Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible virus or malware

#possible virus #malware

  • Please log in to reply

#1
mckinnik

mckinnik

    Member

  • Member
  • PipPip
  • 39 posts

I've had this Samsung Notebook Spin 7 for about a year and a half. The last two months or so I have been experiencing long start and shut down times along with times when the screen or app I'm using freezes up for a few seconds. I've also experienced very long load times loading web pages and keep getting timed out notices. There is also times when after opening a web page it blanks out for several seconds. Approximately three weeks ago I had a blue screen advising me that windows needed to shut down. There was more information on the screen that I was unable to read or capture before the shut down. I am attaching the required scans. Thank you for your time in this matter

 

 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by mckinnik (administrator) on DESKTOP-GLBDK8Q (SAMSUNG ELECTRONICS CO., LTD. 750QUA) (18-07-2020 12:23:46)
Running from C:\Users\mckin\OneDrive\Desktop
Loaded Profiles: mckinnik
Platform: Windows 10 Home Version 1903 18362.959 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0335151.inf_amd64_e5705aeeafa5c2ab\B335002\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0335151.inf_amd64_e5705aeeafa5c2ab\B335002\atiesrxx.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Cisco Video Technologies Israel Ltd. -> Synamedia) C:\Users\mckin\AppData\Local\Synamedia\VideoGuardPlayer\VideoGuardMonitor\VideoGuardMonitor.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <19>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Hitachi-LG Data Storage Korea, Inc. -> Hitachi-LG Data Storage, Inc.) C:\Program Files (x86)\ODD Auto Firmware Update\ODDFWUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\ConsultingMode\ConsultingMode.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\ConsultingMode\ConsultingModeService.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityCmdServer.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityEventHandler.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityLauncher.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\PTPCtrl\PTPCtrl.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\ColorEngine\ColorEngine.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Recovery\BulletService.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung PC Cleaner 2 Service\PCCleaner2Service.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung PC Cleaner 2 Service\PCCleaner2Status.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungSettings\SamsungSettingsExpansionPack.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungSettings\SamsungSettingsExpansionUI.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungSettings\SamsungSettingsExpLauncher.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungUpdate\SUService.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungUpdate\SUUserModeWorker.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\sService\sServiceAgentLauncherSvc.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\sService\sServiceKeyMonitor.exe
(Samsung Electronics CO., LTD. -> Samsung) C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe
(Trend Micro, Inc. -> ) C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe <3>
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\10011\8.1.2009\8.1.2009\TmsaInstance64.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\DiamondRing\DrSDKCaller.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1246368 2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246112 2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [190648 2018-06-27] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [593080 2018-06-27] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [279240 2016-12-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62625080 2020-07-05] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1591152 2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\Run: [VideoGuardMonitor] => C:\Users\mckin\AppData\Local\Synamedia\VideoGuardPlayer\VideoGuardMonitor\VideoGuardMonitor.exe [2610920 2019-11-21] (Cisco Video Technologies Israel Ltd. -> Synamedia)
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\Run: [Discord] => C:\Users\mckin\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-06-09] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\RunOnce: [Application Restart #0] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [935840 2018-07-13] (Trend Micro, Inc. -> )
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\RunOnce: [Application Restart #2] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [935840 2018-07-13] (Trend Micro, Inc. -> )
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\G-Force.scr [463296 2020-02-04] (SoundSpectrum, Inc -> )
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe [3379096 2017-06-26] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-18\...\RunOnce: [Application Restart #3] => C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe [3379096 2017-06-26] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe [3379096 2017-06-26] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe [3379096 2017-06-26] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-18\...\RunOnce: [Application Restart #4] => C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe [3379096 2017-06-26] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-18\...\RunOnce: [Application Restart #5] => C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe [3379096 2017-06-26] (Samsung Electronics CO., LTD. -> Samsung)
HKLM\...\Windows x64\Print Processors\Canon TS6100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDP.DLL [482816 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS6100 series: C:\WINDOWS\system32\CNMLMDP.DLL [1302016 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-22] (Google LLC -> Google LLC)
Startup: C:\Users\mckin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-05-16]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\mckin\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {116569F3-7FF4-4C4C-8034-17A7AF2229DB} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\RtkAudUService64.exe [956920 2019-12-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {16B3C668-E49D-487E-836F-97E0171F6AC4} - System32\Tasks\Samsung\SamsungPCCleaner\SecurityCheck => C:\Program Files\Samsung\Samsung PC Cleaner 2 Service\SecurityAppChecker.exe [4664568 2020-06-02] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {19932E13-FD77-4C47-8E10-CC484B97C15F} - System32\Tasks\SamsungUpdateServiceUpdate => C:\ProgramData\Samsung\SamsungUpdate3\data\SelfUpdate\SUInst.exe
Task: {31E64FB9-A4BC-4EDE-BCA5-8EA843517BAB} - System32\Tasks\SecTimeSync\TimeSyncInit => C:\Windows\SecTimeSync.exe [1629424 2018-06-11] (Samsung Electronics CO., LTD. -> Samsung Electronics CO., LTD.)
Task: {4526EA72-C945-46FB-BEF9-3EF8558DEB68} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123744 2020-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {466BD137-FEAA-4D8E-BDA7-0230FF94341E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23810952 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {49DD80F0-3637-48C9-9259-8B2352B10FF8} - System32\Tasks\Samsung\Settings\SettingsHibernateMonitor => C:\Program Files\Samsung\SamsungSettings\SettingsHibernateMonitor.exe [46488 2017-07-03] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {550E6CD7-C77B-4B65-96F1-C7FE53C50EB8} - System32\Tasks\DPICustomized => C:\ProgramData\Samsung\DPICustomizing\FontCustomizing.exe [24736 2017-11-05] (Samsung Electronics CO., LTD. -> )
Task: {56277C9B-AF4E-4740-B06A-D75A9D64F9C9} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-10-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {56D95652-C436-41AB-BDA9-BF26A30FBA3D} - System32\Tasks\PTPFilter => C:\Program Files\PTPCtrl\PTPCtrl.exe [3336864 2018-05-09] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {5D426AB7-E112-4BF2-9CC7-CC26F8B4CF33} - System32\Tasks\Samsung\SamsungSecurity\SecurityAppMoniter => C:\Program Files (x86)\Samsung\SamsungSecurity\SecurityAppChecker.exe [459608 2019-10-21] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {5ED0E562-B82C-423E-94AD-95A6941F3C08} - System32\Tasks\ColorEngine => C:\Program Files\Samsung\ColorEngine\ColorEngine.exe [571736 2019-05-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {68D60D6E-6A3C-47F4-8E72-181C4D04B9A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-03] (Google Inc -> Google Inc.)
Task: {695178B1-F8A7-4EF9-A685-756625A429E3} - System32\Tasks\Samsung\SServiceToast => C:\Program Files\Samsung\SServiceNotification\SServiceNoticeMgr.exe [31488 2019-09-10] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {73418FAA-0C7A-4BA8-B589-DF6465E12E8B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_pepper.exe [1471032 2020-07-14] (Adobe Inc. -> Adobe)
Task: {7A085267-4926-43DE-A23B-48A191DDAF27} - System32\Tasks\Samsung\SamsungSecurity\SamsungSecurityPatternLoginMonitor => C:\Program Files (x86)\Samsung\SamsungSecurity\SMessage.exe [500056 2019-10-21] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {7A3B3FA3-F89A-4F75-84D8-405B28475781} - System32\Tasks\AirSupport Update => C:\Program Files\Trend Micro\AirSupport\Update.exe [4344776 2020-05-17] (Trend Micro, Inc. -> Trend Micro Inc.)
Task: {896704C2-1F34-4657-9E66-641D7DC2B2BD} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2742136 2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {8DB18245-D4FD-4F4D-8B97-84C19E2E7252} - System32\Tasks\Samsung\SamsungUpdate\UserModeWorker => C:\Program Files\Samsung\SamsungUpdate\SUUserModeWorker.exe [21880 2020-05-21] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {9C92210D-C80E-45F1-97C6-215D3DE88DB1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23810952 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A7357291-DC9D-4F01-9C8A-1EDB08B9E02F} - System32\Tasks\Samsung\SamsungSecurity\SamsungSecurityPatternLoginAccountMonitor => C:\Program Files (x86)\Samsung\SamsungSecurity\SMessage.exe [500056 2019-10-21] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {AD48ED6B-F1A0-484B-B625-3FFBA3CD6CEB} - System32\Tasks\ColorSettings => C:\Program Files\Samsung\ColorEngine\SetParam3264.exe [40608 2019-05-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {B04C66D3-635E-4EBA-A231-AE83A506A838} - System32\Tasks\ODDAutoFirmwareUpdate => C:\Program Files (x86)\ODD Auto Firmware Update\ODDFWUpdate.exe [1260880 2020-01-24] (Hitachi-LG Data Storage Korea, Inc. -> Hitachi-LG Data Storage, Inc.)
Task: {C5E99885-5966-46C2-A980-8D4E1DB289CD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1313176 2020-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {D8E598ED-640E-4A1A-A2A4-631E756D60D8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
Task: {D9333ECD-4480-46E7-9952-34116F78F5D1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123744 2020-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {EBF74085-AE5E-4E9E-8E3E-E638A93E24F9} - System32\Tasks\Samsung\Recovery8\BulletUserModeWorker => C:\Program Files\Samsung\Recovery\BulletUserModeWorker.exe [317160 2018-06-20] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
Task: {FA16150C-7C42-4B08-8838-393F037C1721} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-01-03] (Google Inc -> Google Inc.)
Task: {FC00166F-6DEA-4DD7-A6B0-4E1C39A3E89E} - System32\Tasks\Samsung\Wifi Camera\WiFi Camera Agent => C:\Program Files\Samsung\WiFiCamera\WiFiCameraAgent.exe [434904 2018-06-20] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{3f913ad0-69eb-4e37-af61-b835662b816c}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{df4a89ed-0624-4f9c-bbe4-534d39895a40}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung17win10.msn.com/?pc=SMTE
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung17win10.msn.com/?pc=SMTE
SearchScopes: HKU\S-1-5-21-3518604814-232533841-1677687598-1002 -> DefaultScope {C44B1D2B-F169-4ABB-9F54-B4CD5A09252F} URL = 
SearchScopes: HKU\S-1-5-21-3518604814-232533841-1677687598-1002 -> {C44B1D2B-F169-4ABB-9F54-B4CD5A09252F} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-11] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO: Password Manager BHO -> {782829FB-43A5-4AE0-A14E-590A252E7946} -> C:\Program Files\Trend Micro\TMIDS\bhoDirectPass64.dll [2020-02-17] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO-x32: Password Manager BHO -> {782829FB-43A5-4AE0-A14E-590A252E7946} -> C:\Program Files\Trend Micro\TMIDS\bhoDirectPass32.dll [2020-02-17] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM - Password Manager ToolBar - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - C:\Program Files\Trend Micro\TMIDS\bhoDirectPass64.dll [2020-02-17] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Password Manager ToolBar - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - C:\Program Files\Trend Micro\TMIDS\bhoDirectPass32.dll [2020-02-17] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
 
Edge: 
======
DownloadDir: C:\Users\mckin\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\mckin\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-17]
Edge DownloadDir: C:\Users\mckin\Downloads
Edge Extension: (Trend Micro Security for Best Buy) - C:\Users\mckin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aafppfglogndiagcgpkieicjfkjghbpd [2020-07-14]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\[email protected]
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\[email protected] [2020-06-17] [UpdateUrl:hxxps://ti-res.trendmicro.com/ti-res/toolbar/FF/prod/updates.json]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\[email protected]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3518604814-232533841-1677687598-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\mckin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-13] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default [2020-07-18]
CHR Notifications: Default -> hxxps://colapamall.com; hxxps://drive.google.com; hxxps://m.headlineswithavoice.com; hxxps://mail.google.com; hxxps://mewe.com; hxxps://outlook.live.com; hxxps://photos.google.com; hxxps://www.facebook.com; hxxps://www.lawenforcementtoday.com; hxxps://www.neonrevolt.com; hxxps://www.spiritualunite.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://duckduckgo.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://llelondjpcjljnjihdflhpclcpbiaiba/iframe_msn.html"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-01-03]
CHR Extension: (Docs) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-01-03]
CHR Extension: (Google Drive) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-03]
CHR Extension: (DuckDuckGo) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2020-07-08]
CHR Extension: (YouTube) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-03]
CHR Extension: (ReadingFanatic) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmmbajpcfedaechekcachdldkdfaalbf [2020-06-13]
CHR Extension: (Spell checker and Grammar checker by Scribens) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgkiikdlhmpikkhpiplldicbnicmboc [2020-07-15]
CHR Extension: (Sheets) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-01-03]
CHR Extension: (Trend Micro Password Manager) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fokifklggehlihkifghafpekelcicmgl [2019-07-02]
CHR Extension: (Emojis - Emoji Keyboard) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaoflciahikhligngeccdecgfjngejlh [2020-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-28]
CHR Extension: (Guardio: Antivirus & Malware Removal) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2020-07-09]
CHR Extension: (Google Play Music) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2019-01-03]
CHR Extension: (EasyVoice Search) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifabnpjjgbggngmgijikmfjkppdhfpgj [2019-01-07]
CHR Extension: (Grammarly for Chrome) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-07-17]
CHR Extension: (Sea Turtle) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgekaffpofmijoelekkemmmelefohain [2019-12-15]
CHR Extension: (MSN New Tab) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llelondjpcjljnjihdflhpclcpbiaiba [2020-05-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-05-28]
CHR Extension: (Office) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2020-06-12]
CHR Extension: (Wikibuy from Capital One) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Trend Micro Toolbar) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2020-05-22]
CHR Extension: (Flash Player   ) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooonkoejkmhiacbhhkdgfeemioceapbh [2019-06-12]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2020-07-15]
CHR Extension: (mp10search) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkloachmagkajpnglbknngaimopgkbd [2019-06-12]
CHR Extension: (Gmail) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-27]
CHR Profile: C:\Users\mckin\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-02]
CHR Profile: C:\Users\mckin\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-17]
CHR HKU\S-1-5-21-3518604814-232533841-1677687598-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0335151.inf_amd64_e5705aeeafa5c2ab\B335002\atiesrxx.exe [481288 2018-11-02] (Advanced Micro Devices, Inc. -> AMD)
R2 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [384032 2019-07-28] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10574728 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
R2 ConsultingMode; C:\Program Files (x86)\Samsung\ConsultingMode\ConsultingModeService.exe [951024 2020-05-18] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\FileSyncHelper.exe [2161016 2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [399296 2019-11-28] (Canon Inc. -> )
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\OneDriveUpdaterService.exe [2513256 2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1127584 2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2792904 2020-02-17] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 Samsung PC Cleaner 2 Service; C:\Program Files\Samsung\Samsung PC Cleaner 2 Service\PCCleaner2Service.exe [1147136 2020-06-02] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 Samsung Settings Expansion Launcher; C:\Program Files\Samsung\SamsungSettings\SamsungSettingsExpLauncher.exe [229232 2020-05-07] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 SamsungRecoveryService; C:\Program Files\Samsung\Recovery\BulletService.exe [479464 2018-06-20] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 SamsungSecurity Launcher; C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityLauncher.exe [2014040 2019-10-21] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 SamsungUpdateService; C:\Program Files\Samsung\SamsungUpdate\SUService.exe [377208 2020-05-21] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 sService Agent Launcher; C:\Program Files\Samsung\sService\sServiceAgentLauncherSvc.exe [412880 2017-10-17] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 sServiceLoopBack; C:\Program Files\Samsung\sService\sServiceLoopBackSvc.exe [47312 2018-02-08] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 TmWscSvc; C:\Program Files\Trend Micro\Titanium\TmWscSvc\TmWscSvc.exe [406440 2019-11-05] (Trend Micro, Inc. -> Trend Micro Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34568 2018-10-03] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54232 2018-10-03] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0335151.inf_amd64_e5705aeeafa5c2ab\B335002\atikmdag.sys [40710656 2018-11-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0335151.inf_amd64_e5705aeeafa5c2ab\B335002\atikmpag.sys [545280 2018-11-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137688 2018-10-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 amdsfhkmdf; C:\WINDOWS\System32\drivers\amdsfhkmdf.sys [33608 2018-07-04] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111080 2018-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131904 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 mxtBootBridge; C:\WINDOWS\System32\drivers\mxtBootBridge.sys [66560 2018-06-26] (Solomon Systech Limited -> Atmel Corporation)
R3 PTPFilter; C:\WINDOWS\System32\drivers\PTPFilter.sys [69440 2018-06-04] (WDKTestCert tguni,131171724190859783 -> Samsung)
R3 SamsungEventController; C:\WINDOWS\System32\drivers\SamsungEventController.sys [41616 2018-05-16] (Samsung Electronics CO., LTD. -> Samsung)
R3 Shci; C:\WINDOWS\System32\drivers\Shci.sys [62448 2018-06-20] (Microsoft Windows Hardware Compatibility Publisher -> Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167232 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [74760 2019-06-04] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [147672 2017-05-10] (Trend Micro, Inc. -> Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [37552 2019-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Trend Micro Inc.)
R1 tmeyes; C:\WINDOWS\system32\DRIVERS\tmeyes.sys [686152 2020-06-07] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [562296 2018-03-07] (Trend Micro, Inc. -> Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [160544 2020-03-27] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [137776 2019-05-03] (Trend Micro, Inc. -> Trend Micro Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
U2 TMAgent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-07-18 09:59 - 2020-07-18 12:28 - 000000000 ____D C:\FRST
2020-07-14 15:00 - 2020-07-14 15:00 - 001617323 _____ C:\Users\mckin\OneDrive\Documents\ahcccs docs july 2020.pdf
2020-07-14 14:56 - 2020-07-14 14:57 - 000160359 _____ C:\Users\mckin\OneDrive\Documents\IMG_20200714_0001.pdf
2020-07-14 11:40 - 2020-07-14 11:40 - 025902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 022641664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 019851776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 018031104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 014820352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 009931576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 008015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 007823912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 007269376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 007012864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 006523856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 006437376 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 006292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 006089512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 005946368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 005765648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 005111808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 005099384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 004565264 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 004129424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 003974368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 003800576 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 003748352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 003743048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 002799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-07-14 11:40 - 2020-07-14 11:40 - 002768984 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 002737664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 002576896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 002087168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001991592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001952880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001821696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001665728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001658368 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001655472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001654304 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001550336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001512960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001477632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001463808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001420328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001397568 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001346048 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001307136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001290192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001284608 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001284608 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001265152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001195008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CBDHSvc.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001100800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 001068544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001048992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001014784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000995840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000967680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000945176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000931840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000895600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000889416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000882184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000882176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000875008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000867840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000844096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000822200 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000797448 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000793320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputHost.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000783488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000779080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000778872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000742712 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000717824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000695208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000685384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000673448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000653824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000628416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000605896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000594992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000582056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.applicationmodel.datatransfer.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000542288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000538664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000518464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000513024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000478296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000467960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000453944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000442096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.Phone.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000406992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000406992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000405944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000380224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000345560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-07-14 11:40 - 2020-07-14 11:40 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000311440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnclient.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Preview.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.ESim.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PickerPlatform.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000268552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000266552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemSettings.DataModel.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000260288 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConsoleLogon.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000247864 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2020-07-14 11:40 - 2020-07-14 11:40 - 000220992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2020-07-14 11:40 - 2020-07-14 11:40 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagSvc.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000199496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000193600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000190056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-07-14 11:40 - 2020-07-14 11:40 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Clipboard.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-07-14 11:40 - 2020-07-14 11:40 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWorkflowService.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000176952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Management.Workplace.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000165840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\useractivitybroker.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWSD.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000150336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintWorkflowService.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Graphics.Display.DisplayEnhancementManagement.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppExtension.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000132408 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWSD.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintWSDAHost.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000086272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sethc.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DiagnosticInvoker.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiverExt.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Graphics.Display.DisplayColorManagement.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemUWPLauncher.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Print.Workflow.Source.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiverExt.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000052152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ResourcePolicyClient.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIMgrBroker.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2020-07-14 11:40 - 2020-07-14 11:40 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWorkflowProxy.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintWorkflowProxy.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.Native.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIManagerBrokerps.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.Native.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-07-14 11:40 - 2020-07-14 11:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-07-14 11:39 - 2020-07-14 11:40 - 007268640 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 017792512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 007917408 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 007850288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 007297536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 006233080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 006169088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 004625192 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-07-14 11:39 - 2020-07-14 11:39 - 004014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 003727360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-07-14 11:39 - 2020-07-14 11:39 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-07-14 11:39 - 2020-07-14 11:39 - 002552120 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 002505496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 002448712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 002357248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 002285056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 002264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 002237096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 002161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 002074112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 002060288 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001946144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001885184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001827328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001723392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001604608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001540608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-07-14 11:39 - 2020-07-14 11:39 - 001392128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001385696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001183744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001151304 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputHost.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-07-14 11:39 - 2020-07-14 11:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001086776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001081344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001055232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001028336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001008960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000958608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000919880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000904192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000821232 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.applicationmodel.datatransfer.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000737792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000684864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000656696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2020-07-14 11:39 - 2020-07-14 11:39 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000608256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-07-14 11:39 - 2020-07-14 11:39 - 000549048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000524784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000513024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.ESim.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000411640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000399672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DataModel.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000392504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000381152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialEnrollmentManager.exe
2020-07-14 11:39 - 2020-07-14 11:39 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PickerPlatform.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnclient.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000340328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.shareexperience.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000311608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2020-07-14 11:39 - 2020-07-14 11:39 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\PasswordEnrollmentManager.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000239928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Workplace.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.CapturePicker.Desktop.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtcModel.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeopleBand.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\useractivitybroker.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2020-07-14 11:39 - 2020-07-14 11:39 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Internal.Input.ExpressiveInput.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppExtension.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Graphics.Display.DisplayEnhancementManagement.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.CapturePicker.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-07-14 11:39 - 2020-07-14 11:39 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000146232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourcePolicyServer.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingExperienceMEM.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredDialogBroker.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CaptureService.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EaseOfAccessDialog.exe
2020-07-14 11:39 - 2020-07-14 11:39 - 000110040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sethc.exe
2020-07-14 11:39 - 2020-07-14 11:39 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticInvoker.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Graphics.Display.DisplayColorManagement.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-07-14 11:39 - 2020-07-14 11:39 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemUWPLauncher.exe
2020-07-14 11:39 - 2020-07-14 11:39 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000076952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialEnrollmentManagerForUser.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000070248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResourcePolicyClient.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000040248 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkPS.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerClient.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2020-07-14 11:39 - 2020-07-14 11:39 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2020-07-14 11:36 - 2020-07-14 11:36 - 008774200 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2020-07-14 11:32 - 2020-07-14 11:33 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-07-14 11:32 - 2020-07-14 11:33 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-07-05 11:30 - 2020-07-17 09:03 - 000000000 ____D C:\Users\mckin\AppData\Roaming\discord
2020-07-05 11:30 - 2020-07-05 11:30 - 000000000 ____D C:\Users\mckin\AppData\Local\Discord
2020-07-05 11:12 - 2020-07-05 11:12 - 000000000 ____D C:\ProgramData\SquirrelMachineInstalls
2020-07-05 10:30 - 2020-07-05 11:30 - 000000000 ____D C:\Users\mckin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-06-30 22:46 - 2020-06-30 22:55 - 000000150 _____ C:\WINDOWS\Reimage.ini
2020-06-28 22:25 - 2020-06-28 22:25 - 000755368 _____ (PC Pitstop LLC ) C:\Users\mckin\Downloads\driveralert2-setup-0008.exe
2020-06-28 22:25 - 2020-06-28 22:25 - 000755368 _____ (PC Pitstop LLC ) C:\Users\mckin\Downloads\driveralert2-setup-0008 (1).exe
2020-06-26 19:10 - 2020-06-26 19:10 - 1143901591 _____ C:\WINDOWS\MEMORY.DMP
2020-06-26 19:10 - 2020-06-26 19:10 - 001772676 _____ C:\WINDOWS\Minidump\062620-8437-01.dmp
2020-06-26 19:10 - 2020-06-26 19:10 - 000000000 ____D C:\WINDOWS\Minidump
2020-06-23 21:17 - 2020-07-17 19:43 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-23 21:17 - 2020-07-17 19:43 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-06-23 21:17 - 2020-07-17 19:43 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-06-23 21:17 - 2020-07-12 10:35 - 000003478 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-23 21:17 - 2020-07-12 10:35 - 000003354 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-23 20:56 - 2020-06-23 20:56 - 000000000 ____D C:\WINDOWS\system32\%commonappdata%
2020-06-20 10:11 - 2020-06-20 10:26 - 000000189 _____ C:\Users\mckin\OneDrive\Documents\Desiree info.txt
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-07-18 12:38 - 2019-03-18 21:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-18 12:38 - 2018-08-31 09:22 - 000000512 _____ C:\Users\Public\amdsfhdcd.bin
2020-07-18 12:35 - 2019-01-04 12:09 - 000000000 ____D C:\Users\mckin\AppData\Local\DP_Tower_3.7
2020-07-18 12:20 - 2019-06-21 15:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-07-18 10:28 - 2019-06-21 16:05 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{82C98F3A-F861-4825-865D-F4A99D1C2801}
2020-07-18 10:26 - 2020-01-30 20:06 - 000000000 ____D C:\Users\mckin\AppData\Roaming\Messenger
2020-07-18 09:35 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-07-18 09:33 - 2019-03-18 21:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-18 08:48 - 2019-06-21 16:06 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-07-18 08:48 - 2019-03-18 21:50 - 000000000 ____D C:\WINDOWS\INF
2020-07-18 08:44 - 2019-03-18 21:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-07-18 08:42 - 2019-01-03 13:40 - 000000000 ___RD C:\Users\mckin\OneDrive
2020-07-18 08:41 - 2019-06-21 16:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-07-18 08:41 - 2019-03-18 21:37 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2020-07-17 09:54 - 2019-01-04 11:46 - 000000000 ____D C:\ProgramData\Trend Micro
2020-07-15 12:57 - 2019-01-04 14:26 - 000000010 _____ C:\Users\mckin\AppData\Local\sponge.last.runtime.cache
2020-07-14 15:04 - 2020-02-13 09:10 - 000000000 ____D C:\ProgramData\CanonIJPLM
2020-07-14 12:24 - 2019-06-21 15:57 - 000447536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-07-14 12:24 - 2018-09-18 18:19 - 000000000 ___RD C:\Users\mckin\3D Objects
2020-07-14 12:24 - 2018-09-01 01:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-07-14 12:23 - 2019-03-18 21:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-07-14 12:23 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-07-14 12:23 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-07-14 12:23 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-07-14 12:23 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-07-14 12:23 - 2019-03-18 21:52 - 000000000 ____D C:\Program Files\Common Files\System
2020-07-14 11:43 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-07-14 11:39 - 2019-06-21 16:05 - 000004564 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-07-14 11:37 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-07-14 11:36 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-07-14 08:49 - 2019-11-21 18:46 - 000000000 ____D C:\WINDOWS\SysWOW64\TmAMSI
2020-07-14 08:49 - 2019-11-21 18:46 - 000000000 ____D C:\WINDOWS\system32\TmAMSI
2020-07-14 08:49 - 2019-09-13 12:07 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2020-07-13 20:31 - 2019-01-03 13:58 - 000000000 ____D C:\Users\mckin\AppData\Local\ElevatedDiagnostics
2020-07-13 10:35 - 2019-09-13 12:07 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2020-07-13 10:35 - 2019-09-13 12:07 - 000002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-11 09:45 - 2019-01-09 22:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-07-09 23:46 - 2019-01-03 13:40 - 000000000 ____D C:\Users\mckin\AppData\Local\PlaceholderTileLogoFolder
2020-07-09 23:46 - 2018-09-18 18:19 - 000000000 ____D C:\Users\mckin\AppData\Local\Packages
2020-07-08 20:42 - 2020-01-22 18:50 - 000000000 ____D C:\Users\mckin\AppData\Local\CrashDumps
2020-07-05 11:30 - 2019-04-29 10:38 - 000000000 ____D C:\Users\mckin\AppData\Local\SquirrelTemp
2020-07-02 20:43 - 2020-02-03 13:45 - 000000000 ____D C:\Users\mckin\OneDrive\Documents\Info from Rick and Gene
2020-06-30 23:06 - 2019-06-21 15:42 - 000000000 ____D C:\Users\mckin
2020-06-22 12:36 - 2019-01-03 20:26 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories ========
 
2019-01-04 11:51 - 2020-01-22 11:27 - 000000036 _____ () C:\Users\mckin\AppData\Local\housecall.guid.cache
2019-01-04 14:26 - 2020-07-15 12:57 - 000000010 _____ () C:\Users\mckin\AppData\Local\sponge.last.runtime.cache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by mckinnik (18-07-2020 12:39:24)
Running from C:\Users\mckin\OneDrive\Desktop
Windows 10 Home Version 1903 18362.959 (X64) (2019-06-21 23:05:10)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3518604814-232533841-1677687598-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3518604814-232533841-1677687598-503 - Limited - Disabled)
Guest (S-1-5-21-3518604814-232533841-1677687598-501 - Limited - Disabled)
mckinnik (S-1-5-21-3518604814-232533841-1677687598-1002 - Administrator - Enabled) => C:\Users\mckin
WDAGUtilityAccount (S-1-5-21-3518604814-232533841-1677687598-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Internet Security (Enabled - Up to date) {AFEE279F-FAE7-BAEE-3A88-4BF7277B8551}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro Internet Security (Enabled - Up to date) {90387C74-1C56-9484-893C-8ADCB2906C3D}
AS: Trend Micro Internet Security (Enabled - Up to date) {2B599D90-3A6C-9B0A-B38C-B1AEC9172680}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.403 - Adobe)
Amazon Kindle (HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\Amazon Kindle) (Version: 1.27.0.56109 - Amazon)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.5.3 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.00.1.51 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.4.0.16 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.2.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Canon TS6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS6100_series) (Version: 1.02 - Canon Inc.)
Canon TS6100 series On-screen Manual (HKLM-x32\...\Canon TS6100 series On-screen Manual) (Version: 1.1.0 - Canon Inc.)
ColorEngine (HKLM\...\{0B48E952-494A-408B-8D9D-5F3331F96659}) (Version: 5.0 - Samsung Electronics Co., Ltd.)
Consulting Mode Touchpad Driver (HKLM\...\ConsultingMode TPDriver) (Version: 20.0.0.24 - Samsung Electronics Co., Ltd.)
CyberLink Media Suite 15 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 15.0 - CyberLink Corp.)
Discord (HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\Discord) (Version: 0.0.306 - Discord Inc.)
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
G-Force (HKLM-x32\...\G-Force) (Version: 5.8.3 - SoundSpectrum)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\GrammarlyForWindows) (Version: 1.5.61 - Grammarly)
Media Player 10 (HKLM-x32\...\Media Player 10) (Version: 10.0.0 - CodeTechno)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13001.20266 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.40 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
ODD Auto Firmware Update (HKLM-x32\...\{3DD8DB1B-20D0-447C-940A-1306B3931FED}) (Version: 1.0.1807.2501 - Hitachi-LG Data Storage, Inc.)
OEM Application Profile (HKLM-x32\...\{C6D87295-79C5-FB7D-04F1-41EC66F05409}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13001.20266 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
Online Support(S Service) Agent (HKLM\...\{11F387C2-0BE2-489A-A9C1-8FB1FEE475B9}) (Version: 2.2.1 - Samsung Electronics Co., Ltd.)
Printer Registration (HKLM-x32\...\Canon EISRegistration) (Version: 1.5.0 - Canon Inc.)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10487 - Qualcomm)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.825 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8673 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.24.326.2018 - Realtek)
Samsung Consulting Mode FN Key Driver (HKLM-x32\...\{3A1164B8-D634-48C2-A638-7EC4F0CC1B73}) (Version: 1.1.31 - Samsung Electronics Co., Ltd.)
Samsung DPI Configuration (HKLM-x32\...\{5370467A-26B3-44BF-B7C5-97687E77B520}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Samsung PC Cleaner 2 Service (HKLM\...\{EF853EE0-71B9-4487-AB5A-F8ADE89E6E37}) (Version: 2.0.18 - Samsung Electronics Co., Ltd.)
Samsung Recovery Service (HKLM\...\{A942FE64-54BE-4787-A336-C0674F50A118}) (Version: 8.0.31 - Samsung Electronics Co., Ltd.)
Samsung S Service Notification (HKLM\...\{DA145588-7B19-43DD-BC08-90E7E6F60CF2}) (Version: 1.0.3 - Samsung Electronics Co., Ltd.)
Samsung Security (HKLM-x32\...\{4466950A-EE3E-47FD-A7BA-53E0DE343C38}) (Version: 1.00.40 - Samsung Electronics Co., Ltd.)
Samsung Settings Expansion Pack (HKLM\...\{AD77583A-D644-4058-9132-C0D9CA524460}) (Version: 1.0.49 - Samsung Electronics Co., Ltd.)
Samsung Update Service (HKLM\...\{04EC561D-6EC8-457F-B200-3820228179DF}) (Version: 3.0.51 - Samsung Electronics Co., Ltd.)
Synamedia VideoGuard Player (HKLM-x32\...\{c04440a1-d5cb-4d2e-9a36-c3b8266b3f7c}) (Version: 13.0 - Synamedia)
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 16.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 5.0.0.1092 - Trend Micro Inc.)
Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0 - Trend Micro Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
User Manual (HKLM-x32\...\{815B858E-ED12-495C-B603-37129A7C5832}) (Version: 1.1.00 - Samsung Electronics Co., Ltd.)
Voice Note (HKLM\...\{4BB006D8-F513-4184-956D-1DC334D580A9}) (Version: 1.0.12 - Samsung Electronics Co., Ltd.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0-2) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Wi-Fi Camera (HKLM\...\{EF3E6EB4-DCD9-4EBC-9889-17AF4DDB0A50}) (Version: 1.0 - Samsung Electronics Co., Ltd)
Windows Driver Package - CanvasBio (WUDFRd) Biometric  (04/09/2019 2.1.36.882) (HKLM\...\1658B0FBC6E68B43B8BC17E4C4A550D54DEEFA31) (Version: 04/09/2019 2.1.36.882 - CanvasBio)
Zoom (HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
 
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-19] (Amazon.com)
Amazon Music -> C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_7.12.0.0_x86__kc6t79cpj4tp0 [2020-06-12] (AMZN Mobile LLC)
Community Showcase Dramatic Skies -> C:\Program Files\WindowsApps\Microsoft.CommunityShowcaseDramaticSkies_1.0.0.0_neutral__8wekyb3d8bbwe [2019-06-22] (Microsoft Corporation)
Cosmic Beauty -> C:\Program Files\WindowsApps\Microsoft.CosmicBeauty_1.0.0.0_neutral__8wekyb3d8bbwe [2019-02-18] (Microsoft Corporation)
Emoji Stickers HD -> C:\Program Files\WindowsApps\22227CandleLight.EmojiStickersHD_1.1.0.1_x86__4f4e294qr27gg [2020-04-26] (ClipinApps) [MS Ad]
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-11-12] (Facebook Inc)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-01-03] (Fitbit)
Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.5.0_neutral__fphbd361v8tya [2019-11-22] (Hulu.)
Hummingbirds by Desiree Skatvold -> C:\Program Files\WindowsApps\Microsoft.HummingbirdsbyDesireeSkatvold_1.0.0.0_neutral__8wekyb3d8bbwe [2020-02-04] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-03-04] (Instagram)
Link Sharing -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.1412377A9806A_1.1.39.0_x64__3c1yjt4zspk6g [2020-06-12] (Samsung Electronics Co. Ltd.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-01-03] (LinkedIn)
Little Artist -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.LittleArtist_1.1.13.0_neutral__3c1yjt4zspk6g [2018-08-31] (Samsung Electronics Co. Ltd.)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_590.6.119.0_x64__8xx8rvfyw5nnt [2020-07-12] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-09] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-01] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-30] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-16] (Netflix, Inc.)
Online Support(S Service) -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.OnlineSupportSService_2.4.32.0_x64__3c1yjt4zspk6g [2019-11-27] (Samsung Electronics Co. Ltd.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-06-22] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-08] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.19.1.0_x64__nfy108tqq3p12 [2020-07-07] (Thumbmunkeys Ltd)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.205.0_x64__dt26b99r8h8gj [2020-01-11] (Realtek Semiconductor Corp)
Samsung Gallery -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.PCGallery_4.1.27.0_x64__3c1yjt4zspk6g [2020-07-14] (Samsung Electronics Co. Ltd.)
Samsung Notes -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungNotes_3.10.382.0_x64__wyx1vj98g3asy [2020-07-01] (Samsung Electronics Co, Ltd.)
Samsung PC Cleaner -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPCCleaner_2.0.18.0_x64__3c1yjt4zspk6g [2020-06-16] (Samsung Electronics Co. Ltd.)
Samsung Recovery -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungRecovery_8.1.25.0_x64__3c1yjt4zspk6g [2020-07-07] (Samsung Electronics Co. Ltd.)
Samsung Settings -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungSettings_1.0.49.0_x64__3c1yjt4zspk6g [2020-07-16] (Samsung Electronics Co. Ltd.)
Samsung Update -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungUpdate_3.0.54.0_x64__3c1yjt4zspk6g [2020-07-01] (Samsung Electronics Co. Ltd.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c [2020-07-16] (Skype) [Startup Task]
smiling creatures -> C:\Program Files\WindowsApps\Microsoft.smilingcreatures_1.0.0.0_neutral__8wekyb3d8bbwe [2019-11-29] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0 [2020-07-10] (Spotify AB) [Startup Task]
Studio Plus -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.StudioPlus_3.2.3.0_x64__3c1yjt4zspk6g [2020-06-02] (Samsung Electronics Co. Ltd.)
teamPL -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.873506AC0B4C_2.1.7.0_x64__3c1yjt4zspk6g [2020-06-20] (Samsung Electronics Co. Ltd.)
The Butterfly -> C:\Program Files\WindowsApps\Microsoft.TheButterfly_1.0.0.0_neutral__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation)
TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.7.0_x64__6bhtb546zcxnj [2020-07-09] (TuneIn) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2019-02-27] (Twitter Inc.)
Wi-Fi Transfer -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.Wi-FiTransfer_2.0.26.0_x64__3c1yjt4zspk6g [2019-01-03] (Samsung Electronics Co. Ltd.)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.82.0_x64__qt5r5pa5dyg8m [2019-12-22] (WildTangent Games)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3518604814-232533841-1677687598-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\mckin\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3518604814-232533841-1677687598-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\mckin\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3518604814-232533841-1677687598-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\mckin\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3518604814-232533841-1677687598-1002_Classes\CLSID\{e0d836c8-9ae5-4c36-b2ee-4bab5c2a6637}\localserver32 -> C:\Program Files\Samsung\SServiceNotification\SServiceToast.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
ShellIconOverlayIdentifiers: [       OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [       OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [       OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [       OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [       OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [       OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [       OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [      FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
ShellIconOverlayIdentifiers: [    FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2018-07-04] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2018-07-04] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.114.0607.0002\amd64\FileSyncShell64.dll [2020-07-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2018-04-24 22:09 - 2018-04-24 22:09 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 22:09 - 2018-04-24 22:09 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-04 12:09 - 2017-01-26 12:35 - 001078272 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\ffmpeg.dll
2019-01-04 12:09 - 2017-02-23 01:31 - 000079872 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\libegl.dll
2019-01-04 12:09 - 2017-02-23 01:31 - 001922560 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\libglesv2.dll
2019-01-04 12:09 - 2017-02-23 01:31 - 004834816 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\node.dll
2020-02-13 09:23 - 2016-10-21 16:06 - 000318976 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2020-02-13 09:23 - 2016-12-01 09:23 - 000219648 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2020-02-13 09:23 - 2016-12-09 11:09 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2020-02-13 09:23 - 2016-12-09 11:09 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2020-02-13 09:27 - 2017-07-05 13:43 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2020-02-13 09:27 - 2017-07-05 13:49 - 000593920 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2020-04-19 13:45 - 2020-04-19 13:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvSubsystems32.dll
2020-04-19 13:45 - 2020-04-19 13:45 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2018-02-02 14:52 - 2018-02-02 14:52 - 001809920 _____ (SAMSUNG Electronics CO., LTD.) [File not signed] C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\HookDllUSB.DLL
2019-01-04 12:09 - 2017-02-23 01:31 - 068185600 _____ (The NWJS Community) [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\nw.dll
2019-01-04 12:09 - 2017-02-23 01:31 - 000421888 _____ (The NWJS Community) [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\nw_elf.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 001136128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2018-10-26 16:46 - 2018-10-26 16:46 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000139264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 22:09 - 2018-04-24 22:09 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\mckin\Downloads\driveralert2-setup-0008 (1).exe:SmartScreen [7]
AlternateDataStreams: C:\Users\mckin\Downloads\driveralert2-setup-0008.exe:SmartScreen [7]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\trendmicro.com -> hxxps://pwm.trendmicro.com
IE trusted site: HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\trendmicro.com -> hxxps://pwm.trendmicro.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-11 16:38 - 2018-04-11 16:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2019-05-14 12:06 - 2019-11-03 18:44 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\mckin\OneDrive\Desktop\Karen Phone July 2020\Resized_20200625_065403_5446.jpeg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-3518604814-232533841-1677687598-1002\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{6554C876-B991-4972-92CB-BE84312CBDF1}C:\program files\windowsapps\samsungelectronicsco.ltd.873506ac0b4c_2.1.3.0_x64__3c1yjt4zspk6g\teamplapp\teamplapp.exe] => (Block) C:\program files\windowsapps\samsungelectronicsco.ltd.873506ac0b4c_2.1.3.0_x64__3c1yjt4zspk6g\teamplapp\teamplapp.exe => No File
FirewallRules: [TCP Query User{7FE50A23-3902-44B4-A378-DC24CDB5DE49}C:\program files\windowsapps\samsungelectronicsco.ltd.873506ac0b4c_2.1.3.0_x64__3c1yjt4zspk6g\teamplapp\teamplapp.exe] => (Block) C:\program files\windowsapps\samsungelectronicsco.ltd.873506ac0b4c_2.1.3.0_x64__3c1yjt4zspk6g\teamplapp\teamplapp.exe => No File
FirewallRules: [{96B7C538-2A89-40E4-82C6-29A28CAD1EFA}] => (Allow) C:\MfgDiag\DiagTools\DiagResultCheck\AMTMonitor.exe => No File
FirewallRules: [{E9AD6484-ADD3-4B9E-9939-664FDFED3022}] => (Allow) C:\MfgDiag\DiagTools\DiagResultCheck\AMTMonitor.exe => No File
FirewallRules: [{2259945C-C8D9-435C-865C-F564AF75F1E0}] => (Allow) C:\Program Files\Samsung\WiFiCamera\WiFiCameraAgent.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd)
FirewallRules: [{D28751EF-EFB6-4877-8D1D-9A45213D5875}] => (Allow) C:\Program Files\Samsung\WiFiCamera\WiFiCameraAgent.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd)
FirewallRules: [{CCD88D4A-48B3-478B-88BB-675876766AA4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{44771117-3684-48CC-B5CB-2C2F0ED4C124}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{4DF42555-3310-4005-A07D-9352DC8DC2EC}] => (Allow) C:\Users\mckin\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7F77F24A-AC53-439D-9179-B4EF8C447CF6}] => (Allow) C:\Users\mckin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BE4647DA-D70B-4342-9559-E2469DB80B26}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D70B709A-226F-48EB-B1D9-F99131CA6A48}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{96FCF8A9-5AC5-4447-8FCC-894F88BFA180}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{5CB7B2F8-49A7-4F62-880F-60A85266433C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe => No File
FirewallRules: [{ABD00314-CE64-4271-8A8D-2234BD9E5C76}] => (Allow) C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_7.12.0.0_x86__kc6t79cpj4tp0\Amazon Music Helper.exe (Amazon.com Services LLC) [File not signed]
FirewallRules: [{46150459-005A-4BD1-B4EE-2B3EFC0A11A8}] => (Allow) C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_7.12.0.0_x86__kc6t79cpj4tp0\Amazon Music Helper.exe (Amazon.com Services LLC) [File not signed]
FirewallRules: [{B3F328F9-D623-4C05-8386-8A0EC63FDC9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D82439A0-3DAC-4A42-B8B6-999D755663FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BD349D31-5D3C-4FDD-8478-3A136A02F263}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E4C00DE7-E3BD-43B2-9354-CAEC6DD6ED1D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A9C76532-83CB-4FBB-BDB0-4688A4A60407}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E10AE639-0C24-47AD-9131-688E3BCC28C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D44A6BB3-C355-4B42-89BF-3678A1CD77EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7DA0BB1E-04C0-448D-A376-A532FD319762}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D697FFA7-F480-4FAE-9AE8-C095270BEFF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C182776E-C383-4D02-A89B-F98CBB086137}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{560EBDC1-2D05-49AE-8373-7ED5E92081A8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{43C874D4-6104-4606-B4F4-EFDE848C3BCA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{52EB4112-FDA1-4CFB-A218-E131B031A14D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{77296F64-E065-46F0-8B18-6231EA3FDDD0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
17-07-2020 09:24:16 Installed Samsung PC Cleaner 2 Service
18-07-2020 08:45:12 PCCleaner2_Init
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/18/2020 04:47:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12656,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (07/18/2020 04:33:50 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (18360,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (07/18/2020 04:14:52 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6052,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (07/18/2020 03:35:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2448,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (07/18/2020 03:20:25 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7656,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (07/18/2020 02:43:31 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13184,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (07/18/2020 02:27:31 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (17944,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (07/18/2020 02:12:44 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3788,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
 
System errors:
=============
Error: (07/18/2020 04:42:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GLBDK8Q)
Description: The server Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (07/18/2020 04:04:22 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GLBDK8Q)
Description: The server Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (07/18/2020 02:42:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GLBDK8Q)
Description: The server Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (07/18/2020 02:05:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GLBDK8Q)
Description: The server Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (07/18/2020 01:42:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GLBDK8Q)
Description: The server Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (07/18/2020 12:42:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GLBDK8Q)
Description: The server Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (07/18/2020 11:42:14 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GLBDK8Q)
Description: The server Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (07/18/2020 10:42:14 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GLBDK8Q)
Description: The server Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
 
Date: 2020-07-18 15:20:29.922
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trend Micro\Titanium\TmWscSvc\WSCHandler.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-07-18 15:20:29.910
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trend Micro\Titanium\TmWscSvc\WSCHandler.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-07-18 15:20:29.893
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\TmAMSI\TmAMSIProvider64.dll that did not meet the Windows signing level requirements.
 
Date: 2020-07-18 08:52:34.168
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trend Micro\Titanium\TmWscSvc\WSCHandler.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-07-18 08:52:34.158
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trend Micro\Titanium\TmWscSvc\WSCHandler.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-07-18 08:52:34.146
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\TmAMSI\TmAMSIProvider64.dll that did not meet the Windows signing level requirements.
 
Date: 2020-07-18 08:44:02.809
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trend Micro\Titanium\TmWscSvc\WSCHandler.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-07-18 08:44:02.796
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trend Micro\Titanium\TmWscSvc\WSCHandler.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. P03AGV.032.180928.MK 09/28/2018
Motherboard: SAMSUNG ELECTRONICS CO., LTD. NP750QUA-K01US
Processor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx 
Percentage of memory in use: 71%
Total physical RAM: 7124.73 MB
Available physical RAM: 2038.45 MB
Total Virtual: 12244.73 MB
Available Virtual: 3650.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:104.98 GB) (Free:56.57 GB) NTFS
 
\\?\Volume{cd002f0c-53e1-465f-a508-a28de4924fcf}\ (Windows RE tools) (Fixed) (Total:0.83 GB) (Free:0.44 GB) NTFS
\\?\Volume{6216a8e1-49cb-4111-931f-58d4be76e3f6}\ (SAMSUNG_REC2) (Fixed) (Total:12.16 GB) (Free:1.71 GB) NTFS
\\?\Volume{061a3a5f-c789-49ed-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.45 GB) FAT32
\\?\Volume{e95332c2-2ab8-4ca3-acb3-1e52a5db9457}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 26EA9241)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,004 posts
  • MVP

Multiple replies are OK.  Best to post a log as you get it.

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  


Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it.


  • 0






Similar Topics


Also tagged with one or more of these keywords: #possible virus, #malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP