on Settings and then Security
  • under ‘Windows Security Center’, disable ‘Always register MalwareBytes in the Windows Security Center’

Please supply the logs I asked for.

 

Thanks

 

Satchfan

 

 


  • 0

#6
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

It's a Premium version feature.

 

Should i activate trial?

 

malwareB.jpg


  • 0

#7
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

No, that shoukd work with the Premium version.

 

If not, open Malwarebytes

  • when the programme opens, on the right, disable ‘Malware protection’
  • reboot

If Windows Defender doesn't start on its own after a couple of minutes, try enabling it yourself.

 


  • 0

#8
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

I'm using Free version

 

Malware Protection is greyed out as an option

 

MB2.jpg

 

 


  • 0

#9
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

It's probably not caused by Malwarebytes on this occassion.

 

Have you run the FRST 'fix' yet?


  • 0

#10
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-06-2020
Ran by sworton (26-06-2020 15:05:01) Run:1
Running from C:\Users\sworton\Desktop
Loaded Profiles: sworton
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {0513DFE3-4711-476C-89BA-5A4BEA3552E8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0CA46D15-3C30-4541-B56D-99E57180FFE4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {338659AF-3D22-427A-A3AE-7F84B5F2050E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3FA264C8-86D1-4101-88A0-4FD89F2E5739} - \WPD\SqmUpload_S-1-5-21-809454615-2631668767-2191910371-1001 -> No File <==== ATTENTION
Task: {56483286-D005-43E7-86B2-7226598D21E1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
Task: {5D689AAC-C438-4296-998F-B8AE6450E664} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6FEB9B68-D8BE-44A9-AA8C-D00EE0BC24BE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {960F3A6C-88C2-4CA9-8060-886BAED09A6A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ACDAC615-4439-419D-97EC-F75728FC06C9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AF2DE1F3-FC1B-4D45-ABE6-4D06416228FB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BE629869-F646-4110-BCA4-BA4CD95E018E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CBE43BA4-2D39-4307-B81C-2352FB56F757} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D0C6704F-1B13-4227-B403-01DD6BAD7D46} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D8F9FFE1-3FA1-49D7-ADFA-55E6D9C01BFB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
S3 rtop; "c:\program files\bytefence\rtop\bin\rtop_svc.exe" [X] <==== ATTENTION
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
2020-06-18 11:04 - 2020-06-18 11:04 - 000000000 ____D C:\681bb84162c83d4f03
2020-06-18 10:35 - 2020-06-18 10:36 - 011070192 _____ (McAfee, LLC) C:\Users\sworton\Downloads\MCPR.exe
2020-06-18 10:01 - 2014-10-13 20:39 - 000000000 ____D C:\Users\sworton\AppData\Roaming\uTorrent
2016-02-14 20:15 - 2016-02-14 20:15 - 000000055 _____ () C:\Users\sworton\AppData\Roaming\MouseServer.ini
2018-09-01 00:26 - 2019-08-14 08:56 - 000000155 _____ () C:\Users\sworton\AppData\Roaming\WB.CFG
2015-04-26 23:26 - 2015-04-26 23:26 - 000000000 _____ () C:\Users\sworton\AppData\Local\{90113BD3-9F97-42E0-8275-9EC20952D062}
2015-06-21 13:26 - 2015-06-21 13:26 - 000000000 _____ () C:\Users\sworton\AppData\Local\{C50C774F-C764-4878-951E-460E9A29970A}
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
HKLM\...\StartupApproved\Run: => "TCrdMain"
FirewallRules: [{135617A1-4FD0-45D9-9461-1EDF6C9700DB}] => (Allow) C:\WINDOWS\system32\config\systemprofile\AppData\Local\Chromium\Application\chrome.exe => No File
FirewallRules: [{110EBF6F-EA1F-4217-8232-8D4EB81AC3BD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{3AE946B0-2360-4429-81C8-3AEB4EE2760C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{8475EB15-45FA-4ED0-B9F8-5AC5C0131D6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{F1786561-0306-4A9B-A3C2-D96D563C3E49}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{D994D0B8-706F-405E-B648-52216055DCE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{289A4F76-0FD9-4727-A5EA-8E3BBD25629E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{3B611E62-FAD6-4CDB-89A3-FA9BC8B3165A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{F66E6971-54AD-45A3-90BA-35756AF83C2B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{040BCEED-7D91-426C-B600-4D39548E85C7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{E743C8F7-6FBD-4D0F-8E32-6136CB3BBC2A}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{E1543919-C633-453D-BA60-844BB45B6854}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{DAD7730B-16B0-4642-8DF2-482423E6F362}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [TCP Query User{54ED3B61-2E4D-4BC3-940E-EBEC8003E2E0}C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe] => (Block) C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe => No File
FirewallRules: [UDP Query User{A82ED1F1-E1F1-4284-9B73-4EA0855E26DC}C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe] => (Block) C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe => No File
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0513DFE3-4711-476C-89BA-5A4BEA3552E8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0513DFE3-4711-476C-89BA-5A4BEA3552E8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CA46D15-3C30-4541-B56D-99E57180FFE4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CA46D15-3C30-4541-B56D-99E57180FFE4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{338659AF-3D22-427A-A3AE-7F84B5F2050E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{338659AF-3D22-427A-A3AE-7F84B5F2050E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FA264C8-86D1-4101-88A0-4FD89F2E5739}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FA264C8-86D1-4101-88A0-4FD89F2E5739}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-809454615-2631668767-2191910371-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56483286-D005-43E7-86B2-7226598D21E1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56483286-D005-43E7-86B2-7226598D21E1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\BthSQM" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D689AAC-C438-4296-998F-B8AE6450E664}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D689AAC-C438-4296-998F-B8AE6450E664}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FEB9B68-D8BE-44A9-AA8C-D00EE0BC24BE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FEB9B68-D8BE-44A9-AA8C-D00EE0BC24BE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{960F3A6C-88C2-4CA9-8060-886BAED09A6A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{960F3A6C-88C2-4CA9-8060-886BAED09A6A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACDAC615-4439-419D-97EC-F75728FC06C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACDAC615-4439-419D-97EC-F75728FC06C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AF2DE1F3-FC1B-4D45-ABE6-4D06416228FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF2DE1F3-FC1B-4D45-ABE6-4D06416228FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE629869-F646-4110-BCA4-BA4CD95E018E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE629869-F646-4110-BCA4-BA4CD95E018E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBE43BA4-2D39-4307-B81C-2352FB56F757}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBE43BA4-2D39-4307-B81C-2352FB56F757}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0C6704F-1B13-4227-B403-01DD6BAD7D46}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0C6704F-1B13-4227-B403-01DD6BAD7D46}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8F9FFE1-3FA1-49D7-ADFA-55E6D9C01BFB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8F9FFE1-3FA1-49D7-ADFA-55E6D9C01BFB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
HKLM\System\CurrentControlSet\Services\rtop => removed successfully
rtop => service removed successfully
HKLM\System\CurrentControlSet\Services\AmUStor => removed successfully
AmUStor => service removed successfully
C:\681bb84162c83d4f03 => moved successfully
C:\Users\sworton\Downloads\MCPR.exe => moved successfully
C:\Users\sworton\AppData\Roaming\uTorrent => moved successfully
C:\Users\sworton\AppData\Roaming\MouseServer.ini => moved successfully
C:\Users\sworton\AppData\Roaming\WB.CFG => moved successfully
C:\Users\sworton\AppData\Local\{90113BD3-9F97-42E0-8275-9EC20952D062} => moved successfully
C:\Users\sworton\AppData\Local\{C50C774F-C764-4878-951E-460E9A29970A} => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent" => removed successfully
HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4} => removed successfully
HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9} => removed successfully
HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5} => removed successfully
HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => removed successfully
HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully
HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully
HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => removed successfully
HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\TCrdMain" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TCrdMain" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{135617A1-4FD0-45D9-9461-1EDF6C9700DB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{110EBF6F-EA1F-4217-8232-8D4EB81AC3BD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3AE946B0-2360-4429-81C8-3AEB4EE2760C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8475EB15-45FA-4ED0-B9F8-5AC5C0131D6A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F1786561-0306-4A9B-A3C2-D96D563C3E49}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D994D0B8-706F-405E-B648-52216055DCE9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{289A4F76-0FD9-4727-A5EA-8E3BBD25629E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B611E62-FAD6-4CDB-89A3-FA9BC8B3165A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F66E6971-54AD-45A3-90BA-35756AF83C2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{040BCEED-7D91-426C-B600-4D39548E85C7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E743C8F7-6FBD-4D0F-8E32-6136CB3BBC2A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1543919-C633-453D-BA60-844BB45B6854}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DAD7730B-16B0-4642-8DF2-482423E6F362}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{54ED3B61-2E4D-4BC3-940E-EBEC8003E2E0}C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A82ED1F1-E1F1-4284-9B73-4EA0855E26DC}C:\users\sworton\appdata\roaming\sky\sky go\sky go.exe" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78293414 B
Java, Flash, Steam htmlcache => 2753 B
Windows/system/drivers => 107228237 B
Edge => 2029492 B
Chrome => 829024678 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 2644534613 B
systemprofile32 => 2644534613 B
LocalService => 2644550923 B
NetworkService => 2644550923 B
sworton => 2699860476 B
 
RecycleBin => 546418 B
EmptyTemp: => 13.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:07:14 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2020
Ran by sworton (administrator) on SOPH-PC (TOSHIBA SATELLITE C55D-A-14W) (26-06-2020 15:16:44)
Running from C:\Users\sworton\Desktop
Loaded Profiles: sworton
Platform: Windows 10 Home Version 1803 17134.1246 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
() C:\Windows\SoftwareDistribution\Download\Install\AM_Base.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <10>
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MpCmdRun.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\sworton\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(TOSHIBA CORPORATION -> ) C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Toshiba Europe GmbH -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688472 2013-07-24] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\Run: [Google Update] => C:\Users\sworton\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-06-18] (Google LLC -> Google LLC)
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\Run: [Chromium] => "c:\users\sworton\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM\...\Windows x64\Print Processors\hpzpp5k2: C:\Windows\System32\spool\prtprocs\x64\hpzpp5k2.dll [224768 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP B111 Status Monitor: C:\WINDOWS\system32\hpinkstsB111LM.dll [328552 2012-01-11] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\IppMon: C:\WINDOWS\system32\IPPMon.dll [251392 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\PCL hpz3l5k2: C:\WINDOWS\system32\hpz3l5k2.dll [130048 2007-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-25] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4D05EC48-0D2A-4A21-A50B-9AA2F364FCE3} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {55804AD8-0106-4821-B01F-F0C174D3B5A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7A7108D1-26E7-4515-A06E-C240B8DD3C8A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [655464 2013-07-31] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {862FEC28-DC03-4445-8206-92F9E3DFFBF2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [120636720 2020-06-18] (Microsoft Windows -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {894B2297-CA30-4661-9629-10BA16F03CC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {DD68579D-7C0A-4DD5-A6A0-C6CA02EC3428} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-809454615-2631668767-2191910371-1001UA => C:\Users\sworton\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-04-02] (Google Inc -> Google Inc.)
Task: {DDB41C3C-91C2-42B8-BDC5-2F820F4B3033} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-809454615-2631668767-2191910371-1001Core => C:\Users\sworton\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-04-02] (Google Inc -> Google Inc.)
Task: {EEF5480B-7550-4FB1-B151-1D00BE940CDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {F0A50F69-CC86-45FF-AFDF-5A0A842445AB} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [471416 2013-07-18] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{765dbe02-54bc-4ea3-a003-9995c5aa1a43}: [DhcpNameServer] 192.168.160.1
Tcpip\..\Interfaces\{8ca3a220-721b-4b53-8b2f-7b28100c8ecf}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] (Apple Inc. -> )
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-06-26]
CHR Profile: C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-06-26]
CHR DownloadDir: C:\Users\sworton\Desktop
CHR Notifications: Profile 1 -> hxxps://mail.google.com; hxxps://mail.google.com; hxxps://teams.microsoft.com; hxxps://www.facebook.com
CHR Extension: (Slides) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-01]
CHR Extension: (Docs) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-01]
CHR Extension: (Google Drive) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-29]
CHR Extension: (IBM Security Rapport) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2020-06-18]
CHR Extension: (YouTube) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-29]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-06-25]
CHR Extension: (Sheets) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-18]
CHR Extension: (Gmail) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-08]
CHR Extension: (Chrome Media Router) - C:\Users\sworton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-18]
CHR Profile: C:\Users\sworton\AppData\Local\Google\Chrome\User Data\System Profile [2020-06-26]
CHR HKU\S-1-5-21-809454615-2631668767-2191910371-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-30] () [File not signed]
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [264224 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc. -> Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-10-01] (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] (DTS, Inc. -> )
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] (TOSHIBA CORPORATION -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-18] (Malwarebytes Inc -> Malwarebytes)
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-09-04] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH -> Toshiba Europe GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare Technology Co.,Ltd -> Wondershare)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17504 2013-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21653520 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [686080 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (APPEX NETWORKS CORPORATION -> AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-18] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-18] (Malwarebytes Inc -> Malwarebytes)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
S1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-07-30] (IBM -> IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [567336 2016-09-04] (IBM -> IBM Corp.)
S0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [215560 2016-07-11] (IBM -> IBM Corp.)
S0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [470056 2016-07-11] (IBM -> IBM Corp.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548968 2016-09-04] (IBM -> IBM Corp.)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (TOSHIBA CORPORATION -> Toshiba Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-11-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-11-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-10] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-26 15:05 - 2020-06-26 15:07 - 000019472 _____ C:\Users\sworton\Desktop\Fixlog.txt
2020-06-26 08:52 - 2020-06-26 08:52 - 003480040 _____ (McAfee, Inc.) C:\Users\sworton\Desktop\MCPR.exe
2020-06-25 20:48 - 2020-06-25 21:16 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2020-06-25 19:27 - 2020-06-25 19:31 - 000032998 _____ C:\Users\sworton\Desktop\Addition.txt
2020-06-25 19:22 - 2020-06-26 15:21 - 000019054 _____ C:\Users\sworton\Desktop\FRST.txt
2020-06-25 19:21 - 2020-06-26 15:19 - 000000000 ____D C:\FRST
2020-06-25 19:19 - 2020-06-25 19:19 - 002290688 _____ (Farbar) C:\Users\sworton\Desktop\FRST64.exe
2020-06-25 17:03 - 2020-06-25 17:03 - 000000000 ____D C:\Users\sworton\AppData\Roaming\CrystalIdea Software
2020-06-25 17:01 - 2020-06-25 17:01 - 001514640 _____ (SpeedyFox) C:\Users\sworton\Desktop\speedyfox.exe
2020-06-18 15:05 - 2020-06-18 15:05 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-18 14:13 - 2019-03-28 07:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2020-06-18 14:13 - 2019-03-28 07:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2020-06-18 14:13 - 2019-03-28 07:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2020-06-18 14:13 - 2019-03-28 07:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2020-06-18 14:12 - 2019-03-28 10:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2020-06-18 14:12 - 2019-03-28 10:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2020-06-18 14:12 - 2019-03-28 10:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2020-06-18 14:12 - 2019-03-28 10:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2020-06-18 14:12 - 2019-03-28 07:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2020-06-18 14:12 - 2019-03-28 07:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2020-06-18 13:24 - 2020-06-18 13:24 - 000000000 ___HD C:\$WINDOWS.~BT
2020-06-18 12:06 - 2019-09-04 06:15 - 000323904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2020-06-18 12:04 - 2019-09-04 10:42 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2020-06-18 12:02 - 2020-01-07 10:36 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-06-18 12:02 - 2020-01-07 10:35 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2020-06-18 12:02 - 2020-01-07 09:03 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2020-06-18 12:02 - 2019-11-08 08:45 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2020-06-18 12:02 - 2019-11-08 07:03 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2020-06-18 12:02 - 2019-11-08 03:40 - 000060216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2020-06-18 12:02 - 2019-11-08 03:30 - 000785776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-06-18 12:02 - 2019-11-08 03:12 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2020-06-18 12:02 - 2019-10-02 05:14 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-06-18 12:02 - 2019-09-04 10:44 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2020-06-18 12:01 - 2020-01-07 10:35 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2020-06-18 12:01 - 2020-01-07 04:58 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-06-18 12:01 - 2019-11-28 11:30 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-06-18 12:01 - 2019-11-28 09:52 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-06-18 12:01 - 2019-11-08 03:38 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2020-06-18 12:01 - 2019-11-08 03:38 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2020-06-18 12:01 - 2019-10-02 11:11 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\compact.exe
2020-06-18 12:01 - 2019-10-02 10:12 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compact.exe
2020-06-18 12:01 - 2019-10-02 06:04 - 002774120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-06-18 12:01 - 2019-10-02 06:00 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-06-18 12:01 - 2019-10-02 05:51 - 000192312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2020-06-18 12:01 - 2019-10-02 05:48 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-06-18 12:01 - 2019-10-02 05:47 - 002260928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-06-18 12:01 - 2019-10-02 05:14 - 001222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2020-06-18 12:01 - 2019-10-02 05:14 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-06-18 12:01 - 2019-09-13 05:21 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2020-06-18 12:01 - 2019-09-13 05:13 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2020-06-18 12:01 - 2019-09-13 05:11 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2020-06-18 12:01 - 2019-09-04 05:43 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2020-06-18 12:01 - 2019-09-04 05:40 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2020-06-18 12:00 - 2020-01-07 10:34 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-06-18 12:00 - 2019-11-28 11:31 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-06-18 12:00 - 2019-11-28 11:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-06-18 12:00 - 2019-11-28 05:41 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2020-06-18 12:00 - 2019-11-28 05:36 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-18 12:00 - 2019-11-08 03:13 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-06-18 12:00 - 2019-11-08 03:12 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2020-06-18 12:00 - 2019-11-08 03:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2020-06-18 12:00 - 2019-10-02 05:48 - 000402744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2020-06-18 12:00 - 2019-10-02 05:14 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-06-18 12:00 - 2019-10-02 05:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2020-06-18 12:00 - 2019-09-13 05:47 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2020-06-18 12:00 - 2019-09-13 05:47 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2020-06-18 12:00 - 2019-09-13 05:13 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-06-18 12:00 - 2019-08-13 15:44 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2020-06-18 12:00 - 2019-08-13 15:43 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2020-06-18 12:00 - 2019-08-13 05:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2020-06-18 12:00 - 2019-08-13 05:12 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2020-06-18 12:00 - 2019-08-13 05:11 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-06-18 11:59 - 2020-01-07 04:29 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-06-18 11:59 - 2020-01-07 04:28 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2020-06-18 11:59 - 2020-01-07 04:23 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-06-18 11:59 - 2020-01-07 04:23 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-06-18 11:59 - 2020-01-07 04:22 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2020-06-18 11:59 - 2019-10-02 11:09 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2020-06-18 11:59 - 2019-10-02 10:11 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prntvpt.dll
2020-06-18 11:59 - 2019-10-02 06:05 - 000092472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2020-06-18 11:59 - 2019-10-02 05:50 - 000536832 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2020-06-18 11:59 - 2019-10-02 05:35 - 000465832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2020-06-18 11:59 - 2019-09-13 11:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2020-06-18 11:59 - 2019-09-13 05:21 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2020-06-18 11:59 - 2019-09-04 06:14 - 000594032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-06-18 11:59 - 2019-09-04 05:45 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2020-06-18 11:59 - 2019-09-04 05:45 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
2020-06-18 11:58 - 2020-01-07 10:34 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-06-18 11:58 - 2020-01-07 09:00 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2020-06-18 11:58 - 2020-01-07 04:58 - 000694184 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-06-18 11:58 - 2020-01-07 04:48 - 000538912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-06-18 11:58 - 2019-11-28 05:28 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-06-18 11:58 - 2019-11-08 08:41 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-06-18 11:58 - 2019-11-08 03:39 - 000227848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2020-06-18 11:58 - 2019-11-08 03:38 - 000605712 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-06-18 11:58 - 2019-10-02 11:07 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-06-18 11:58 - 2019-09-13 05:47 - 000081720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2020-06-18 11:58 - 2019-09-13 05:17 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2020-06-18 11:58 - 2019-08-13 03:51 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe
2020-06-18 11:57 - 2020-01-07 10:37 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2020-06-18 11:57 - 2020-01-07 04:59 - 000791352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-06-18 11:57 - 2020-01-07 04:58 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-06-18 11:57 - 2019-11-28 09:53 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-06-18 11:57 - 2019-11-28 09:53 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-06-18 11:57 - 2019-11-08 08:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2020-06-18 11:57 - 2019-10-02 11:47 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-06-18 11:57 - 2019-10-02 09:41 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-06-18 11:57 - 2019-10-02 05:28 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2020-06-18 11:57 - 2019-10-02 05:27 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2020-06-18 11:57 - 2019-09-13 05:20 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2020-06-18 11:57 - 2019-09-04 06:14 - 000420984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll
2020-06-18 11:56 - 2019-11-28 05:52 - 025857024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-06-18 11:56 - 2019-10-02 11:09 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2020-06-18 11:56 - 2019-10-02 06:01 - 000491208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-06-18 11:56 - 2019-10-02 06:00 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-06-18 11:56 - 2019-10-02 05:49 - 000550512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2020-06-18 11:56 - 2019-10-02 05:25 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-06-18 11:56 - 2019-10-02 05:18 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-06-18 11:56 - 2019-09-13 05:48 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-06-18 11:56 - 2019-09-13 05:20 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2020-06-18 11:56 - 2019-09-13 05:20 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2020-06-18 11:56 - 2019-09-13 05:17 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2020-06-18 11:56 - 2019-09-04 06:13 - 000129040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2020-06-18 11:55 - 2020-01-07 05:00 - 000568312 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-06-18 11:55 - 2020-01-07 04:24 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-06-18 11:55 - 2019-11-28 05:40 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-06-18 11:55 - 2019-11-08 08:42 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-06-18 11:55 - 2019-10-02 11:45 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-06-18 11:55 - 2019-10-02 05:23 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-06-18 11:55 - 2019-10-02 05:22 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-06-18 11:55 - 2019-10-02 05:17 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys
2020-06-18 11:55 - 2019-09-13 05:17 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2020-06-18 11:55 - 2019-09-13 05:14 - 001809408 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-06-18 11:55 - 2019-09-13 05:12 - 001634304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-06-18 11:55 - 2019-09-04 05:43 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2020-06-18 11:55 - 2019-08-13 05:11 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-06-18 11:54 - 2020-01-07 10:33 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2020-06-18 11:54 - 2020-01-07 04:47 - 000222736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2020-06-18 11:54 - 2020-01-07 03:02 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2020-06-18 11:54 - 2019-11-28 11:52 - 000094216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-06-18 11:54 - 2019-11-28 06:09 - 000636848 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2020-06-18 11:54 - 2019-11-08 08:40 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-18 11:54 - 2019-11-08 08:38 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2020-06-18 11:54 - 2019-11-08 06:57 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-06-18 11:54 - 2019-11-08 06:55 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-18 11:54 - 2019-11-08 03:13 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2020-06-18 11:54 - 2019-11-08 03:12 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2020-06-18 11:54 - 2019-11-08 03:11 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-06-18 11:54 - 2019-11-08 03:10 - 001827328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-06-18 11:54 - 2019-11-08 03:10 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-06-18 11:54 - 2019-11-08 03:09 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2020-06-18 11:54 - 2019-10-02 11:48 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2020-06-18 11:54 - 2019-10-02 09:25 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2020-06-18 11:54 - 2019-10-02 06:19 - 000374584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-06-18 11:54 - 2019-10-02 06:01 - 002468048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2020-06-18 11:54 - 2019-10-02 05:48 - 001990056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2020-06-18 11:54 - 2019-10-02 05:48 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2020-06-18 11:54 - 2019-09-13 11:40 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2020-06-18 11:54 - 2019-09-13 05:16 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2020-06-18 11:54 - 2019-09-13 05:14 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2020-06-18 11:54 - 2019-09-04 10:39 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-06-18 11:54 - 2019-08-13 05:16 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2020-06-18 11:53 - 2020-01-07 10:32 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-18 11:53 - 2020-01-07 08:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-18 11:53 - 2019-11-28 06:09 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-18 11:53 - 2019-11-28 05:48 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-18 11:53 - 2019-11-08 08:46 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-06-18 11:53 - 2019-11-08 08:43 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-18 11:53 - 2019-11-08 08:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2020-06-18 11:53 - 2019-11-08 06:58 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2020-06-18 11:53 - 2019-11-08 03:38 - 000466744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-06-18 11:53 - 2019-11-08 03:12 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2020-06-18 11:53 - 2019-10-02 11:46 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2020-06-18 11:53 - 2019-10-02 11:29 - 001517480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-18 11:53 - 2019-10-02 10:24 - 001320640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-18 11:53 - 2019-10-02 05:40 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-06-18 11:53 - 2019-10-02 05:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2020-06-18 11:53 - 2019-10-02 05:19 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2020-06-18 11:53 - 2019-10-02 05:18 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2020-06-18 11:53 - 2019-09-13 05:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-06-18 11:53 - 2019-08-13 03:49 - 000806328 _____ C:\WINDOWS\SysWOW64\locale.nls
2020-06-18 11:53 - 2019-08-13 03:49 - 000806328 _____ C:\WINDOWS\system32\locale.nls
2020-06-18 11:52 - 2020-01-07 05:00 - 001224504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-06-18 11:52 - 2020-01-07 05:00 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-06-18 11:52 - 2019-10-02 06:01 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2020-06-18 11:52 - 2019-10-02 06:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2020-06-18 11:52 - 2019-10-02 05:48 - 000103736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2020-06-18 11:52 - 2019-10-02 05:19 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2020-06-18 11:52 - 2019-10-02 05:18 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2020-06-18 11:52 - 2019-10-02 05:13 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-06-18 11:52 - 2019-09-13 05:15 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2020-06-18 11:52 - 2019-09-13 05:15 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2020-06-18 11:52 - 2019-09-13 05:12 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2020-06-18 11:52 - 2019-09-13 05:11 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2020-06-18 11:52 - 2019-09-04 05:40 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2020-06-18 11:52 - 2019-09-04 05:39 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2020-06-18 11:51 - 2020-01-07 04:30 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-06-18 11:51 - 2020-01-07 04:23 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-06-18 11:51 - 2019-11-28 06:10 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2020-06-18 11:51 - 2019-11-28 05:49 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2020-06-18 11:51 - 2019-11-08 09:20 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-06-18 11:51 - 2019-11-08 09:20 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-06-18 11:51 - 2019-11-08 09:20 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-06-18 11:51 - 2019-11-08 03:13 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2020-06-18 11:51 - 2019-10-02 11:46 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-06-18 11:51 - 2019-10-02 11:45 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-06-18 11:51 - 2019-10-02 11:45 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-06-18 11:51 - 2019-10-02 11:45 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-06-18 11:51 - 2019-10-02 11:34 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-06-18 11:51 - 2019-10-02 11:07 - 001262592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-06-18 11:51 - 2019-10-02 06:01 - 000514576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-06-18 11:51 - 2019-10-02 06:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-06-18 11:51 - 2019-10-02 05:28 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2020-06-18 11:51 - 2019-10-02 05:28 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2020-06-18 11:51 - 2019-10-02 05:26 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2020-06-18 11:51 - 2019-10-02 05:26 - 000468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-06-18 11:51 - 2019-10-02 05:24 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2020-06-18 11:51 - 2019-10-02 05:24 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2020-06-18 11:51 - 2019-10-02 05:24 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-06-18 11:51 - 2019-10-02 05:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2020-06-18 11:51 - 2019-09-13 11:56 - 000341392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2020-06-18 11:51 - 2019-09-13 11:44 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2020-06-18 11:51 - 2019-09-13 11:44 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2020-06-18 11:51 - 2019-09-13 05:21 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2020-06-18 11:51 - 2019-09-13 05:13 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2020-06-18 11:51 - 2019-09-10 08:17 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-06-18 11:51 - 2019-09-04 05:39 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-06-18 11:51 - 2019-09-04 05:39 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2020-06-18 11:51 - 2019-09-04 05:39 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2020-06-18 11:51 - 2019-09-04 05:38 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2020-06-18 11:51 - 2019-09-04 05:38 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2020-06-18 11:51 - 2019-08-13 15:42 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-06-18 11:51 - 2019-08-13 15:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-06-18 11:50 - 2020-01-07 10:34 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-06-18 11:50 - 2020-01-07 09:01 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-06-18 11:50 - 2020-01-07 04:28 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-06-18 11:50 - 2020-01-07 04:27 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-06-18 11:50 - 2019-11-28 11:47 - 000490336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-06-18 11:50 - 2019-11-08 03:39 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-06-18 11:50 - 2019-11-08 03:13 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2020-06-18 11:50 - 2019-10-02 11:50 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-06-18 11:50 - 2019-10-02 11:45 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2020-06-18 11:50 - 2019-10-02 05:50 - 000148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2020-06-18 11:50 - 2019-10-02 05:49 - 000088016 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2020-06-18 11:50 - 2019-10-02 05:34 - 000129360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2020-06-18 11:50 - 2019-10-02 05:17 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2020-06-18 11:50 - 2019-10-02 05:16 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
2020-06-18 11:50 - 2019-10-02 05:15 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2020-06-18 11:50 - 2019-09-13 05:21 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2020-06-18 11:50 - 2019-09-04 06:14 - 000361752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-06-18 11:50 - 2019-08-13 10:49 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2020-06-18 11:49 - 2020-01-07 04:59 - 001798664 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-06-18 11:49 - 2020-01-07 04:29 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2020-06-18 11:49 - 2020-01-07 04:28 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2020-06-18 11:49 - 2020-01-07 04:28 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-06-18 11:49 - 2019-11-28 11:47 - 000790928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-06-18 11:49 - 2019-11-28 11:47 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2020-06-18 11:49 - 2019-11-28 11:26 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2020-06-18 11:49 - 2019-11-28 10:07 - 000662840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-06-18 11:49 - 2019-11-28 10:06 - 000322360 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2020-06-18 11:49 - 2019-11-28 06:09 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2020-06-18 11:49 - 2019-11-28 05:48 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2020-06-18 11:49 - 2019-11-08 03:39 - 000727584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-06-18 11:49 - 2019-11-08 03:39 - 000435728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-06-18 11:49 - 2019-11-08 03:31 - 000379432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-06-18 11:49 - 2019-11-08 03:12 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-06-18 11:49 - 2019-11-08 03:10 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-06-18 11:49 - 2019-11-08 03:09 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-06-18 11:49 - 2019-10-02 06:02 - 000210448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2020-06-18 11:49 - 2019-10-02 06:02 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2020-06-18 11:49 - 2019-10-02 06:00 - 000039032 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2020-06-18 11:49 - 2019-10-02 05:50 - 000095224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2020-06-18 11:49 - 2019-10-02 05:48 - 000430304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2020-06-18 11:49 - 2019-10-02 05:48 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2020-06-18 11:49 - 2019-10-02 05:34 - 000081040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2020-06-18 11:49 - 2019-10-02 05:32 - 000412696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2020-06-18 11:49 - 2019-10-02 05:28 - 002929152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2020-06-18 11:49 - 2019-10-02 05:25 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2020-06-18 11:49 - 2019-10-02 05:16 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-06-18 11:49 - 2019-10-02 05:14 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-06-18 11:49 - 2019-09-13 05:49 - 000274792 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-06-18 11:49 - 2019-09-13 05:48 - 000710240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2020-06-18 11:49 - 2019-09-13 05:13 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-06-18 11:49 - 2019-09-13 05:11 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-06-18 11:49 - 2019-09-04 06:13 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-06-18 11:49 - 2019-09-04 06:02 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-06-18 11:49 - 2019-09-04 05:41 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2020-06-18 11:49 - 2019-09-04 05:40 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2020-06-18 11:49 - 2019-09-04 05:38 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2020-06-18 11:49 - 2019-08-13 05:13 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-06-18 11:49 - 2019-08-13 05:13 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2020-06-18 11:48 - 2019-11-28 05:41 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-06-18 11:48 - 2019-11-28 05:40 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-06-18 11:48 - 2019-11-28 05:39 - 000929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-06-18 11:48 - 2019-11-28 05:36 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2020-06-18 11:48 - 2019-11-28 05:35 - 001418752 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2020-06-18 11:48 - 2019-10-02 12:14 - 000349216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-06-18 11:48 - 2019-10-02 12:08 - 001047568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2020-06-18 11:48 - 2019-10-02 11:27 - 000117240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2020-06-18 11:48 - 2019-10-02 11:06 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2020-06-18 11:48 - 2019-10-02 10:23 - 000106560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2020-06-18 11:48 - 2019-10-02 10:07 - 000486400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2020-06-18 11:48 - 2019-10-02 09:53 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2020-06-18 11:48 - 2019-10-02 05:49 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2020-06-18 11:48 - 2019-10-02 05:47 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2020-06-18 11:48 - 2019-10-02 05:18 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2020-06-18 11:48 - 2019-10-02 05:09 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-06-18 11:48 - 2019-09-13 12:03 - 000586680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2020-06-18 11:48 - 2019-09-13 11:41 - 001644032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-06-18 11:48 - 2019-09-13 11:41 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2020-06-18 11:48 - 2019-09-13 11:40 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2020-06-18 11:48 - 2019-09-13 10:18 - 000470512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2020-06-18 11:48 - 2019-09-13 10:01 - 001300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-06-18 11:48 - 2019-09-13 10:01 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2020-06-18 11:48 - 2019-09-13 05:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-06-18 11:48 - 2019-09-13 05:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-06-18 11:48 - 2019-09-13 05:17 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2020-06-18 11:48 - 2019-09-13 05:16 - 000910336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2020-06-18 11:48 - 2019-09-13 05:15 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-06-18 11:48 - 2019-09-13 05:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-06-18 11:48 - 2019-09-13 05:14 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2020-06-18 11:48 - 2019-09-13 05:14 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-06-18 11:48 - 2019-09-13 05:12 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-06-18 11:48 - 2019-08-13 19:06 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe
2020-06-18 11:48 - 2019-08-13 16:04 - 001585304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2020-06-18 11:48 - 2019-08-13 10:49 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe
2020-06-18 11:48 - 2019-08-13 05:44 - 001793472 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2020-06-18 11:47 - 2020-01-07 10:54 - 001639864 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-06-18 11:47 - 2020-01-07 09:15 - 001628496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-06-18 11:47 - 2020-01-07 05:00 - 000076328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-06-18 11:47 - 2020-01-07 04:59 - 001964176 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-06-18 11:47 - 2020-01-07 04:48 - 001659944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-06-18 11:47 - 2020-01-07 04:25 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-06-18 11:47 - 2020-01-07 04:24 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-06-18 11:47 - 2020-01-07 04:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-06-18 11:47 - 2019-11-28 06:11 - 000498072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-06-18 11:47 - 2019-11-28 05:51 - 000424208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-06-18 11:47 - 2019-11-28 05:39 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-06-18 11:47 - 2019-11-28 05:38 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-06-18 11:47 - 2019-11-28 05:28 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-06-18 11:47 - 2019-10-02 11:05 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2020-06-18 11:47 - 2019-10-02 10:08 - 000472576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2020-06-18 11:47 - 2019-10-02 05:49 - 000769288 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-06-18 11:47 - 2019-10-02 05:34 - 000526512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-06-18 11:47 - 2019-10-02 05:23 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-06-18 11:47 - 2019-10-02 05:23 - 004517376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-06-18 11:47 - 2019-10-02 05:19 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2020-06-18 11:47 - 2019-10-02 05:18 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2020-06-18 11:47 - 2019-10-02 05:14 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2020-06-18 11:47 - 2019-10-02 05:14 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2020-06-18 11:47 - 2019-10-02 05:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2020-06-18 11:47 - 2019-10-02 05:13 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2020-06-18 11:47 - 2019-10-02 05:09 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2020-06-18 11:47 - 2019-09-13 11:40 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-06-18 11:47 - 2019-09-13 10:00 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-06-18 11:47 - 2019-09-13 05:11 - 000979456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2020-06-18 11:47 - 2019-09-04 06:24 - 000705336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2020-06-18 11:47 - 2019-09-04 06:14 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-06-18 11:47 - 2019-09-04 06:13 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2020-06-18 11:47 - 2019-09-04 06:03 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-06-18 11:47 - 2019-09-04 05:42 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-06-18 11:47 - 2019-09-04 05:41 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-06-18 11:46 - 2020-01-07 04:27 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2020-06-18 11:46 - 2019-11-28 11:46 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-06-18 11:46 - 2019-11-28 10:09 - 001453624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-06-18 11:46 - 2019-11-28 06:09 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-06-18 11:46 - 2019-11-28 06:09 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-06-18 11:46 - 2019-11-28 06:09 - 001141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-06-18 11:46 - 2019-11-28 06:09 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-06-18 11:46 - 2019-11-08 03:39 - 000500752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-06-18 11:46 - 2019-11-08 03:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2020-06-18 11:46 - 2019-11-08 03:09 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-06-18 11:46 - 2019-11-08 03:08 - 003203072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2020-06-18 11:46 - 2019-11-08 03:08 - 002603008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2020-06-18 11:46 - 2019-11-01 03:10 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-18 11:46 - 2019-10-02 11:09 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2020-06-18 11:46 - 2019-10-02 10:06 - 002406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2020-06-18 11:46 - 2019-10-02 06:00 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-06-18 11:46 - 2019-10-02 05:59 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2020-06-18 11:46 - 2019-10-02 05:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-06-18 11:46 - 2019-10-02 05:47 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2020-06-18 11:46 - 2019-10-02 05:15 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2020-06-18 11:46 - 2019-09-13 05:58 - 007900880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2020-06-18 11:46 - 2019-09-13 05:56 - 005821448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2020-06-18 11:46 - 2019-09-13 05:15 - 002913792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-06-18 11:46 - 2019-09-10 02:20 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-18 11:46 - 2019-09-10 02:20 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-06-18 11:46 - 2019-09-04 05:41 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2020-06-18 11:46 - 2019-08-13 05:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2020-06-18 11:46 - 2019-08-13 05:12 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2020-06-18 11:46 - 2019-08-13 02:24 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2020-06-18 11:46 - 2019-08-13 01:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2020-06-18 11:45 - 2020-01-07 10:33 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-06-18 11:45 - 2020-01-07 08:59 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-06-18 11:45 - 2020-01-07 04:59 - 002810896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-06-18 11:45 - 2020-01-07 04:58 - 009080848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-18 11:45 - 2020-01-07 04:24 - 002163712 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-06-18 11:45 - 2020-01-07 04:24 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-18 11:45 - 2020-01-07 04:23 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-18 11:45 - 2019-11-28 05:35 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-18 11:45 - 2019-11-28 05:25 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-18 11:45 - 2019-11-08 03:38 - 002711352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-06-18 11:45 - 2019-10-02 06:01 - 001288928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-06-18 11:45 - 2019-10-02 05:59 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-06-18 11:45 - 2019-10-02 05:59 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2020-06-18 11:45 - 2019-10-02 05:48 - 002421776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-06-18 11:45 - 2019-10-02 05:48 - 001922056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2020-06-18 11:45 - 2019-10-02 05:47 - 001380312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-06-18 11:45 - 2019-10-02 05:47 - 001020280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-06-18 11:45 - 2019-10-02 05:47 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2020-06-18 11:45 - 2019-10-02 05:22 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2020-06-18 11:45 - 2019-10-02 05:11 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2020-06-18 11:45 - 2019-09-13 05:47 - 001947168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2020-06-18 11:45 - 2019-09-13 05:35 - 001559272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2020-06-18 11:45 - 2019-09-04 06:04 - 000286616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-06-18 11:44 - 2020-01-07 11:02 - 000403584 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-06-18 11:44 - 2020-01-07 09:15 - 000358128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-06-18 11:44 - 2020-01-07 05:03 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-06-18 11:44 - 2020-01-07 04:30 - 003403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-06-18 11:44 - 2020-01-07 04:27 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-06-18 11:44 - 2020-01-07 04:26 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-06-18 11:44 - 2020-01-07 04:25 - 002179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-06-18 11:44 - 2020-01-07 04:25 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-06-18 11:44 - 2020-01-07 04:24 - 001563648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-06-18 11:44 - 2020-01-07 04:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-06-18 11:44 - 2020-01-07 04:23 - 001058816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-06-18 11:44 - 2020-01-07 04:23 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-06-18 11:44 - 2019-11-28 06:10 - 002571336 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-06-18 11:44 - 2019-11-28 05:49 - 001979960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-06-18 11:44 - 2019-11-08 08:38 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-06-18 11:44 - 2019-11-08 08:38 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-06-18 11:44 - 2019-11-08 06:56 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-06-18 11:44 - 2019-11-08 03:39 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-06-18 11:44 - 2019-11-08 03:39 - 000494904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-18 11:44 - 2019-11-08 03:39 - 000440768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-18 11:44 - 2019-11-08 03:39 - 000209936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-06-18 11:44 - 2019-11-08 03:39 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-06-18 11:44 - 2019-11-08 03:32 - 000435216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-18 11:44 - 2019-11-08 03:32 - 000385272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-18 11:44 - 2019-11-08 03:32 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-06-18 11:44 - 2019-11-08 03:32 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-06-18 11:44 - 2019-11-08 03:31 - 000665432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-06-18 11:44 - 2019-11-08 03:10 - 003091968 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-06-18 11:44 - 2019-10-02 11:50 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-06-18 11:44 - 2019-10-02 11:50 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-06-18 11:44 - 2019-10-02 11:48 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2020-06-18 11:44 - 2019-10-02 11:45 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-06-18 11:44 - 2019-10-02 11:06 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2020-06-18 11:44 - 2019-10-02 10:07 - 000645632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2020-06-18 11:44 - 2019-10-02 09:42 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-06-18 11:44 - 2019-10-02 05:20 - 001647616 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-06-18 11:44 - 2019-09-13 11:57 - 001375456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-06-18 11:44 - 2019-09-13 11:40 - 000806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2020-06-18 11:44 - 2019-09-13 11:40 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2020-06-18 11:44 - 2019-09-13 11:39 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2020-06-18 11:44 - 2019-09-13 10:17 - 001026280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-06-18 11:44 - 2019-09-13 05:48 - 003290584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-18 11:44 - 2019-09-13 05:36 - 002478152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-18 11:44 - 2019-09-13 05:15 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-06-18 11:44 - 2019-09-13 05:15 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2020-06-18 11:44 - 2019-09-13 05:13 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-06-18 11:44 - 2019-09-13 05:12 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2020-06-18 11:44 - 2019-09-13 05:11 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-06-18 11:44 - 2019-08-13 19:21 - 000221016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2020-06-18 11:43 - 2020-01-07 04:49 - 001462192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-06-18 11:43 - 2019-10-02 11:28 - 021411976 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-18 11:43 - 2019-10-02 05:16 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2020-06-18 11:43 - 2019-10-02 05:10 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2020-06-18 11:43 - 2019-09-13 05:17 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2020-06-18 11:43 - 2019-09-13 05:13 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2020-06-18 11:43 - 2019-08-13 19:06 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2020-06-18 11:43 - 2019-08-13 15:43 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2020-06-18 11:43 - 2019-08-13 10:46 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2020-06-18 11:43 - 2019-08-13 05:11 - 000737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2020-06-18 11:42 - 2020-01-07 10:54 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-06-18 11:42 - 2020-01-07 10:37 - 008628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-06-18 11:42 - 2020-01-07 09:00 - 007991808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-06-18 11:42 - 2020-01-07 04:59 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-06-18 11:42 - 2020-01-07 04:48 - 006566448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-06-18 11:42 - 2019-11-28 11:27 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-06-18 11:42 - 2019-11-28 05:38 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-06-18 11:42 - 2019-11-28 05:28 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-06-18 11:42 - 2019-11-08 03:17 - 022736384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-06-18 11:42 - 2019-10-02 12:10 - 004527072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-06-18 11:42 - 2019-10-02 05:25 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2020-06-18 11:42 - 2019-10-02 05:23 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2020-06-18 11:42 - 2019-09-13 11:39 - 002085888 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2020-06-18 11:42 - 2019-09-13 09:59 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2020-06-18 11:42 - 2019-09-13 05:48 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-18 11:42 - 2019-09-04 05:44 - 003687424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-18 11:42 - 2019-09-04 05:43 - 004849664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-18 11:42 - 2019-09-04 05:42 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2020-06-18 11:42 - 2019-09-04 05:40 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2020-06-18 11:42 - 2019-09-04 05:40 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2020-06-18 11:42 - 2019-09-04 05:39 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2020-06-18 11:41 - 2020-01-07 04:30 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-06-18 11:41 - 2020-01-07 04:27 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-06-18 11:41 - 2020-01-07 04:26 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-06-18 11:41 - 2020-01-07 04:24 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-06-18 11:41 - 2019-11-28 06:10 - 002161072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-06-18 11:41 - 2019-11-28 05:49 - 001651040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-06-18 11:41 - 2019-10-02 06:02 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-06-18 11:41 - 2019-10-02 05:50 - 006979128 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-06-18 11:41 - 2019-10-02 05:47 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-06-18 11:41 - 2019-10-02 05:33 - 003330880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-06-18 11:41 - 2019-10-02 05:16 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2020-06-18 11:41 - 2019-09-04 05:48 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2020-06-18 11:41 - 2019-09-04 05:45 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2020-06-18 11:41 - 2019-09-04 05:43 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2020-06-18 11:41 - 2019-09-04 05:42 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2020-06-18 11:41 - 2019-08-13 15:45 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2020-06-18 11:41 - 2019-08-13 05:17 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2020-06-18 11:40 - 2020-01-07 08:24 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2020-06-18 11:40 - 2020-01-07 06:27 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2020-06-18 11:40 - 2019-11-28 05:43 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-06-18 11:40 - 2019-11-28 05:34 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2020-06-18 11:40 - 2019-11-08 03:31 - 006053808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-06-18 11:40 - 2019-10-02 12:08 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2020-06-18 11:40 - 2019-10-02 11:13 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-06-18 11:40 - 2019-10-02 10:11 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-06-18 11:40 - 2019-10-02 09:52 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2020-06-18 11:40 - 2019-09-10 08:16 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-06-18 11:40 - 2019-09-04 06:14 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-06-18 11:40 - 2019-09-04 06:02 - 001805872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2020-06-18 11:40 - 2019-09-04 05:46 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2020-06-18 11:40 - 2019-09-04 05:44 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2020-06-18 11:40 - 2019-09-04 05:43 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2020-06-18 11:40 - 2019-09-04 05:43 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2020-06-18 11:40 - 2019-09-04 05:42 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2020-06-18 11:40 - 2019-09-04 05:41 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2020-06-18 11:40 - 2019-09-04 05:41 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2020-06-18 11:40 - 2019-09-04 05:39 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2020-06-18 11:39 - 2019-11-28 05:28 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-06-18 11:39 - 2019-11-08 08:43 - 012835328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-18 11:39 - 2019-11-08 07:00 - 012036096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-18 11:39 - 2019-11-08 03:40 - 005627280 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-06-18 11:39 - 2019-11-08 03:38 - 007447904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-06-18 11:39 - 2019-11-08 03:15 - 019386368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-18 11:39 - 2019-10-02 11:53 - 004852736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-06-18 11:39 - 2019-10-02 11:47 - 000957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-06-18 11:39 - 2019-10-02 11:34 - 004098912 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-06-18 11:39 - 2019-10-02 11:13 - 006594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-18 11:39 - 2019-10-02 11:12 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-06-18 11:39 - 2019-10-02 10:22 - 003751824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-06-18 11:39 - 2019-10-02 10:16 - 005662720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-18 11:39 - 2019-10-02 09:41 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-06-18 11:39 - 2019-10-02 06:21 - 002417744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2020-06-18 11:39 - 2019-10-02 06:20 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2020-06-18 11:39 - 2019-10-02 05:58 - 000795360 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-06-18 11:39 - 2019-10-02 05:49 - 001662480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2020-06-18 11:39 - 2019-10-02 05:33 - 001254712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2020-06-18 11:39 - 2019-10-02 05:27 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2020-06-18 11:39 - 2019-10-02 05:26 - 016598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-06-18 11:39 - 2019-10-02 05:21 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-06-18 11:39 - 2019-09-13 05:58 - 001613096 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2020-06-18 11:39 - 2019-09-13 05:56 - 001299472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2020-06-18 11:39 - 2019-08-13 19:21 - 000665400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2020-06-18 11:39 - 2019-08-13 11:09 - 000771384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2020-06-18 11:39 - 2019-08-13 11:09 - 000571688 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-06-18 11:39 - 2019-08-13 10:51 - 000905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2020-06-18 11:39 - 2019-08-13 10:50 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-06-18 11:38 - 2019-11-08 03:14 - 004383232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-06-18 11:38 - 2019-10-02 10:22 - 020402960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-18 11:38 - 2019-10-02 05:28 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-06-18 11:38 - 2019-10-02 05:16 - 002379264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-06-18 11:33 - 2020-06-18 11:33 - 000000000 ____D C:\Users\sworton\AppData\Local\mbam
2020-06-18 11:32 - 2020-06-18 11:32 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-18 11:32 - 2020-06-18 11:32 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-18 11:32 - 2020-06-18 11:32 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-18 11:32 - 2020-06-18 11:30 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-18 11:32 - 2020-06-18 11:30 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-06-18 11:28 - 2020-06-18 11:28 - 001988280 _____ (Malwarebytes) C:\Users\sworton\Downloads\MBSetup.exe
2020-06-18 11:28 - 2020-06-18 11:28 - 001988280 _____ (Malwarebytes) C:\Users\sworton\Downloads\MBSetup (1).exe
2020-06-18 11:28 - 2020-06-18 11:28 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-18 11:28 - 2020-06-18 11:28 - 000000000 ____D C:\Malwarebytes
2020-06-18 09:37 - 2020-06-18 09:37 - 000000000 ____D C:\Users\sworton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Ads Editor
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-26 15:24 - 2018-02-16 02:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-06-26 15:23 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-06-26 15:15 - 2019-03-20 06:32 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-26 15:15 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2020-06-26 15:14 - 2015-04-16 19:45 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-06-26 15:13 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-06-26 15:08 - 2019-03-20 06:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-26 15:07 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-06-26 15:07 - 2017-08-13 02:35 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-06-26 15:06 - 2014-09-16 22:05 - 000000000 ____D C:\Users\sworton\AppData\LocalLow\Temp
2020-06-26 14:47 - 2019-03-20 06:46 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{99A5A314-FBF3-44F6-814D-483465A3D26C}
2020-06-26 13:42 - 2019-03-20 06:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-06-25 22:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-25 21:31 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2020-06-25 21:28 - 2018-02-01 01:35 - 000000000 ____D C:\Users\sworton\AppData\Local\Packages
2020-06-25 21:09 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-25 21:00 - 2019-03-19 23:32 - 000000000 ___DC C:\WINDOWS\Panther
2020-06-25 16:33 - 2019-03-20 06:46 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-809454615-2631668767-2191910371-1001
2020-06-25 16:32 - 2019-03-20 06:18 - 000002418 _____ C:\Users\sworton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-25 16:32 - 2015-01-21 00:06 - 000000000 __RDO C:\Users\sworton\OneDrive
2020-06-18 13:30 - 2014-09-17 13:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-06-18 13:26 - 2014-09-17 13:28 - 120636720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-06-18 13:25 - 2017-04-12 20:51 - 000000000 ____D C:\Program Files\UNP
2020-06-18 12:58 - 2018-02-01 09:12 - 000000000 ___RD C:\Users\sworton\3D Objects
2020-06-18 12:58 - 2014-09-15 17:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-06-18 12:54 - 2019-03-20 06:10 - 000405312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-18 12:50 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2020-06-18 12:50 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-06-18 12:50 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-06-18 12:49 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-06-18 12:49 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-06-18 12:47 - 2018-04-12 00:38 - 000017800 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2020-06-18 11:32 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-06-18 11:30 - 2014-09-15 16:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-18 11:23 - 2014-01-25 16:20 - 000000000 ____D C:\Program Files (x86)\TOSHIBA Games
2020-06-18 11:22 - 2014-01-25 15:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-06-18 11:22 - 2014-01-25 15:53 - 000000000 ____D C:\ProgramData\WildTangent
2020-06-18 11:19 - 2015-09-26 19:00 - 000000000 ____D C:\Users\sworton\AppData\Roaming\Spotify
2020-06-18 11:13 - 2017-04-02 13:48 - 000000000 ____D C:\Users\sworton\AppData\Roaming\Google
2020-06-18 11:11 - 2014-09-15 22:18 - 000000000 ____D C:\Users\sworton\AppData\Roaming\Apple Computer
2020-06-18 11:06 - 2014-09-15 18:34 - 000002162 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-18 10:25 - 2019-03-20 06:18 - 000000000 ____D C:\Users\sworton
2020-06-18 10:25 - 2015-10-18 11:10 - 000000000 ____D C:\Users\sworton\AppData\Local\Apple Inc
2020-06-18 10:05 - 2018-07-24 19:29 - 000000000 ____D C:\Program Files (x86)\Kingo ROOT
2020-06-18 10:00 - 2018-05-21 08:04 - 000000000 ____D C:\ProgramData\Citrix
2020-06-18 09:54 - 2018-05-21 08:03 - 000000000 ____D C:\Users\sworton\AppData\Local\Citrix
2020-06-18 09:34 - 2019-03-19 22:14 - 000000000 ____D C:\Program Files\CUAssistant
2020-06-18 09:29 - 2019-03-20 06:46 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-06-18 09:29 - 2019-03-20 06:46 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-06-18 09:25 - 2014-09-15 18:33 - 000000000 ____D C:\Program Files (x86)\Google
2020-06-18 09:22 - 2019-03-20 06:46 - 000003684 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-809454615-2631668767-2191910371-1001UA
2020-06-18 09:22 - 2019-03-20 06:46 - 000003416 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-809454615-2631668767-2191910371-1001Core
2020-06-18 09:20 - 2019-05-06 17:37 - 000000000 ____D C:\Users\sworton\AppData\Local\D3DSCache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2020
Ran by sworton (26-06-2020 15:27:16)
Running from C:\Users\sworton\Desktop
Windows 10 Home Version 1803 17134.1246 (X64) (2019-03-20 05:48:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-809454615-2631668767-2191910371-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-809454615-2631668767-2191910371-503 - Limited - Disabled)
Guest (S-1-5-21-809454615-2631668767-2191910371-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-809454615-2631668767-2191910371-1003 - Limited - Enabled)
sworton (S-1-5-21-809454615-2631668767-2191910371-1001 - Administrator - Enabled) => C:\Users\sworton
WDAGUtilityAccount (S-1-5-21-809454615-2631668767-2191910371-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.303.509 - Alps Electric)
AMD Catalyst Install Manager (HKLM\...\{5D42947B-E961-C0B5-5A70-EA0F753331EB}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Chromium (HKLM-x32\...\{5B2FB3EF-0BAF-626F-BA2F-12EF6AAFC16F}) (Version:  - )
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Evernote (HKLM-x32\...\Evernote) (Version: 1.0.0 - Evernote Launcher by Toshiba Europe GmbH)
Google Ads Editor (HKLM-x32\...\{1DED8B00-79E5-11EA-9C71-DC4A3E998CF6}) (Version: 13.3.1.0 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-809454615-2631668767-2191910371-1001\...\OneDriveSetup.exe) (Version: 20.084.0426.0007 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
MouseServer version 1.7.1 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.7.1 - Necta Co.)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1609.76 - Trusteer) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
TOSHIBA Addendum (HKLM-x32\...\{C1569944-FAD6-4B3B-85E5-C213C2FF8EFC}) (Version: 1.00 - TOSHIBA)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{5F6AC07E-50EF-422E-B56E-6521E5B35139}) (Version: 1.1.12.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.346 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.00.6403 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.76 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
 
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-06-25] (Amazon.com)
Doodle God™ Free for Toshiba -> C:\Program Files\WindowsApps\7E440FBB.DoodleGodFreeforToshiba_2.0.0.48_x64__pvm5kvqj2rwym [2013-11-24] (JoyBits-Ltd.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.24.8919.0_x86__q4d96b2w5wcc2 [2020-06-25] (Evernote)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-06-25] (HP Inc.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-22] (AMZN Mobile LLC)
McAfee® Central for Toshiba -> C:\Program Files\WindowsApps\McAfeeInc.04.McAfeeSecurityAdvisorforToshiba_5.0.170.1_x64__m0mgz90br52t0 [2018-04-03] (McAfee_Incorporated)
Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.4.33.0_x64__679ekb9hp1h62 [2019-03-02] (sMedio)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-02] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-16] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-12] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-06-18] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-06-25] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-06-25] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-15] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-06-25] (Microsoft Corporation) [MS Ad]
My Toshiba -> C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_3.2.49.0_x64__3s2an63h56yee [2016-02-08] (Ennova Research)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-06-25] (Netflix, Inc.)
Parcelgenie for Toshiba -> C:\Program Files\WindowsApps\ParcelPokeLimited.ParcelgenieforToshiba_2.1.1.25_neutral__8xyyyq1qzh8hy [2014-09-17] (Parcel Poke Limited)
Sage 50 Accounts Pulse for Toshiba -> C:\Program Files\WindowsApps\FA176213.Sage50AccountsPulseforToshiba_1.2.0.128_x64__z9k4tam8pb7vw [2014-09-15] (Sage (UK) Ltd)
Skitch Touch -> C:\Program Files\WindowsApps\Evernote.Skitch_2.4.2000.1918_neutral__q4d96b2w5wcc2 [2014-09-17] (Evernote)
Skyscanner -> C:\Program Files\WindowsApps\Skyscanner.Skyscanner_1.4.2.0_neutral__623c9he0pwcym [2014-09-17] (Skyscanner)
The Telegraph -> C:\Program Files\WindowsApps\TelegraphMediaGroupLtd.TheTelegraph_2.0.1.134_x64__8zqgb9yvnry22 [2013-11-24] (Telegraph Media Group Ltd)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-16] (Twitter Inc.)
Vimeo for Toshiba (UK) -> C:\Program Files\WindowsApps\DEA48DA5.VimeoforToshibaUK_1.4.0.0_neutral__20zyggj7fjyag [2013-11-24] (Vimeo, LLC  .)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-809454615-2631668767-2191910371-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\sworton\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-04-26] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-18] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-18] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\sworton\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2018-07-24 20:42 - 2017-09-27 17:30 - 000489984 _____ ( (Newtonsoft) [File not signed])  [File is in use ] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\Newtonsoft.Json.dll
2018-07-24 20:42 - 2018-01-26 17:08 - 000088064 _____ ( (Wondershare) [File not signed])  [File is in use ] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCollect.dll
2018-07-24 20:42 - 2018-01-26 17:08 - 000200192 _____ ( (Wondershare) [File not signed])  [File is in use ] C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppCommon.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2020-06-18 09:51 - 000002105 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-809454615-2631668767-2191910371-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
Network Binding:
=============
WiFi: AppEx Networks Accelerator -> appex_acc (enabled) 
Ethernet: AppEx Networks Accelerator -> appex_acc (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{E8D547E7-A3E1-4CF3-AE7E-49A8FE18AD65}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{0366120C-CE02-4697-B799-7B3B13F404D1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E860DF75-880E-49B0-8413-66F2B4C629CD}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{B52FCBCB-D94F-4F3B-BA30-870FC23D3999}C:\users\sworton\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sworton\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0AE8AA3E-A175-44AA-A39F-B7052D8E3839}C:\users\sworton\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sworton\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{69818AB6-26FD-49BF-8CB6-D99AED5921FD}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{9C9D787C-3B24-485E-81CE-108F04CAEE85}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2E942837-69BF-4A9D-AFC4-FFAB5D6DE518}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
04-09-2019 08:56:33 Windows Update
18-06-2020 09:27:34 Windows Update
25-06-2020 19:14:19 Windows Update
 
==================== Faulty Device Manager Devices ============
 
Name: TSSTcorp CDDVDW SU-208FB
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/26/2020 03:13:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.27, time stamp: 0x52278080
Faulting module name: ntdll.dll, version: 10.0.17134.799, time stamp: 0x7f828745
Exception code: 0xc0000374
Fault offset: 0x00000000000f479b
Faulting process ID: 0x228c
Faulting application start time: 0x01d64bc3ef636927
Faulting application path: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 0513caac-40b7-41fb-9787-3aa61ecbb167
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/26/2020 03:10:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\sworton\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 58.0.2988.0,language="&#x2a;",type="win32",version="58.0.2988.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/26/2020 03:08:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Trusteer\Rapport\bin\trf.dll".Error in manifest or policy file "C:\Program Files (x86)\Trusteer\Rapport\bin\Trusteer.PrivateCRT.MANIFEST" on line 0.
Invalid Xml syntax.
 
Error: (06/26/2020 03:08:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll".Error in manifest or policy file "C:\Program Files (x86)\Trusteer\Rapport\bin\Trusteer.FoundationLib.MANIFEST" on line 0.
Invalid Xml syntax.
 
Error: (06/26/2020 03:05:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17134.1098, time stamp: 0xef41e49f
Faulting module name: combase.dll, version: 10.0.17134.1038, time stamp: 0x5732951c
Exception code: 0xc0000005
Fault offset: 0x00000000000ab568
Faulting process ID: 0x6a4
Faulting application start time: 0x01d64b90cb3da567
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\System32\combase.dll
Report ID: 15ac24e2-f18f-42e5-bec0-6cdd1d465e98
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/26/2020 11:39:45 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (06/26/2020 11:39:45 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (06/26/2020 09:11:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.27, time stamp: 0x52278080
Faulting module name: ntdll.dll, version: 10.0.17134.799, time stamp: 0x7f828745
Exception code: 0xc0000374
Fault offset: 0x00000000000f479b
Faulting process ID: 0x1f0c
Faulting application start time: 0x01d64b91517204b3
Faulting application path: C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 459011b6-1b78-47bc-936d-252b6b9e6df7
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (06/26/2020 03:15:16 PM) (Source: DCOM) (EventID: 10010) (User: SOPH-PC)
Description: The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.
 
Error: (06/26/2020 03:13:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/26/2020 03:12:52 PM) (Source: DCOM) (EventID: 10016) (User: SOPH-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Soph-pc\sworton SID (S-1-5-21-809454615-2631668767-2191910371-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/26/2020 03:12:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (06/26/2020 03:12:08 PM) (Source: DCOM) (EventID: 10016) (User: SOPH-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Soph-pc\sworton SID (S-1-5-21-809454615-2631668767-2191910371-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/26/2020 03:12:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/26/2020 03:10:58 PM) (Source: DCOM) (EventID: 10016) (User: SOPH-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Soph-pc\sworton SID (S-1-5-21-809454615-2631668767-2191910371-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/26/2020 03:09:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2020-06-26 15:13:12.925
Description: 
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
 
CodeIntegrity:
===================================
 
Date: 2020-06-18 11:38:24.576
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:33:23.732
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:28:23.754
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:23:23.730
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:20:44.013
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:20:43.996
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:20:43.978
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-06-18 11:20:43.960
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Insyde Corp. 1.20 08/30/2013
Motherboard: AMD PT10AN
Processor: AMD A4-5000 APU with Radeon™ HD Graphics 
Percentage of memory in use: 58%
Total physical RAM: 3523.07 MB
Available physical RAM: 1479.65 MB
Total Virtual: 7107.07 MB
Available Virtual: 4623.42 MB
 
==================== Drives ================================
 
Drive c: (TI31254100A) (Fixed) (Total:919.64 GB) (Free:776.57 GB) NTFS
Drive d: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:81.93 GB) NTFS
 
\\?\Volume{01773966-6472-11e3-aab2-ff588c914329}\ (System) (Fixed) (Total:1 GB) (Free:0.62 GB) NTFS
\\?\Volume{74f8e88f-38f6-42df-927c-a5e6362b427a}\ () (Fixed) (Total:0.86 GB) (Free:0.31 GB) NTFS
\\?\Volume{7abb33a6-85d5-11e3-8d59-2025642be837}\ (Recovery) (Fixed) (Total:9.79 GB) (Free:0.98 GB) NTFS
\\?\Volume{0177396e-6472-11e3-aab2-ff588c914329}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 28676295)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

Advertisements


#11
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

It appears that you didn't uninstall Google Update Helper: I suggest you do so.

 

Also, Windows Security seems to be fine now.

 

Let's run a scan to be sure that nothing else is lurking, due to the fact that Malwarebytes found so many.

 

Run Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • after extraction, double-click on the new Start Emsisoft Emergency Kit icon on your desktop
  • the first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates: click Yes so that it downloads the latest database updates
  • when update the is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning
  • when the scan has completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan
  • when the threats have been quarantined, click the View report button in the lower-right corner and the scan log will open in Notepad
  • please save the Notepad log on your desktop and post the contents in your next reply
  • when you close Emsisoft Emergency Kit it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

Satchfan

 


  • 0

#12
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

I had uninstalled Google Update Helper. Not showing now

 

google helper.jpg

 

Emsisoft won't run. Needs 64 bit version

 

emsisoft.jpg


  • 0

#13
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Apologies. Try this link.


  • 0

#14
peter plus

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 246 posts

Got same message 


  • 0

#15
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

That should have worked. Let's try this scanner instead:

 

Download ESET Online Scanner and save it to your desktop.

  • right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • when the tool opens, click Get Started.
  • read and accept the license agreement.
  • at the Welcome to ESET Online Scanner window, click Get Started.
  • select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • click on the Full Scan option.
  • select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • when the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature: click on Continue.
  • on the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP