Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05.2019 Ran by SLR (administrator) on SWEETIE-DAHLING (Dell Inc. Inspiron 15-5578) (09-05-2019 09:23:53) Running from C:\Users\SLR\Desktop Loaded Profiles: SLR (Available Profiles: defaultuser0 & SLR) Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHeciSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\pcdrwi.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe (Rivet Networks LLC -> DELL) C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe (Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe (Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] (Samsung Electronics CO., LTD. -> ) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9080848 2016-11-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Cm106Sound] => C:\WINDOWS\Syswow64\cm106.dll [8146944 2009-09-07] (C-Media Corporation) [File not signed] HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-01-09] (Intel(R) Rapid Storage Technology -> Intel Corporation) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [File not signed] ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {059743D8-DEA2-4BD4-B3B7-E3C52D4B5D6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) Task: {27649C89-CF5F-48DF-994B-071D6745970C} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1662200 2019-02-27] (Corel Corporation -> Corel Corporation) Task: {3916BD1A-8130-49EF-B4E3-CEAEC78B8861} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1480712 2016-11-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {3D1F9A80-1F84-4290-8628-6F5803813313} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) Task: {46E98259-5F4E-42C6-BE6E-E5F11EF3AC49} - System32\Tasks\AdobeAAMUpdater-1.0-SWEETIE-DAHLING-SLR => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {78E1E5B7-344C-403E-897F-279BD8DAE614} - System32\Tasks\AdobeGCInvoker-1.0-SWEETIE-DAHLING-SLR => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) Task: {921D0334-EE50-48C7-B84D-96C6E4B441E3} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1512920 2019-04-10] (Dell Inc. -> Dell Inc.) Task: {A29D8E7C-F709-4680-82E3-C9BAACEA7EBE} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [30912 2018-03-20] (Rivet Networks LLC -> DELL) Task: {A6C95916-A3C7-4017-A5A7-038159157E1D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_pepper.exe [1453056 2019-03-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {C564F9F6-6B82-4081-AD39-FFED46B62ED7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-24] (Adobe Inc. -> Adobe) Task: {CD0D13CB-4BBD-4A8D-B132-783FA3B843DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) Task: {E820D6EA-ECBE-4C20-801B-42AC8C16E611} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) Task: {EFE96584-B90A-4005-9EC1-06F2C2BA25A8} - System32\Tasks\CorelUpdateHelperTask-1C4DFC7D611817B5DCBA6F1534EDCCAD => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1662200 2019-02-27] (Corel Corporation -> Corel Corporation) Task: {F340ECBA-14FC-4064-A477-16565FB29A8A} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{be89aef4-2958-4da1-b090-dcdd4863c654}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) FireFox: ======== FF DefaultProfile: qdl081mj.default-1556135615430 FF ProfilePath: C:\Users\SLR\AppData\Roaming\Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430 [2019-05-09] FF Homepage: Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430 -> luckychix.com FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\SLR\AppData\Roaming\Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-07] FF Extension: (Baidu Search Update) - C:\Users\SLR\AppData\Roaming\Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430\features\{203ce667-f0a1-46ec-8956-cb491fe77901}\baidu-code-update@mozillaonline.com.xpi [2019-05-08] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-24] (Adobe Inc. -> ) FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-24] (Adobe Inc. -> ) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2019-02-28] (Dell Inc -> Dell Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3363824 2019-02-28] (Dell Inc -> Dell Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2019-02-28] (Dell Inc -> Dell Inc.) R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe [1038144 2019-04-23] (PC-Doctor, Inc. -> PC-Doctor, Inc.) R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [27136 2018-08-02] (Sanford, L.P.) [File not signed] R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-21] (Intel Corporation -> Intel Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17464 2019-01-09] (Intel(R) Rapid Storage Technology -> Intel Corporation) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation) S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-08] (Intel(R) Trust Services -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-22] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) S3 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [7286880 2019-02-09] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.) R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-03-20] (Rivet Networks LLC -> CloudBees, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [329736 2016-11-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor) R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2018-11-29] (Samsung Electronics CO., LTD. -> ) R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks LLC -> Rivet Networks) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39896 2019-04-10] (Dell Inc. -> Dell Inc.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation) S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-04-10] (Bluestack Systems, Inc. -> Bluestack System Inc. ) R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [40824 2019-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-21] (Intel Corporation -> Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69536 2017-11-21] (Intel Corporation -> Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382880 2017-11-21] (Intel Corporation -> Intel Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-04-27] (Malwarebytes Corporation -> Malwarebytes) R1 Eve; C:\WINDOWS\system32\DRIVERS\eve.sys [41304 2015-01-21] (VSO-SOFTWARE -> ) R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63496 2017-01-12] (Intel(R) Software -> Intel Corporation) R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [31328 2016-08-10] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel) R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017312 2019-01-09] (Intel(R) Rapid Storage Technology -> Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [143984 2016-09-19] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel) R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [80496 2016-08-18] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-05-02] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-05-08] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-05-08] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-08] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-05-08] (Malwarebytes Corporation -> Malwarebytes) R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.) R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8623128 2018-04-04] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [436224 2016-12-15] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3149824 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks LLC -> Rivet Networks, LLC.) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 USBMULCD; C:\WINDOWS\system32\drivers\CM10664.sys [1307648 2009-10-01] (Microsoft Windows Hardware Compatibility Publisher -> C-Media Electronics Inc) R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel(R) Software -> Intel Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-09 09:23 - 2019-05-09 09:24 - 000022913 _____ C:\Users\SLR\Desktop\FRST.txt 2019-05-08 19:54 - 2019-05-08 19:54 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-05-08 19:54 - 2019-05-08 19:54 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-05-08 19:54 - 2019-05-08 19:54 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-05-08 19:54 - 2019-05-08 19:54 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-05-08 19:34 - 2019-05-08 19:34 - 002430976 _____ (Farbar) C:\Users\SLR\Desktop\FRST64.exe 2019-05-08 13:25 - 2019-05-08 13:25 - 000195307 _____ C:\Users\SLR\Desktop\SWEETIE-DAHLING.txt 2019-05-08 13:25 - 2019-05-08 13:25 - 000023966 _____ C:\Users\SLR\Desktop\SWEETIE-DAHLING.speccy 2019-05-08 13:22 - 2015-01-22 16:55 - 007088408 _____ (Piriform Ltd) C:\Users\SLR\Desktop\Speccy64.exe 2019-05-08 13:21 - 2019-05-08 13:21 - 005381587 _____ C:\Users\SLR\Downloads\spsetup128.zip 2019-05-08 08:54 - 2019-05-08 13:12 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-05-07 15:09 - 2019-05-07 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 2018 (64-bit) 2019-05-07 13:20 - 2019-05-07 13:21 - 000000000 ____D C:\Users\SLR\Desktop\older scans 2019-05-07 10:18 - 2019-05-07 10:18 - 000000000 ____D C:\Users\SLR\AppData\Local\ESET 2019-05-07 10:16 - 2019-05-07 10:15 - 007657592 _____ (ESET spol. s r.o.) C:\Users\SLR\Desktop\esetonlinescanner_enu.exe 2019-05-07 10:15 - 2019-05-07 10:15 - 007657592 _____ (ESET spol. s r.o.) C:\Users\SLR\Downloads\esetonlinescanner_enu.exe 2019-05-07 09:51 - 2019-05-07 09:55 - 000000000 ____D C:\AdwCleaner 2019-05-07 09:48 - 2019-05-07 09:45 - 007025360 _____ (Malwarebytes) C:\Users\SLR\Desktop\AdwCleaner.exe 2019-05-07 09:45 - 2019-05-07 09:45 - 007025360 _____ (Malwarebytes) C:\Users\SLR\Downloads\AdwCleaner.exe 2019-05-06 17:24 - 2019-05-09 08:55 - 000000000 ____D C:\Users\SLR\Desktop\FRST-OlderVersion 2019-05-06 15:39 - 2019-05-08 19:54 - 033292288 _____ C:\WINDOWS\system32\config\SYSTEM 2019-05-06 15:38 - 2019-05-06 15:39 - 032243712 _____ C:\WINDOWS\system32\config\HARDWARE 2019-05-06 11:08 - 2019-05-06 11:08 - 000001396 _____ C:\Users\SLR\Downloads\fixlist(1).txt 2019-05-06 11:08 - 2019-05-06 11:08 - 000000000 _____ C:\Users\SLR\Downloads\fixlist.txt 2019-05-03 15:29 - 2019-05-03 15:29 - 054149296 _____ (MiniTool Software Limited ) C:\Users\SLR\Downloads\pw11-pro-demo.exe 2019-05-03 15:18 - 2019-05-07 10:52 - 000000000 ____D C:\Users\SLR\Downloads\b from Babel 2019-05-03 11:54 - 2019-05-03 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2019-05-03 11:54 - 2019-05-03 11:54 - 000000000 ____D C:\Program Files\7-Zip 2019-05-02 19:33 - 2019-05-02 19:33 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-05-02 19:03 - 2019-05-02 19:03 - 000319024 _____ C:\active_protection.txt 2019-05-02 17:10 - 2019-05-09 09:23 - 000000000 ____D C:\FRST 2019-05-02 16:26 - 2019-05-03 12:38 - 000062256 ____H C:\Users\SLR\AppData\Local\IconCache.db.backup 2019-05-02 15:58 - 2019-05-02 15:58 - 000000489 _____ C:\Users\SLR\Documents\email.txt 2019-05-02 13:43 - 2019-05-02 13:43 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-05-01 17:52 - 2019-05-01 17:52 - 000001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk 2019-05-01 17:51 - 2019-05-01 17:51 - 009834432 _____ (Martin Prikryl ) C:\Users\SLR\Downloads\WinSCP-5.15.1-Setup.exe 2019-05-01 17:14 - 2019-05-01 17:14 - 000000000 ____D C:\Users\Public\BlueStacks 2019-05-01 14:15 - 2019-05-01 19:22 - 000000000 ____D C:\Users\SLR\Downloads\a transfer 2019-05-01 13:12 - 2019-05-02 15:58 - 000000000 ____D C:\Users\SLR\Documents\TCB 2019-05-01 13:09 - 2019-05-02 16:46 - 000001140 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt 2019-05-01 12:32 - 2019-05-01 12:32 - 000001114 _____ C:\Users\SLR\Documents\hosts.txt 2019-04-29 18:36 - 2019-04-29 18:36 - 000000218 _____ C:\Users\SLR\AppData\Local\recently-used.xbel 2019-04-29 13:27 - 2019-04-29 13:27 - 000000000 ____D C:\Users\SLR\AppData\Roaming\inkscape 2019-04-29 13:27 - 2019-04-29 13:27 - 000000000 ____D C:\Users\SLR\AppData\Local\fontconfig 2019-04-29 12:30 - 2019-04-29 13:30 - 000000000 ____D C:\Users\SLR\Downloads\inkscape 2019-04-29 12:29 - 2019-04-29 12:30 - 063666130 _____ C:\Users\SLR\Downloads\inkscape-0.92.4-x64.7z 2019-04-29 11:00 - 2019-05-06 13:26 - 001048576 _____ C:\WINDOWS\system32\secedit.sdb 2019-04-29 11:00 - 2019-05-06 13:26 - 000016384 _____ C:\WINDOWS\system32\secedit.jfm 2019-04-28 12:56 - 2019-05-02 17:52 - 005814992 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-04-27 10:10 - 2019-04-29 17:57 - 000026328 _____ C:\Users\SLR\Documents\S.ReinekeCV.odt 2019-04-24 17:42 - 2019-04-27 09:43 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2019-04-24 17:41 - 2019-04-24 17:46 - 000000000 ____D C:\ProgramData\HitmanPro 2019-04-24 16:45 - 2019-04-24 17:41 - 011515648 _____ (SurfRight B.V.) C:\Users\SLR\Downloads\HitmanPro_x64.exe 2019-04-24 16:41 - 2019-04-24 16:41 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\SLR\Downloads\rkill.exe 2019-04-24 15:53 - 2019-05-08 09:21 - 000001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2019-04-24 14:56 - 2019-04-24 14:57 - 000000000 ____D C:\Users\SLR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup 2019-04-24 14:49 - 2019-05-07 09:40 - 000003332 _____ C:\WINDOWS\System32\Tasks\CorelUpdateHelperTask-1C4DFC7D611817B5DCBA6F1534EDCCAD 2019-04-24 11:38 - 2019-04-01 13:51 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-04-24 11:38 - 2019-04-01 13:51 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-04-23 14:01 - 2019-04-29 20:14 - 000000000 ____D C:\Users\SLR\Downloads\marsall project 2019-04-23 13:42 - 2019-04-29 20:02 - 000000000 ____D C:\Users\SLR\Downloads\S Portfolio 2019-04-23 13:29 - 2019-04-02 08:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-04-23 13:29 - 2019-04-02 08:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-04-23 13:29 - 2019-04-02 05:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-04-23 13:29 - 2019-04-02 05:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-04-23 13:29 - 2019-04-02 04:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-04-23 13:29 - 2019-04-02 04:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-04-23 13:29 - 2019-04-02 04:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-04-23 13:29 - 2019-04-02 03:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-04-23 13:29 - 2019-04-02 03:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-04-23 13:29 - 2019-04-02 03:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-04-23 13:29 - 2019-04-02 03:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-04-23 13:29 - 2019-04-02 01:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-04-23 13:29 - 2019-04-02 00:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-04-23 13:29 - 2019-04-02 00:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-04-23 13:29 - 2019-04-02 00:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-04-23 13:29 - 2019-03-14 04:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-04-23 13:29 - 2019-03-14 04:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-04-23 13:29 - 2019-03-14 04:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-04-23 13:29 - 2019-03-14 03:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-04-23 13:29 - 2019-03-14 03:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2019-04-23 13:29 - 2019-03-14 03:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-04-23 13:29 - 2019-03-14 03:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2019-04-23 13:29 - 2019-03-14 03:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2019-04-23 13:28 - 2019-04-02 08:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-04-23 13:28 - 2019-04-02 08:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-04-23 13:28 - 2019-04-02 08:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-04-23 13:28 - 2019-04-02 08:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-04-23 13:28 - 2019-04-02 08:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-04-23 13:28 - 2019-04-02 08:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2019-04-23 13:28 - 2019-04-02 08:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll 2019-04-23 13:28 - 2019-04-02 08:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-04-23 13:28 - 2019-04-02 08:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-04-23 13:28 - 2019-04-02 08:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-04-23 13:28 - 2019-04-02 08:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2019-04-23 13:28 - 2019-04-02 08:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-04-23 13:28 - 2019-04-02 08:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2019-04-23 13:28 - 2019-04-02 08:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll 2019-04-23 13:28 - 2019-04-02 05:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-04-23 13:28 - 2019-04-02 05:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2019-04-23 13:28 - 2019-04-02 05:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2019-04-23 13:28 - 2019-04-02 05:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll 2019-04-23 13:28 - 2019-04-02 05:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-04-23 13:28 - 2019-04-02 05:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2019-04-23 13:28 - 2019-04-02 05:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-04-23 13:28 - 2019-04-02 04:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-04-23 13:28 - 2019-04-02 04:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-04-23 13:28 - 2019-04-02 04:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-04-23 13:28 - 2019-04-02 04:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-04-23 13:28 - 2019-04-02 04:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-04-23 13:28 - 2019-04-02 04:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-04-23 13:28 - 2019-04-02 04:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-04-23 13:28 - 2019-04-02 04:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-04-23 13:28 - 2019-04-02 04:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2019-04-23 13:28 - 2019-04-02 04:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-04-23 13:28 - 2019-04-02 04:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2019-04-23 13:28 - 2019-04-02 04:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-04-23 13:28 - 2019-04-02 04:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-04-23 13:28 - 2019-04-02 04:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-04-23 13:28 - 2019-04-02 03:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-04-23 13:28 - 2019-04-02 03:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2019-04-23 13:28 - 2019-04-02 03:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-04-23 13:28 - 2019-04-02 03:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-04-23 13:28 - 2019-04-02 03:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2019-04-23 13:28 - 2019-04-02 03:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-04-23 13:28 - 2019-04-02 03:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-04-23 13:28 - 2019-04-02 03:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-04-23 13:28 - 2019-04-02 03:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-04-23 13:28 - 2019-04-02 03:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2019-04-23 13:28 - 2019-04-02 03:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-04-23 13:28 - 2019-04-02 03:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2019-04-23 13:28 - 2019-04-02 03:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2019-04-23 13:28 - 2019-04-02 03:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-04-23 13:28 - 2019-04-02 02:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2019-04-23 13:28 - 2019-04-02 01:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-04-23 13:28 - 2019-04-02 01:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-04-23 13:28 - 2019-04-02 01:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-04-23 13:28 - 2019-04-02 01:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2019-04-23 13:28 - 2019-04-02 00:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-04-23 13:28 - 2019-04-02 00:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-04-23 13:28 - 2019-04-02 00:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2019-04-23 13:28 - 2019-04-02 00:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll 2019-04-23 13:28 - 2019-04-02 00:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2019-04-23 13:28 - 2019-04-02 00:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2019-04-23 13:28 - 2019-04-02 00:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-04-23 13:28 - 2019-04-02 00:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-04-23 13:28 - 2019-03-16 08:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-04-23 13:28 - 2019-03-16 05:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-04-23 13:28 - 2019-03-14 10:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2019-04-23 13:28 - 2019-03-14 10:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2019-04-23 13:28 - 2019-03-14 10:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll 2019-04-23 13:28 - 2019-03-14 10:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2019-04-23 13:28 - 2019-03-14 10:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys 2019-04-23 13:28 - 2019-03-14 10:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys 2019-04-23 13:28 - 2019-03-14 10:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe 2019-04-23 13:28 - 2019-03-14 10:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll 2019-04-23 13:28 - 2019-03-14 10:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll 2019-04-23 13:28 - 2019-03-14 10:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2019-04-23 13:28 - 2019-03-14 10:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll 2019-04-23 13:28 - 2019-03-14 10:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll 2019-04-23 13:28 - 2019-03-14 10:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2019-04-23 13:28 - 2019-03-14 09:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll 2019-04-23 13:28 - 2019-03-14 09:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe 2019-04-23 13:28 - 2019-03-14 09:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll 2019-04-23 13:28 - 2019-03-14 09:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll 2019-04-23 13:28 - 2019-03-14 09:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2019-04-23 13:28 - 2019-03-14 09:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll 2019-04-23 13:28 - 2019-03-14 04:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2019-04-23 13:28 - 2019-03-14 04:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-04-23 13:28 - 2019-03-14 04:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-04-23 13:28 - 2019-03-14 04:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll 2019-04-23 13:28 - 2019-03-14 04:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-04-23 13:28 - 2019-03-14 04:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2019-04-23 13:28 - 2019-03-14 04:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2019-04-23 13:28 - 2019-03-14 04:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-04-23 13:28 - 2019-03-14 04:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll 2019-04-23 13:28 - 2019-03-14 04:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-04-23 13:28 - 2019-03-14 04:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-04-23 13:28 - 2019-03-14 04:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-04-23 13:28 - 2019-03-14 04:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-04-23 13:28 - 2019-03-14 04:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-04-23 13:28 - 2019-03-14 04:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2019-04-23 13:28 - 2019-03-14 04:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-04-23 13:28 - 2019-03-14 04:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2019-04-23 13:28 - 2019-03-14 04:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys 2019-04-23 13:28 - 2019-03-14 04:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2019-04-23 13:28 - 2019-03-14 04:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-04-23 13:28 - 2019-03-14 04:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-04-23 13:28 - 2019-03-14 04:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-04-23 13:28 - 2019-03-14 04:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-04-23 13:28 - 2019-03-14 04:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2019-04-23 13:28 - 2019-03-14 04:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll 2019-04-23 13:28 - 2019-03-14 04:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll 2019-04-23 13:28 - 2019-03-14 04:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll 2019-04-23 13:28 - 2019-03-14 04:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-04-23 13:28 - 2019-03-14 04:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-04-23 13:28 - 2019-03-14 04:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2019-04-23 13:28 - 2019-03-14 04:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2019-04-23 13:28 - 2019-03-14 04:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll 2019-04-23 13:28 - 2019-03-14 04:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll 2019-04-23 13:28 - 2019-03-14 04:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2019-04-23 13:28 - 2019-03-14 04:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2019-04-23 13:28 - 2019-03-14 04:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2019-04-23 13:28 - 2019-03-14 04:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2019-04-23 13:28 - 2019-03-14 04:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll 2019-04-23 13:28 - 2019-03-14 04:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-04-23 13:28 - 2019-03-14 04:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2019-04-23 13:28 - 2019-03-14 04:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2019-04-23 13:28 - 2019-03-14 04:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-04-23 13:28 - 2019-03-14 04:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2019-04-23 13:28 - 2019-03-14 03:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2019-04-23 13:28 - 2019-03-14 03:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-04-23 13:28 - 2019-03-14 03:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2019-04-23 13:28 - 2019-03-14 03:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2019-04-23 13:28 - 2019-03-14 03:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2019-04-23 13:28 - 2019-03-14 03:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2019-04-23 13:28 - 2019-03-14 03:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-04-23 13:28 - 2019-03-14 03:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll 2019-04-23 13:28 - 2019-03-14 03:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe 2019-04-23 13:28 - 2019-03-14 03:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2019-04-23 13:28 - 2019-03-14 03:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll 2019-04-23 13:28 - 2019-03-14 03:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2019-04-23 13:28 - 2019-03-14 03:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2019-04-23 13:28 - 2019-03-14 03:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-04-23 13:28 - 2019-03-14 03:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2019-04-23 13:28 - 2019-03-14 03:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll 2019-04-23 13:28 - 2019-03-14 03:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-04-23 13:28 - 2019-03-14 03:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-04-23 13:28 - 2019-03-14 03:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll 2019-04-23 13:28 - 2019-03-14 03:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2019-04-23 13:28 - 2019-03-14 03:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-04-23 13:28 - 2019-03-14 03:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2019-04-23 13:28 - 2019-03-14 03:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-04-23 13:28 - 2019-03-14 03:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2019-04-23 13:28 - 2019-03-14 03:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2019-04-23 13:28 - 2019-03-13 21:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-04-23 13:28 - 2019-03-13 21:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2019-04-23 13:28 - 2019-03-13 21:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2019-04-23 13:28 - 2019-03-13 21:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-04-23 13:28 - 2019-03-13 21:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-09 09:22 - 2019-01-11 13:26 - 000000000 ____D C:\Users\SLR\AppData\LocalLow\Mozilla 2019-05-09 09:02 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-05-09 08:53 - 2018-01-20 18:32 - 000000000 ____D C:\Users\SLR\AppData\Local\Adobe 2019-05-09 08:51 - 2017-12-26 13:58 - 000000000 ____D C:\ProgramData\TEMP 2019-05-09 08:40 - 2018-05-25 10:21 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-05-09 08:40 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF 2019-05-09 08:39 - 2018-05-16 14:37 - 000000000 ____D C:\Users\SLR\AppData\Roaming\MediaMonkey 2019-05-09 08:38 - 2017-02-23 18:04 - 000000000 __SHD C:\Users\SLR\IntelGraphicsProfiles 2019-05-08 19:54 - 2018-05-25 10:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-05-08 19:54 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-05-08 19:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-05-08 13:29 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-05-08 09:16 - 2018-05-25 10:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-05-07 15:09 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2019-05-07 15:09 - 2018-01-08 22:38 - 000000000 ____D C:\Program Files\Corel 2019-05-07 15:09 - 2017-04-21 20:51 - 000000000 ____D C:\Users\Public\Documents\Corel 2019-05-07 09:52 - 2017-12-20 15:52 - 000000000 ____D C:\Users\SLR\AppData\Local\Packages 2019-05-07 09:30 - 2018-11-16 13:55 - 000000000 ____D C:\Program Files\rempl 2019-05-06 18:30 - 2017-04-05 11:02 - 000000000 ____D C:\Users\SLR\AppData\LocalLow\Temp 2019-05-06 17:19 - 2018-05-25 10:12 - 000000000 ____D C:\Users\defaultuser0 2019-05-06 17:19 - 2017-12-20 16:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2019-05-06 17:18 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\InfusedApps 2019-05-06 17:17 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\registration 2019-05-06 13:22 - 2018-05-25 10:12 - 000000000 ____D C:\Users\SLR 2019-05-03 12:21 - 2018-03-10 15:22 - 000000000 ____D C:\temphb 2019-05-03 12:04 - 2018-03-10 15:16 - 000000000 ____D C:\Users\SLR\Downloads\Hirens.BootCD.15.2 2019-05-02 17:46 - 2017-07-16 15:51 - 000000000 ____D C:\Users\SLR\Downloads\Graphics 2019-05-02 17:43 - 2018-05-26 14:01 - 000000600 _____ C:\Users\SLR\AppData\Roaming\winscp.rnd 2019-05-02 16:34 - 2018-01-20 18:33 - 000000000 ____D C:\ProgramData\Adobe 2019-05-02 16:33 - 2018-08-11 16:46 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2019-05-02 16:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-05-02 14:46 - 2018-05-17 09:27 - 000000000 ___DC C:\WINDOWS\Panther 2019-05-01 17:52 - 2018-05-26 13:48 - 000000000 ____D C:\Program Files (x86)\WinSCP 2019-05-01 17:14 - 2018-07-10 15:28 - 000003942 _____ C:\WINDOWS\System32\Tasks\BlueStacksHelper 2019-05-01 12:13 - 2017-12-20 18:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sda 2019-04-29 15:45 - 2017-12-20 15:52 - 000000000 ____D C:\Users\SLR\AppData\Roaming\Adobe 2019-04-29 11:17 - 2018-11-29 14:50 - 000000000 ____D C:\Users\SLR\AppData\Local\ElevatedDiagnostics 2019-04-28 12:37 - 2018-05-28 20:24 - 000000777 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt 2019-04-27 10:03 - 2019-04-01 16:11 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-04-27 09:14 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-04-24 17:51 - 2017-12-20 16:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2019-04-24 11:45 - 2018-05-25 10:16 - 000004584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2019-04-24 11:44 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2019-04-24 11:44 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2019-04-24 11:44 - 2018-02-08 15:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-04-24 11:39 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender 2019-04-24 11:39 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-04-24 11:39 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-04-23 13:31 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-04-23 13:28 - 2017-12-22 14:13 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-04-23 13:24 - 2017-12-22 14:13 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-04-23 13:22 - 2018-05-28 19:12 - 000000000 ____D C:\ProgramData\PCDr 2019-04-23 13:21 - 2017-02-16 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2019-04-23 13:20 - 2018-05-28 19:11 - 000000000 ____D C:\ProgramData\SupportAssist ==================== Files in the root of some directories ======= 2018-08-17 13:34 - 2018-10-05 16:08 - 000099384 _____ () C:\Users\SLR\AppData\Roaming\inst.exe 2018-08-17 13:34 - 2018-10-05 16:08 - 000007859 _____ () C:\Users\SLR\AppData\Roaming\pcouffin.cat 2018-08-17 13:34 - 2018-10-05 16:08 - 000001167 _____ () C:\Users\SLR\AppData\Roaming\pcouffin.inf 2018-08-17 13:34 - 2018-10-05 16:08 - 000000055 _____ () C:\Users\SLR\AppData\Roaming\pcouffin.log 2018-08-17 13:34 - 2018-10-05 16:08 - 000082816 _____ (VSO Software) C:\Users\SLR\AppData\Roaming\pcouffin.sys 2018-05-26 14:01 - 2019-05-02 17:43 - 000000600 _____ () C:\Users\SLR\AppData\Roaming\winscp.rnd 2018-04-23 14:07 - 2018-04-23 14:07 - 000011264 _____ () C:\Users\SLR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-09-27 16:33 - 2018-09-27 16:33 - 000000000 _____ () C:\Users\SLR\AppData\Local\oobelibMkey.log 2019-04-29 18:36 - 2019-04-29 18:36 - 000000218 _____ () C:\Users\SLR\AppData\Local\recently-used.xbel ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================