Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Weird login screen behavior from Windows 10

windows 10 password login fake login screen

  • Please log in to reply

#61
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Hello there. Thank you for coming back to me. Yes, that's the info I was looking for (I suppose I could have tried harder to locate it but the plethora of messages proved too much for me, so thanks). Hopefully, I won't need to use it but at least now, if I do, thanks to your good offices, it's really easy to find). All the very best to you. Thank you very much.


  • 0

Advertisements


#62
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Hello again. I hope you're doing okay under the current circumstances. I had hoped to not have to hassle you for a good while; however, subsequent to updating some drivers which Dell's Update notification brought to my attention, my fan seems to be definitely more active than normal and so here I am. I've actioned your prior instructions re the Process Explorer log but am never really clear about the 'click twice on the CPU' result, but I hope it's the right one. Thank you very much for taking a look at it for me. 

Process CPU Private Bytes Working Set PID Verified Signer
amdow.exe 2,480 K 1,572 K 12432 (Verified) Advanced Micro Devices, Inc.
ApplicationFrameHost.exe 11,008 K 24,244 K 7468 (Verified) Microsoft Windows
armsvc.exe 1,392 K 1,864 K 3432 (Verified) Adobe Inc.
aswEngSrv.exe 38,332 K 54,456 K 8224 (Verified) Avast Software s.r.o.
atiesrxx.exe 1,760 K 2,492 K 1876 (Verified) Advanced Micro Devices, Inc.
atiw.exe 2,668 K 10,480 K 8452 (Verified) Dell Technologies Inc.
audiodg.exe 11,312 K 18,332 K 13176 (Verified) Microsoft Windows
AvastUI.exe 13,456 K 31,756 K 13768 (Verified) Avast Software s.r.o.
brave.exe 1,788 K 6,124 K 12776 (Verified) Brave Software, Inc.
brave.exe 12,600 K 11,884 K 8976 (Verified) Brave Software, Inc.
brave.exe 49,676 K 41,324 K 14696 (Verified) Brave Software, Inc.
brave.exe 26,788 K 50,732 K 11020 (Verified) Brave Software, Inc.
brave.exe 26,748 K 40,356 K 10304 (Verified) Brave Software, Inc.
brave.exe 33,832 K 59,400 K 12516 (Verified) Brave Software, Inc.
brave.exe 12,700 K 13,368 K 13876 (Verified) Brave Software, Inc.
brave.exe 39,224 K 59,800 K 16236 (Verified) Brave Software, Inc.
brave.exe 23,960 K 42,568 K 6496 (Verified) Brave Software, Inc.
brave.exe 45,608 K 47,820 K 14476 (Verified) Brave Software, Inc.
brave.exe 58,868 K 71,532 K 1972 (Verified) Brave Software, Inc.
brave.exe 59,788 K 66,164 K 13252 (Verified) Brave Software, Inc.
brave.exe 26,600 K 50,952 K 5144 (Verified) Brave Software, Inc.
ChsIME.exe 1,816 K 7,768 K 9408 (Verified) Microsoft Windows
csrss.exe 1,988 K 3,548 K 2904 (Verified) Microsoft Windows Publisher
ctfmon.exe 3,872 K 14,024 K 13744 (Verified) Microsoft Windows
DDVCollectorSvcApi.exe 1,976 K 2,044 K 11856 (Verified) Dell Technologies Inc.
DDVDataCollector.exe 29,748 K 13,848 K 11640 (Verified) Dell Technologies Inc.
DDVRulesProcessor.exe 7,652 K 6,132 K 8940 (Verified) Dell Technologies Inc.
esif_uf.exe 1,996 K 6,024 K 5280 (Verified) Intel Corporation
fontdrvhost.exe 2,280 K 1,132 K 1088 (Verified) Microsoft Windows
fontdrvhost.exe 8,320 K 9,388 K 6968 (Verified) Microsoft Windows
GameBarFT.exe 3,096 K 17,024 K 16352 (No signature was present in the subject) Microsoft Corporation
GameBarFTServer.exe 3,636 K 14,676 K 9652 (No signature was present in the subject) Microsoft Corporation
IAStorDataMgrSvc.exe 154,728 K 12,792 K 6584 (Verified) Intel® Rapid Storage Technology
IAStorIcon.exe 34,232 K 30,660 K 2488 (Verified) Intel® Rapid Storage Technology
igfxCUIService.exe 2,232 K 3,528 K 2416 (Verified) Intel® pGFX
igfxEM.exe 5,836 K 19,576 K 15828 (Verified) Intel® pGFX
IntelCpHDCPSvc.exe 1,864 K 2,200 K 2740 (Verified) Intel® pGFX
IntelCpHeciSvc.exe 1,728 K 2,152 K 4648 (Verified) Intel® pGFX
jhi_service.exe 1,408 K 620 K 10692 (Verified) Intel® Embedded Subsystems and IP Blocks Group
LMS.exe 3,588 K 3,452 K 12464 (Verified) Intel® Embedded Subsystems and IP Blocks Group
msdtc.exe 3,044 K 680 K 11208 (Verified) Microsoft Windows
procexp.exe 4,508 K 10,968 K 9624 (Verified) Microsoft Corporation
QcomWlanSrvx64.exe 1,596 K 5,108 K 15964 (Verified) Qualcomm Atheros
RAVBg64.exe 6,096 K 13,504 K 10164 (Verified) Realtek Semiconductor Corp.
Registry 4,512 K 36,964 K 120
RemindersServer.exe Suspended 8,260 K 17,636 K 12764 (Verified) Microsoft Windows
RtkAudioService64.exe 1,880 K 2,976 K 3232 (Verified) Realtek Semiconductor Corp.
RtkNGUI64.exe 4,448 K 12,396 K 12932 (Verified) Realtek Semiconductor Corp.
RuntimeBroker.exe 6,512 K 24,568 K 7128 (Verified) Microsoft Windows
RuntimeBroker.exe 4,236 K 20,812 K 3104 (Verified) Microsoft Windows
RuntimeBroker.exe 5,724 K 23,328 K 4280 (Verified) Microsoft Windows
RuntimeBroker.exe 2,628 K 10,564 K 5664 (Verified) Microsoft Windows
RuntimeBroker.exe 8,148 K 24,480 K 10256 (Verified) Microsoft Windows
SearchUI.exe Suspended 72,380 K 38,524 K 1572 (Verified) Microsoft Windows
SecurityHealthService.exe 6,956 K 10,948 K 2164 (Verified) Microsoft Windows Publisher
SecurityHealthSystray.exe 1,864 K 8,468 K 12636 (Verified) Microsoft Windows
services.exe 8,148 K 7,020 K 940 (Verified) Microsoft Windows Publisher
SgrmBroker.exe 4,436 K 4,708 K 12724 (Verified) Microsoft Windows Publisher
ShellExperienceHost.exe Suspended 11,288 K 43,968 K 1760 (Verified) Microsoft Windows
sihost.exe 7,148 K 26,188 K 3616 (Verified) Microsoft Windows
SkypeApp.exe Suspended 204,676 K 30,200 K 1004 (No signature was present in the subject) Microsoft Corporation
SkypeBackgroundHost.exe Suspended 2,056 K 8,844 K 5780 (No signature was present in the subject) Microsoft Corporation
smss.exe 1,160 K 468 K 520 (Verified) Microsoft Windows Publisher
spoolsv.exe 6,032 K 4,924 K 3912 (Verified) Microsoft Windows
StartMenu.exe 3,264 K 11,104 K 15008 (No signature was present in the subject) Open-Shell
StartMenuExperienceHost.exe 24,512 K 63,112 K 13292 (Verified) Microsoft Windows
svchost.exe 968 K 644 K 1032 (Verified) Microsoft Windows Publisher
svchost.exe 1,988 K 2,396 K 1476 (Verified) Microsoft Windows Publisher
svchost.exe 2,312 K 4,808 K 1484 (Verified) Microsoft Windows Publisher
svchost.exe 2,892 K 6,504 K 1492 (Verified) Microsoft Windows Publisher
svchost.exe 2,744 K 5,900 K 1520 (Verified) Microsoft Windows Publisher
svchost.exe 2,492 K 4,516 K 1700 (Verified) Microsoft Windows Publisher
svchost.exe 2,248 K 1,840 K 1736 (Verified) Microsoft Windows Publisher
svchost.exe 5,100 K 7,096 K 1960 (Verified) Microsoft Windows Publisher
svchost.exe 1,644 K 2,824 K 2196 (Verified) Microsoft Windows Publisher
svchost.exe 2,500 K 4,092 K 2296 (Verified) Microsoft Windows Publisher
svchost.exe 2,420 K 4,844 K 2392 (Verified) Microsoft Windows Publisher
svchost.exe 1,912 K 2,932 K 1588 (Verified) Microsoft Windows Publisher
svchost.exe 15,760 K 13,364 K 5760 (Verified) Microsoft Windows Publisher
svchost.exe 4,476 K 5,916 K 8436 (Verified) Microsoft Windows Publisher
svchost.exe 2,284 K 6,600 K 8704 (Verified) Microsoft Windows Publisher
svchost.exe 2,224 K 2,988 K 6460 (Verified) Microsoft Windows Publisher
svchost.exe 6,004 K 12,236 K 9316 (Verified) Microsoft Windows Publisher
svchost.exe 2,788 K 4,276 K 12336 (Verified) Microsoft Windows Publisher
svchost.exe 2,420 K 2,396 K 6876 (Verified) Microsoft Windows Publisher
svchost.exe 7,052 K 27,344 K 12880 (Verified) Microsoft Windows Publisher
svchost.exe 1,852 K 3,004 K 3000 (Verified) Microsoft Windows Publisher
svchost.exe 2,260 K 3,248 K 3008 (Verified) Microsoft Windows Publisher
svchost.exe 1,412 K 1,912 K 2288 (Verified) Microsoft Windows Publisher
svchost.exe 1,932 K 2,516 K 3360 (Verified) Microsoft Windows Publisher
svchost.exe 6,396 K 23,120 K 6028 (Verified) Microsoft Windows Publisher
svchost.exe 2,516 K 5,908 K 2828 (Verified) Microsoft Windows Publisher
svchost.exe 6,620 K 8,608 K 4268 (Verified) Microsoft Windows Publisher
svchost.exe 98,240 K 37,036 K 3976 (Verified) Microsoft Windows Publisher
svchost.exe 1,640 K 724 K 4156 (Verified) Microsoft Windows Publisher
svchost.exe 2,144 K 2,608 K 4148 (Verified) Microsoft Windows Publisher
svchost.exe 1,328 K 1,364 K 4552 (Verified) Microsoft Windows Publisher
svchost.exe 5,692 K 13,856 K 2320 (Verified) Microsoft Windows Publisher
svchost.exe 4,292 K 13,980 K 5548 (Verified) Microsoft Windows Publisher
svchost.exe 3,236 K 3,048 K 5900 (Verified) Microsoft Windows Publisher
svchost.exe 3,044 K 4,272 K 5896 (Verified) Microsoft Windows Publisher
svchost.exe 3,168 K 5,288 K 8980 (Verified) Microsoft Windows Publisher
svchost.exe 4,824 K 10,332 K 2868 (Verified) Microsoft Windows Publisher
svchost.exe 1,760 K 2,880 K 5496 (Verified) Microsoft Windows Publisher
svchost.exe 4,392 K 6,304 K 2796 (Verified) Microsoft Windows Publisher
svchost.exe 5,684 K 13,944 K 4116 (Verified) Microsoft Windows Publisher
svchost.exe 2,216 K 6,768 K 10848 (Verified) Microsoft Windows Publisher
svchost.exe 2,236 K 4,628 K 5684 (Verified) Microsoft Windows Publisher
svchost.exe 2,976 K 5,620 K 9500 (Verified) Microsoft Windows Publisher
svchost.exe 3,284 K 16,084 K 9920 (Verified) Microsoft Windows Publisher
svchost.exe 4,752 K 6,900 K 2456 (Verified) Microsoft Windows Publisher
svchost.exe 1,876 K 7,432 K 15552 (Verified) Microsoft Windows Publisher
svchost.exe 2,992 K 6,740 K 1656 (Verified) Microsoft Windows Publisher
svchost.exe 3,880 K 12,076 K 15700 (Verified) Microsoft Windows Publisher
svchost.exe 6,648 K 3,696 K 1856 (Verified) Microsoft Windows Publisher
svchost.exe 3,252 K 6,648 K 2544 (Verified) Microsoft Windows Publisher
svchost.exe 7,984 K 10,144 K 2120 (Verified) Microsoft Windows Publisher
svchost.exe 1,512 K 5,024 K 5228 (Verified) Microsoft Windows Publisher
svchost.exe 2,660 K 5,064 K 1900 (Verified) Microsoft Windows Publisher
svchost.exe 5,636 K 5,836 K 2492 (Verified) Microsoft Windows Publisher
svchost.exe 2,524 K 3,416 K 2088 (Verified) Microsoft Windows Publisher
svchost.exe 13,944 K 17,240 K 2356 (Verified) Microsoft Windows Publisher
svchost.exe 6,788 K 3,020 K 1664 (Verified) Microsoft Windows Publisher
svchost.exe 3,072 K 5,040 K 3352 (Verified) Microsoft Windows Publisher
svchost.exe 16,372 K 11,840 K 2012 (Verified) Microsoft Windows Publisher
svchost.exe 24,200 K 25,948 K 4164 (Verified) Microsoft Windows Publisher
svchost.exe 2,416 K 2,528 K 4492 (Verified) Microsoft Windows Publisher
svchost.exe 12,384 K 9,016 K 3952 (Verified) Microsoft Windows Publisher
svchost.exe 3,236 K 7,084 K 3600 (Verified) Microsoft Windows Publisher
svchost.exe 6,272 K 11,784 K 5552 (Verified) Microsoft Windows Publisher
svchost.exe 11,628 K 11,456 K 8768 (Verified) Microsoft Windows Publisher
svchost.exe 4,076 K 9,316 K 3200 (Verified) Microsoft Windows Publisher
svchost.exe 2,392 K 1,948 K 3760 (Verified) Microsoft Windows Publisher
svchost.exe 2,564 K 3,984 K 4260 (Verified) Microsoft Windows Publisher
svchost.exe 2,068 K 2,428 K 3984 (Verified) Microsoft Windows Publisher
svchost.exe 3,084 K 4,916 K 1272 (Verified) Microsoft Windows Publisher
svchost.exe 9,952 K 13,756 K 2888 (Verified) Microsoft Windows Publisher
SystemSettings.exe Suspended 23,284 K 796 K 1808 (Verified) Microsoft Windows
taskhostw.exe 6,256 K 15,152 K 14148 (Verified) Microsoft Windows
unsecapp.exe 1,652 K 6,848 K 12568 (Verified) Microsoft Windows
Video.UI.exe Suspended 22,056 K 33,924 K 14796 (No signature was present in the subject)
WavesSvc64.exe 11,828 K 12,968 K 2908 (Verified) Waves Inc
WavesSysSvc64.exe 6,920 K 2,508 K 4108 (Verified) Waves Inc
wininit.exe 1,724 K 2,792 K 892 (Verified) Microsoft Windows Publisher
winlogon.exe 2,692 K 9,488 K 8472 (Verified) Microsoft Windows
WmiPrvSE.exe 10,260 K 19,596 K 15992 (Verified) Microsoft Windows
wsc_proxy.exe 4,204 K 3,192 K 2424 (Verified) Avast Software s.r.o.
WUDFHost.exe 4,216 K 10,172 K 9412 (Verified) Microsoft Windows
svchost.exe < 0.01 7,224 K 22,472 K 6236 (Verified) Microsoft Windows Publisher
RAVBg64.exe < 0.01 4,444 K 12,592 K 7720 (Verified) Realtek Semiconductor Corp.
csrss.exe < 0.01 2,352 K 2,324 K 756 (Verified) Microsoft Windows Publisher
AdminService.exe < 0.01 2,244 K 6,584 K 12552 (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe < 0.01 7,072 K 10,336 K 3556 (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 23,668 K 30,292 K 1056 (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,756 K 5,692 K 4932 (Verified) Microsoft Windows Publisher
AMDRSServ.exe < 0.01 157,828 K 37,588 K 2584 (Verified) Advanced Micro Devices, Inc.
Memory Compression < 0.01 1,024 K 16,516 K 2672
dptf_helper.exe < 0.01 1,588 K 4,488 K 13388 (Verified) Intel Corporation
RadeonSoftware.exe < 0.01 146,204 K 46,068 K 16244 (Verified) Advanced Micro Devices, Inc.
svchost.exe < 0.01 10,444 K 13,048 K 1220 (Verified) Microsoft Windows Publisher
aswidsagent.exe < 0.01 64,580 K 33,952 K 7252 (Verified) Avast Software s.r.o.
brave.exe < 0.01 59,184 K 87,404 K 7452 (Verified) Brave Software, Inc.
brave.exe < 0.01 54,352 K 83,344 K 12520 (Verified) Brave Software, Inc.
brave.exe 0.01 58,048 K 87,640 K 5176 (Verified) Brave Software, Inc.
ServiceShell.exe 0.01 70,616 K 28,908 K 7852 (Verified) Dell Inc
SearchIndexer.exe 0.01 39,868 K 29,508 K 4384 (Verified) Microsoft Windows
AvastSvc.exe 0.01 252,968 K 43,524 K 3608 (Verified) Avast Software s.r.o.
brave.exe 0.02 58,100 K 87,540 K 6564 (Verified) Brave Software, Inc.
brave.exe 0.02 58,872 K 88,380 K 11064 (Verified) Brave Software, Inc.
brave.exe 0.02 71,196 K 101,140 K 6528 (Verified) Brave Software, Inc.
brave.exe 0.02 102,416 K 122,740 K 2148 (Verified) Brave Software, Inc.
brave.exe 0.03 63,220 K 108,840 K 10724 (Verified) Brave Software, Inc.
brave.exe 0.04 20,584 K 31,348 K 8180 (Verified) Brave Software, Inc.
atieclxx.exe 0.05 2,688 K 10,268 K 5336 (Verified) Advanced Micro Devices, Inc.
lsass.exe 0.05 9,924 K 14,272 K 948 (Verified) Microsoft Windows Publisher
AvastUI.exe 0.07 22,564 K 21,772 K 9476 (Verified) Avast Software s.r.o.
svchost.exe 0.08 79,444 K 75,824 K 2280 (Verified) Microsoft Windows Publisher
DSAPI.exe 0.09 132,392 K 55,604 K 212 (Verified) PC-Doctor, Inc.
brave.exe 0.09 179,312 K 184,716 K 10500 (Verified) Brave Software, Inc.
AvastUI.exe 0.10 30,228 K 55,272 K 12980 (Verified) Avast Software s.r.o.
GameBar.exe 0.10 26,004 K 36,772 K 5248 (No signature was present in the subject) Microsoft Corporation
csrss.exe 0.11 2,340 K 5,492 K 15856 (Verified) Microsoft Windows Publisher
explorer.exe 0.13 80,944 K 88,080 K 10960 (Verified) Microsoft Windows
brave.exe 0.15 55,996 K 94,036 K 10444 (Verified) Brave Software, Inc.
System 0.37 232 K 2,984 K 4
Interrupts 0.34 0 K 0 K n/a
dwm.exe 0.56 37,536 K 53,252 K 10040 (Verified) Microsoft Windows
procexp64.exe 3.66 61,716 K 88,440 K 10776 (Verified) Microsoft Corporation
SupportAssistAgent.exe 12.44 617,372 K 74,132 K 11104 (Verified) Dell Inc.
System Idle Process 83.44 60 K 8 K 0

  • 0

#63
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

SupportAssistAgent.exe 12.44 617,372 K 74,132 K 11104 (Verified) Dell Inc.

 

 

Try uninstalling your Dell SupportAssist.  You can install the latest version if you really think you need it. 

https://www.dell.com...s/supportassist

 

Perhaps a fresh install will work better.


  • 0

#64
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Thanks a lot. I'll do that and let you know what happens.


  • 0

#65
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Hello there. So that's the weirdest thing: as soon as I downloaded SupportAssist - without even installing it - the fan started up! So I binned it. Could it have been caused by the Dell site cookies? Is not having SupportAssist for driver updates a serious deficiency? Thank you.


  • 0

#66
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Depends how old the PC is.  After a few years the PC makers' stop worrying about PCs they are not making money on.  Besides most driver update activity is via Windows Update these days.

 

I'm thinking the fan was just your anti-virus firing up to examine the downloaded file.  Probably would have stopped in a minute or two.  You could run Process Explorer and see what process is using the CPU.


  • 0

#67
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Ah, thanks for that: I understand. Anyway it's back to normal. Thank you again.


  • 0

#68
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Looks like I spoke too soon! Hello again. I have another issue - will they never end? My pages are suddenly loading really slowly, from 6-14 seconds. And then much of the content is not there, I mean on the DailyMail site for example, when I scroll down it's all empty. So I'm in the middle of running malwarebytes scanner. I used to do regular scans with MB, Superantispyware, CCleaner and years previously Search and Destroy. But someone, maybe you, on geekstogo suggested getting rid of all of those which is what I did so now I feel a bit vulnerable. I have Avast anti-virus and Windows Security (Avast is listed as the antivirus there). Is there something else I can be running/doing? Or is that sufficient? Please advise. MB just found a PUP connected to Startpage (screenshot) and I quarantined it but does that now mean that I should ditch Startpage altogether (hope not because as a private company I prefer it to duckduckgo)? Yesterday, I think it was, I ran the Avast scanner and it found an issue with a toolbar but I was unable to screenshot it, maybe it was a false positive. Anyway, after quaranting that PUP from MB it's back to being really fast and full loading so I think all is well again. But, if there's something you can suggest (didn't there used to be some kind of page on geekstogo about how to keep a clean computer?) I'll shut up now. All the best, thank you very much.


  • 0

#69
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Don't know anything about startpage.  I just have my browsers start at a bare google.com page.  With Ublock Origin the page loads very quickly without ads.

 

I think we took off mbam because it wasn't happy.  CCleaner and the other one are just not recommended so you are better off without them.

Have you run a boot-time scan with Avast yet?  It takes hours so I usually let it run at night.


Click on the Avast icon or shortcut.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.


 


  • 0

#70
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Hi. Thank you. Yesterday my laptop froze up on me twice. I ran AdWCleaner and it found some stuff. It's running fine at the moment and so far today has not frozen up. Also, I forgot to mention in my last post that Avast had flagged Intel Rapid Storage Technology and one other thing which I forget, to be turned off. So I did that a few days ago, I've since turned it back on. AdwCleaner suggested getting rid of the Dellupdate/Windows 10 pre-installed software so I did. The chap said to visit Dell support from time to time for updates. Presumably that's easy enough to do. Anyway, here is the log:

 

04/24/2020 08:58
Scan of C:
 
Scan of *STARTUP
 
File C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\shape_torus.3mf:WofCompressedData|>3D\3dmodel.model Error 42125 {ZIP archive is corrupted.}
File C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\spheres.3mf:WofCompressedData|>3D\3dmodel.model Error 42125 {ZIP archive is corrupted.}
File C:\Windows\Installer\1b41da22.msp|>PCW_CAB_RDR|>rdrservicesupdater.exe|>static\images\hi_contrast\core_icons_highcontrast_retina.png Error 42125 {ZIP archive is corrupted.}
File C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.18362.1_none_3e2c25ad9665f3d9\WDAGPlaceholder.pptx:WofCompressedData|>ppt\slideLayouts\slideLayout3.xml Error 42125 {ZIP archive is corrupted.}
Number of searched folders: 89775
Number of tested files: 953794
Number of infected files: 0

  • 0

Advertisements


#71
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

OK.  Best to remove the files that Avast found to be bad.  No telling what happens if you try to use them:

 

C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\shape_torus.3mf
C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\spheres.3mf
C:\Windows\Installer\1b41da22.msp
C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.18362.1_none_3e2c25ad9665f3d9\WDAGPlaceholder.pptx
 
Intel Rapid Storage Technology is the interface between Windows and the hard drive.  You can live without it and use the generic Windows program but some systems run better with it.  I only have AMD systems so can't really play with it.  I do know it's best to have the latest version you can get to install:  https://downloadcent...-and-Driver?v=t
I usually have people start with the newest version and work backwards until they find one that works for their PC.
 
Can I see a set of VEW logs to see if anything obvious was behind the freezes?

  • 0

#72
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Hello and thank you for helping me. There's quite a lot there in a short message and I'm somewhat stumped from the get-go, truth to tell. The C Program files, sorry to be thick, but how do I delete them, how do I get to them? I got as far as Windows Apps and then it said I'd been denied permission when I clicked through on the security tab and permissions, I didn't understand what to do. Regarding the Intel thing, you said some systems run better with it. Was my laptop originally kitted out with it? If it wasn't, would that be any kind of indicator that I do/don't need it? Working backwards until I find one that works. May I ask what is the basis to know if it works or doesn't, what do I look for? It sounds a bit hit and miss and an awful lot of trial and error. Does the fact that Avast flagged it in the first instance indicate that I may not need it? It's late in the evening here in London and my brain is fried. I'll have a go at the VEW logs tomorrow because I'll have to dig out your previous instructions from what has now become a very long thread. I'll get back to you. Btw, after I came back from the shop and woke up the laptop it had frozen again. Thank you and have a pleasant day.


  • 0

#73
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

We can let FRST remove the files:

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   1.73KB   231 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 

 

Your first FRST log shows:

 

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.0.1017 - Intel Corporation)

so it was installed at the beginning.  Sometimes Windows 10 decides it doesn't need it.  Like I said before I don't have an Intel based PC to play with but I have seen it installed and not used.


  • 0

#74
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Hello there. Thank you very much for the fixlist. Logs are below. Also, thank you for clarifying that the Intel thing came loaded with the computer. (I'm still a bit in the dark though about how to know which version 'is working', so I'll just stick with the one that I've got for now). I'll send you this back for the time being and will now get on with the VEW logs and send those asap. Thank you and have a nice day.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-04-2020
Ran by David Jackson (26-04-2020 12:49:34) Run:8
Running from C:\Users\David Jackson\Desktop
Loaded Profiles: defaultuser0 & David Jackson (Available Profiles: defaultuser0 & David Jackson)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Unlock: C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\shape_torus.3mf
Unlock: C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\spheres.3mf
Unlock: C:\Windows\Installer\1b41da22.msp
Unlock: C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.18362.1_none_3e2c25ad9665f3d9\WDAGPlaceholder.pptx
C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\shape_torus.3mf
C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\spheres.3mf
C:\Windows\Installer\1b41da22.msp
C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.18362.1_none_3e2c25ad9665f3d9\WDAGPlaceholder.pptx
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
"C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\shape_torus.3mf" => was unlocked
"C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\spheres.3mf" => was unlocked
"C:\Windows\Installer\1b41da22.msp" => was unlocked
"C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.18362.1_none_3e2c25ad9665f3d9\WDAGPlaceholder.pptx" => was unlocked
C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\shape_torus.3mf => moved successfully
C:\Program Files\WindowsApps\Microsoft.3DBuilder_18.0.1931.0_x64__8wekyb3d8bbwe\Assets\Catalog\spheres.3mf => moved successfully
C:\Windows\Installer\1b41da22.msp => moved successfully
C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.18362.1_none_3e2c25ad9665f3d9\WDAGPlaceholder.pptx => moved successfully
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log AirSpaceChannel.
The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled.
Failed to clear log DebugChannel.
The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled.
Failed to clear log Intel-SST-CFD-HDA/IntelSST.
The instance name passed was not recognized as valid by a WMI data provider.
Failed to clear log Microsoft-RMS-MSIPC/Debug.
The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled.
Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic.
The instance name passed was not recognized as valid by a WMI data provider.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 12:53:33 ====
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2020
Ran by David Jackson (26-04-2020 13:08:28)
Running from C:\Users\David Jackson\Desktop
Windows 10 Home Version 1909 18363.778 (X64) (2019-08-25 22:15:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2490165305-1638453623-257508744-500 - Administrator - Disabled)
David Jackson (S-1-5-21-2490165305-1638453623-257508744-1001 - Administrator - Enabled) => C:\Users\David Jackson
DefaultAccount (S-1-5-21-2490165305-1638453623-257508744-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2490165305-1638453623-257508744-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2490165305-1638453623-257508744-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2490165305-1638453623-257508744-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 19.02 alpha (x64) (HKLM\...\7-Zip) (Version: 19.02 alpha - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.2.2 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: 2.1.13 - )
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.2.2401 - Avast Software)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 81.1.7.98 - Brave Software Inc)
f.lux (HKU\S-1-5-21-2490165305-1638453623-257508744-1001\...\Flux) (Version:  - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.122 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c4a581e8-a702-448c-80c7-4b6192985db2}) (Version: 10.1.18228.8176 - Intel® Corporation)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10209.6897 - Intel Corporation)
Intel® Graphics Driver Software (HKLM-x32\...\{34b71f5b-fd06-4029-966e-c1d187ea90a7}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{d7a872bf-e69e-4300-8537-086dc6abbf23}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7212 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.0.1017 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{7D4998B3-AC68-4815-AC47-5A1969D91E30}) (Version: 17.5.0.1017 - Intel Corporation)
Luminar 3 (HKLM\...\Luminar 3) (Version: 3.2.0.5246 - Skylum)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9326.0 - Waves Audio Ltd.) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2490165305-1638453623-257508744-1001\...\OneDriveSetup.exe) (Version: 19.152.0801.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Mozilla Firefox 75.0 (x64 en-US) (HKLM\...\Mozilla Firefox 75.0 (x64 en-US)) (Version: 75.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Open-Shell (HKLM\...\{FD722BB1-4960-455F-89C6-EFAEB79527EF}) (Version: 4.4.131 - The Open-Shell Team)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10505 - Qualcomm)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8339 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Skype version 8.59 (HKLM-x32\...\Skype_is1) (Version: 8.59 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Update for Skype for Business 2016 (KB3127939) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{0E31A60F-4066-4FD8-AB36-4119E0FED3D9}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3127939) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{0E31A60F-4066-4FD8-AB36-4119E0FED3D9}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VSDC Free Video Editor version 6.3.1.939 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.3.1.939 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.0.68.0 (HKLM\...\VulkanRT1.0.68.0) (Version: 1.0.68.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.68.0 (HKLM\...\VulkanRT1.0.68.0-2) (Version: 1.0.68.0 - LunarG, Inc.) Hidden
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-08] (Autodesk Inc.)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.5.4.0_x64__htrsf667h5kn2 [2020-04-10] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_3.1.90.0_x64__htrsf667h5kn2 [2020-03-23] (Dell Inc)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.2727.0_x64__8j3eq9eme6ctt [2020-03-13] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-19] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-29] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.4030.0_x64__8wekyb3d8bbwe [2020-04-18] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.6005.0_x64__8wekyb3d8bbwe [2020-04-16] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-03-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-24] (Microsoft Corporation)
PhotoScape X -> C:\Program Files\WindowsApps\MooiiTech.PhotoScapeX_4.0.2.0_x64__f5eddttrpssna [2019-12-31] (Mooii Tech)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2490165305-1638453623-257508744-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-05-09] (Intel® Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-06] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2018-08-18] (Open-Shell) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Open-Shell\ClassicExplorer64.dll [2018-08-18] (Open-Shell) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-05-09] (Intel® Rapid Storage Technology -> )
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-02-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-04-06] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2018-08-18] (Open-Shell) [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\David Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Apps\Secure, Fast & Private Web Browser with Adblocker _ Brave Browser.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) ->  --profile-directory=Default --app-id=dnglpbpmfhoikjfpaeipmeobcbnoikhg
ShortcutWithArgument: C:\Users\David Jackson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Secure, Fast & Private Web Browser with Adblocker _ Brave Browser.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) ->  --profile-directory=Default --app-id=dnglpbpmfhoikjfpaeipmeobcbnoikhg
ShortcutWithArgument: C:\Users\David Jackson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e2f3576b7abb043d\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) =============
 
2019-07-18 11:16 - 2019-07-18 11:16 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-10-18 16:48 - 2019-09-05 20:00 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-08-18 22:57 - 2018-08-18 22:57 - 003447808 _____ (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenuDLL.dll
2018-08-18 22:57 - 2018-08-18 22:57 - 000301568 _____ (Open-Shell) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-02-28 19:30 - 2020-02-28 19:30 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-07-18 11:16 - 2019-07-18 11:16 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-07-18 11:17 - 2019-07-18 11:17 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-02-28 19:30 - 2020-02-28 19:30 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WmsSelfHealing => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hvsifltr => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MB3Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WmsSelfHealing => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2490165305-1638453623-257508744-1001\...\localhost -> localhost
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 12:47 - 2019-10-11 16:40 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
 
2019-09-29 20:13 - 2019-09-29 20:13 - 000000440 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2490165305-1638453623-257508744-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKU\S-1-5-21-2490165305-1638453623-257508744-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2490165305-1638453623-257508744-1001\...\StartupApproved\Run: => "utweb"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5322391E-FE48-473B-B9B0-1BB87ED159E8}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [{7262E687-30AF-4516-A3EB-BDD73F01D92D}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [{F1762C98-A62E-4070-A945-31953984BF5B}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [{9EE2A854-72C4-40ED-A0C1-CF71E6B31BA5}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [{1040F48C-620B-4841-9962-D6E65EDFD6D3}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [{E018D2E6-79C3-4A09-8762-20F7057D8463}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Vector Ltd. -> Flash-Integro LLC)
FirewallRules: [UDP Query User{FCA55D5D-7C11-43D9-BE5C-AF42F4705963}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{FA87A6B8-3905-474D-8007-7A444EAD1613}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2B068F4C-AD4C-4CAD-A478-02D7224AB2ED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C94A512A-482D-4332-843B-29B804F22DBB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3EBE2972-F1C6-4B63-9055-16A9896B355F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9B577813-145A-4B2A-974A-581F724B04CF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1E20A7E5-59B2-42F2-BED9-FB04D19643AE}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3DA20463-FDCA-456A-8F99-4A7721540B47}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{194FEEA0-9365-4201-9F22-1C18DED52A83}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21A82943-4743-4655-9964-877F56AFD9E9}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{89F3A12F-5786-4B97-B2B1-63AB4992FEDE}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{9E198016-7702-4C24-97E2-7CF7BDC6B5A6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{144F977E-09FA-413C-BF8E-F1EBD9CF11C1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{126E87A2-5CA8-4491-BC53-B7A41522A973}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
 
==================== Restore Points =========================
 
23-04-2020 18:01:21 AdwCleaner_BeforeCleaning_23/04/2020_18:01:18
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
 
System errors:
=============
 
CodeIntegrity:
===================================
 
Date: 2020-04-26 13:08:47.133
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-26 13:08:23.534
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-26 13:07:39.164
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-26 13:05:42.947
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-26 13:04:51.399
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-26 13:04:29.641
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-26 13:03:35.389
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-04-26 13:03:34.879
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.9.0 07/04/2019
Motherboard: Dell Inc. 0RKTGR
Processor: Intel® Core™ i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 85%
Total physical RAM: 3961.07 MB
Available physical RAM: 571.35 MB
Total Virtual: 7801.07 MB
Available Virtual: 3172.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100 GB) (Free:28.25 GB) NTFS
Drive d: () (Fixed) (Total:272 GB) (Free:234.07 GB) NTFS
Drive e: () (Fixed) (Total:272 GB) (Free:240.71 GB) NTFS
Drive f: () (Fixed) (Total:272.88 GB) (Free:265.96 GB) NTFS
 
\\?\Volume{3f430384-b413-4fd9-8d5a-36680837eb73}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.53 GB) NTFS
\\?\Volume{e34ef38a-3c5e-4b5c-8b7d-6e369a09d72f}\ (Image) (Fixed) (Total:11.76 GB) (Free:0.15 GB) NTFS
\\?\Volume{14ad7310-6585-44c2-acde-6de083ea88c1}\ (DELLSUPPORT) (Fixed) (Total:1.13 GB) (Free:0.07 GB) NTFS
\\?\Volume{7bd86504-d9e3-4a41-a225-36b9f05f67dd}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.6 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1AFE04F0)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-04-2020
Ran by David Jackson (administrator) on DAVIDDELL2 (Dell Inc. Vostro 3478) (26-04-2020 13:05:18)
Running from C:\Users\David Jackson\Desktop
Loaded Profiles: David Jackson (Available Profiles: defaultuser0 & David Jackson)
Platform: Windows 10 Home Version 1909 18363.778 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0352369.inf_amd64_8df39ff66d4d8f46\B352355\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0352369.inf_amd64_8df39ff66d4d8f46\B352355\atiesrxx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe <13>
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f3a64c75ee4defb7\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f3a64c75ee4defb7\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_38bfcb542ef4272e\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_38bfcb542ef4272e\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9246656 2018-01-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505728 2018-01-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1210288 2017-11-14] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [108216 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [216576 2018-08-18] (Open-Shell) [File not signed]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [318920 2019-05-30] (Intel® Rapid Storage Technology -> Intel Corporation)
HKU\S-1-5-21-2490165305-1638453623-257508744-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [1980048 2020-04-20] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.122\Installer\chrmstp.exe [2020-04-24] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\81.1.7.98\Installer\chrmstp.exe [2020-04-22] (Brave Software, Inc.) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {044E1B9A-370F-4F6F-BADB-0A0F0DA37B38} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60008 2020-02-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {0DFBF48E-6327-4A04-BCD0-8C52F4DF7D0B} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-02-29] (Advanced Micro Devices, Inc.) [File not signed]
Task: {11FCF4AA-3F7D-4378-967A-F69D76B06EE6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-16] (Adobe Inc. -> Adobe)
Task: {1628DE49-B22E-47A2-9958-9B7685BB85C5} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-08-23] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {1FEE1AB6-7875-4C51-8A22-DFEA95CAE2DE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4922888B-D6A2-4E26-BD6F-99653CFE64B3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3325032 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
Task: {5FC8279F-34E1-4E48-96E4-05997EF10D17} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {74F7F83F-2E3D-47E4-AB60-9AD942D901C5} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {75198F92-0F54-4164-926B-3AA5947FE1E3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {85493095-4007-4EB6-9694-D88CFAE7F7AE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {86396D66-36A2-4394-8D48-8B2F05314243} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [126152 2020-04-10] (Mozilla Corporation -> Mozilla Foundation)
Task: {8A408B5D-FB1B-4DEC-B6C8-7B2A2CC01B52} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [67688 2020-02-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8EEC5CF0-6E3A-4C54-8E3A-812E083C98B1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {97EF5C78-76D0-46F9-A864-667E143C536B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {9BCBAF98-6CD6-4713-B492-FE80B59DD63D} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1628160 2020-02-29] (Advanced Micro Devices, Inc.) [File not signed]
Task: {ADEA3A59-2CA0-4892-BBFF-138A3C4CE8C3} - System32\Tasks\Uninstaller_SkipUac_David_Jackson => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {BB8CD43C-4901-4FC2-AA25-E43E380B45FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-24] (Google LLC -> Google LLC)
Task: {CA437914-1533-42A0-9BD7-557841658C20} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-02-29] (Advanced Micro Devices, Inc.) [File not signed]
Task: {D399D880-303A-47CC-94F1-D96370C19676} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {E7611AFD-1B56-4D55-AE60-0C0DE6CB3B2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-24] (Google LLC -> Google LLC)
Task: {EC8B1B18-0FAC-4DC3-9501-10DB2041BDAC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-16] (Adobe Inc. -> Adobe)
Task: {F3BD7406-3407-4868-B770-5B166A045ADE} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-08-23] (Brave Software, Inc. -> BraveSoftware Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.254
Tcpip\..\Interfaces\{8c70cad8-062e-4f13-8ce5-2a31ab038f35}: [DhcpNameServer] 10.0.0.254
Tcpip\..\Interfaces\{b3d91cbd-008e-4ca0-a438-0fc4de714817}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{e74bf68f-123f-41dc-be80-cfca9c0eab71}: [DhcpNameServer] 192.168.88.1 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2490165305-1638453623-257508744-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2016-10-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer64.dll [2018-08-18] (Open-Shell) [File not signed]
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_64.dll [2018-08-18] (Open-Shell) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Open-Shell\ClassicExplorer32.dll [2018-08-18] (Open-Shell) [File not signed]
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Open-Shell\ClassicIEDLL_32.dll [2018-08-18] (Open-Shell) [File not signed]
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer64.dll [2018-08-18] (Open-Shell) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Open-Shell\ClassicExplorer32.dll [2018-08-18] (Open-Shell) [File not signed]
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-10-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-10-17] (Microsoft Corporation -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
 
FireFox:
========
FF DefaultProfile: 58x27176.default-1552496324060
FF ProfilePath: C:\Users\David Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\58x27176.default-1552496324060 [2020-04-23]
FF Extension: (Clear Cache) - C:\Users\David Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\58x27176.default-1552496324060\Extensions\[email protected] [2019-07-10]
FF Extension: (Reverso Translate in Context) - C:\Users\David Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\58x27176.default-1552496324060\Extensions\[email protected] [2020-04-10]
FF Extension: (Simple Translate) - C:\Users\David Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\58x27176.default-1552496324060\Extensions\[email protected] [2019-10-27]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\David Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\58x27176.default-1552496324060\Extensions\[email protected] [2019-09-26]
FF Extension: (uBlock Origin) - C:\Users\David Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\58x27176.default-1552496324060\Extensions\[email protected] [2020-04-10]
FF Extension: (Avast Online Security) - C:\Users\David Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\58x27176.default-1552496324060\Extensions\[email protected] [2020-04-10] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (Startpage.com — Private Search Engine) - C:\Users\David Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\58x27176.default-1552496324060\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2019-10-27]
FF Extension: (Zhongwen: Chinese-English Dictionary) - C:\Users\David Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\58x27176.default-1552496324060\Extensions\{b65c7bc6-846b-4f65-b6ed-099d7e042309}.xpi [2019-03-14] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-08-23] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-08-23] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default [2020-04-25]
CHR Extension: (Slides) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-24]
CHR Extension: (Docs) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-24]
CHR Extension: (Google Drive) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-24]
CHR Extension: (YouTube) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-24]
CHR Extension: (uBlock Origin) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-04-25]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-04-25]
CHR Extension: (Sheets) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-24]
CHR Extension: (Google Docs Offline) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-24]
CHR Extension: (Avast Online Security) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-24]
CHR Extension: (Gmail) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\David Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
 
Opera: 
=======
OPR StartupUrls: "hxxps://www.startpage.com/"
OPR Extension: (AdBlock) - C:\Users\David Jackson\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2019-03-13]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0352369.inf_amd64_8df39ff66d4d8f46\B352355\atiesrxx.exe [522256 2020-03-02] (Advanced Micro Devices, Inc. -> AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5504928 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [386976 2019-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [345384 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-08-23] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-08-23] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36024 2020-02-14] (Dell Inc -> )
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705488 2018-08-30] (Intel Corporation -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [870760 2019-02-13] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [783208 2019-02-13] (Intel® Trust Services -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [290392 2019-04-03] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191768 2019-08-09] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324544 2018-01-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [833456 2017-11-14] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\NisSrv.exe [3285864 2020-03-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MsMpEng.exe [103168 2020-03-01] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0352369.inf_amd64_8df39ff66d4d8f46\B352355\atikmdag.sys [65731088 2020-03-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0352369.inf_amd64_8df39ff66d4d8f46\B352355\atikmpag.sys [589840 2020-03-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 asvpndrv; C:\WINDOWS\System32\drivers\asvpndrv.sys [31744 2014-05-18] (Astrill -> Astrill)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37856 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [206120 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [234776 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [178968 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [60696 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42984 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175920 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [500960 2020-04-20] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [109480 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85056 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851808 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [459408 2020-04-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235696 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [317280 2020-04-06] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-12] (Microsoft Corporation) [File not signed]
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74584 2018-08-30] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69984 2018-08-30] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [383328 2018-08-30] (Intel Corporation -> Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63512 2017-04-01] (Intel® Software -> Intel Corporation)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1033288 2019-05-30] (Intel® Rapid Storage Technology -> Intel Corporation)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [97176 2019-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2436376 2019-08-09] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1024848 2018-01-18] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [443480 2019-07-05] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-03-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [376544 2020-03-01] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-03-01] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-26 13:05 - 2020-04-26 13:07 - 000028689 _____ C:\Users\David Jackson\Desktop\FRST.txt
2020-04-26 12:59 - 2020-04-26 12:59 - 000003302 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2020-04-26 12:59 - 2020-04-26 12:59 - 000003118 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2020-04-26 12:48 - 2020-04-26 12:48 - 000001770 _____ C:\Users\David Jackson\Desktop\fixlist (1).txt
2020-04-26 12:47 - 2020-04-26 12:53 - 000003273 _____ C:\Users\David Jackson\Desktop\Fixlog.txt
2020-04-26 12:47 - 2020-04-26 12:47 - 002282496 _____ (Farbar) C:\Users\David Jackson\Desktop\FRST64 (1).exe
2020-04-26 12:47 - 2020-04-26 12:47 - 000000000 ____D C:\Users\David Jackson\Desktop\FRST-OlderVersion
2020-04-24 21:17 - 2020-04-24 21:17 - 000000000 ____D C:\Users\David Jackson\AppData\LocalLow\IGDump
2020-04-24 13:53 - 2020-04-24 13:53 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-24 13:53 - 2020-04-24 13:53 - 000002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-24 13:53 - 2020-04-24 13:53 - 000002334 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-24 13:51 - 2020-04-26 00:20 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-04-24 13:51 - 2020-04-26 00:20 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-04-23 18:10 - 2020-04-23 18:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-04-23 17:52 - 2020-04-23 17:53 - 008196784 _____ (Malwarebytes) C:\Users\David Jackson\Desktop\adwcleaner_8.0.4.exe
2020-04-23 12:13 - 2020-04-23 12:13 - 001965536 _____ (Malwarebytes) C:\Users\David Jackson\Desktop\MBSetup.exe
2020-04-22 17:10 - 2020-04-22 17:10 - 001153541 _____ C:\Users\David Jackson\Desktop\Keeping Intouch FV1.pdf
2020-04-21 13:05 - 2020-04-21 13:05 - 014566496 _____ (ESET spol. s r.o.) C:\Users\David Jackson\Downloads\esetonlinescanner.exe
2020-04-20 18:02 - 2020-04-20 18:02 - 000150813 _____ C:\Users\David Jackson\Downloads\chidiamonds.epub
2020-04-20 14:58 - 2020-04-20 14:58 - 000500960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2020-04-19 10:57 - 2020-04-19 10:57 - 000467528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-18 18:44 - 2020-04-18 18:44 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-18 18:44 - 2020-04-18 18:44 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-18 18:44 - 2020-04-18 18:44 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-18 18:44 - 2020-04-18 18:44 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-18 18:44 - 2020-04-18 18:44 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-18 18:44 - 2020-04-18 18:44 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-18 18:44 - 2020-04-18 18:44 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-18 18:44 - 2020-04-18 18:44 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-18 18:43 - 2020-04-18 18:44 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-18 18:43 - 2020-04-18 18:43 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-18 18:43 - 2020-04-18 18:43 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-18 18:43 - 2020-04-18 18:43 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-18 18:43 - 2020-04-18 18:43 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-18 18:43 - 2020-04-18 18:43 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-18 18:43 - 2020-04-18 18:43 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-18 18:43 - 2020-04-18 18:43 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-18 18:43 - 2020-04-18 18:43 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-18 18:43 - 2020-04-18 18:43 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-18 18:43 - 2020-04-18 18:43 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-18 18:43 - 2020-04-18 18:43 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-18 18:43 - 2020-04-18 18:43 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-18 18:43 - 2020-04-18 18:43 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-18 18:43 - 2020-04-18 18:43 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-18 18:43 - 2020-04-18 18:43 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-18 18:43 - 2020-04-18 18:43 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-18 18:43 - 2020-04-18 18:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-18 18:42 - 2020-04-18 18:42 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-18 18:42 - 2020-04-18 18:42 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-18 18:42 - 2020-04-18 18:42 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-18 18:42 - 2020-04-18 18:42 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-18 18:42 - 2020-04-18 18:42 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-18 18:42 - 2020-04-18 18:42 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-18 18:42 - 2020-04-18 18:42 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-18 18:42 - 2020-04-18 18:42 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-18 18:42 - 2020-04-18 18:42 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-18 18:42 - 2020-04-18 18:42 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-18 18:42 - 2020-04-18 18:42 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-18 18:42 - 2020-04-18 18:42 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-18 18:41 - 2020-04-18 18:41 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-18 18:41 - 2020-04-18 18:41 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-18 18:41 - 2020-04-18 18:41 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-18 17:44 - 2020-04-18 17:47 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-18 17:44 - 2020-04-18 17:47 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-17 11:27 - 2020-04-17 11:27 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2020-04-16 11:03 - 2020-04-16 11:03 - 000459408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-04-10 16:01 - 2020-04-24 10:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-04-06 10:58 - 2020-04-18 11:49 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-04-06 10:57 - 2020-04-06 10:57 - 000337048 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-04-06 10:57 - 2020-04-06 10:57 - 000317280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-04-06 10:57 - 2020-04-06 10:57 - 000235696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-04-06 10:57 - 2020-04-06 10:57 - 000175920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-04-06 10:57 - 2020-04-06 10:57 - 000109480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-04-06 10:57 - 2020-04-06 10:57 - 000085056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-04-06 10:57 - 2020-04-06 10:57 - 000042984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-04-06 10:57 - 2020-04-06 10:56 - 000851808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-04-06 10:57 - 2020-04-06 10:56 - 000234776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-04-06 10:57 - 2020-04-06 10:56 - 000206120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-04-06 10:57 - 2020-04-06 10:56 - 000178968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-04-06 10:57 - 2020-04-06 10:56 - 000060696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-04-06 10:57 - 2020-04-06 10:56 - 000037856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-04-02 20:51 - 2020-04-02 20:51 - 000115594 _____ C:\Users\David Jackson\Desktop\re.zip
2020-03-29 17:26 - 2020-03-29 17:29 - 000000000 ____D C:\Users\David Jackson\Desktop\Iti
2020-03-29 00:53 - 2020-03-29 00:53 - 000000000 ____D C:\WINDOWS\Minidump
2020-03-29 00:53 - 2020-03-29 00:53 - 000000000 _____ C:\WINDOWS\Minidump\032820-59875-01.dmp
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-26 13:06 - 2020-01-24 00:15 - 000000000 ____D C:\FRST
2020-04-26 12:58 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Registration
2020-04-26 12:58 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-26 12:58 - 2018-10-17 11:39 - 000000000 __SHD C:\Users\David Jackson\IntelGraphicsProfiles
2020-04-26 12:55 - 2019-08-25 23:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-26 12:54 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-04-26 12:21 - 2019-08-25 22:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-26 01:35 - 2019-10-06 14:14 - 000000000 ____D C:\Users\David Jackson\AppData\Local\OpenShell
2020-04-26 01:19 - 2018-10-17 11:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-04-26 00:20 - 2020-03-19 15:58 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-04-26 00:20 - 2020-01-30 14:14 - 000002392 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2020-04-26 00:20 - 2020-01-30 14:14 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN
2020-04-26 00:20 - 2020-01-30 14:14 - 000002122 _____ C:\WINDOWS\system32\Tasks\StartDVR
2020-04-26 00:20 - 2019-10-11 16:41 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2020-04-26 00:20 - 2019-09-26 22:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-04-26 00:20 - 2019-08-25 23:25 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2490165305-1638453623-257508744-1001
2020-04-26 00:20 - 2019-08-25 23:13 - 000003720 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-26 00:20 - 2019-08-25 23:13 - 000003404 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-04-26 00:20 - 2019-08-25 23:13 - 000003364 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2020-04-26 00:20 - 2019-08-25 23:13 - 000003140 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2020-04-25 10:36 - 2018-12-07 13:00 - 000000000 ____D C:\ProgramData\AVAST Software
2020-04-25 01:25 - 2019-08-25 22:52 - 000000000 ____D C:\Users\David Jackson
2020-04-24 21:42 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-24 21:36 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-24 20:47 - 2018-10-17 10:44 - 000000000 ____D C:\Users\David Jackson\AppData\Roaming\vlc
2020-04-24 13:53 - 2018-11-14 16:41 - 000000000 ____D C:\Users\David Jackson\AppData\Local\Google
2020-04-24 13:52 - 2018-11-14 16:41 - 000000000 ____D C:\Program Files (x86)\Google
2020-04-24 10:59 - 2018-10-17 11:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-24 09:07 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-04-23 18:17 - 2018-10-17 11:02 - 000000000 ____D C:\Users\David Jackson\AppData\LocalLow\Mozilla
2020-04-23 18:10 - 2018-10-17 11:02 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-04-23 18:02 - 2019-10-08 22:42 - 000000000 ____D C:\Program Files\Dell
2020-04-23 18:02 - 2018-11-06 06:16 - 000000000 ____D C:\Users\David Jackson\AppData\Roaming\IObit
2020-04-23 17:59 - 2018-12-19 10:36 - 000000000 ____D C:\Users\David Jackson\AppData\Local\CrashDumps
2020-04-22 12:27 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-22 00:25 - 2019-08-23 12:22 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2020-04-21 13:05 - 2020-01-23 12:14 - 000000666 _____ C:\Users\David Jackson\Desktop\ESET Online Scanner.lnk
2020-04-19 11:02 - 2020-03-05 15:22 - 000735058 _____ C:\WINDOWS\system32\perfh010.dat
2020-04-19 11:02 - 2020-03-05 15:22 - 000135432 _____ C:\WINDOWS\system32\perfc010.dat
2020-04-19 11:02 - 2020-01-14 21:53 - 000745756 _____ C:\WINDOWS\system32\perfh00C.dat
2020-04-19 11:02 - 2020-01-14 21:53 - 000139160 _____ C:\WINDOWS\system32\perfc00C.dat
2020-04-19 11:02 - 2020-01-14 21:35 - 000696098 _____ C:\WINDOWS\system32\perfh007.dat
2020-04-19 11:02 - 2020-01-14 21:35 - 000139468 _____ C:\WINDOWS\system32\perfc007.dat
2020-04-19 11:02 - 2019-08-26 08:17 - 000395550 _____ C:\WINDOWS\system32\prfh0804.dat
2020-04-19 11:02 - 2019-08-26 08:17 - 000122334 _____ C:\WINDOWS\system32\prfc0804.dat
2020-04-19 11:02 - 2019-08-25 23:03 - 003916954 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-19 11:02 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-19 00:32 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-19 00:32 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-19 00:32 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-19 00:31 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-19 00:31 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-19 00:31 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-18 21:58 - 2019-10-08 22:52 - 000000000 ____D C:\ProgramData\PCDr
2020-04-18 21:58 - 2019-10-08 22:43 - 000000000 ____D C:\Users\David Jackson\AppData\Local\Dell Inc
2020-04-18 18:55 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-18 12:35 - 2019-10-03 13:29 - 000036192 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2020-04-17 11:28 - 2019-10-04 15:23 - 000000000 ____D C:\Program Files (x86)\Qualcomm
2020-04-16 16:06 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-16 16:06 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-15 22:29 - 2018-10-17 11:39 - 000000000 ____D C:\Users\David Jackson\AppData\Local\Packages
2020-04-10 11:34 - 2019-10-08 22:43 - 000000000 ____D C:\ProgramData\Dell Inc
2020-03-28 12:14 - 2020-02-28 09:15 - 000000000 ____D C:\Users\David Jackson\Downloads\opera autoupdate
 
==================== Files in the root of some directories ========
 
2019-01-27 14:38 - 2019-01-27 14:48 - 000000094 _____ () C:\Users\David Jackson\AppData\Roaming\AlamySizeCheck Preferences
2019-03-15 01:43 - 2019-03-15 01:43 - 039718141 _____ () C:\Users\David Jackson\AppData\Local\Ahiramto
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

#75
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Thank you for your help. Here are the VEW logs. Hope they're correct:

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 26/04/2020 1:23:07 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/04/2020 12:03:09 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DAVIDDELL2\David Jackson SID (S-1-5-21-2490165305-1638453623-257508744-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 26/04/2020 11:58:34 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 26/04/2020 11:58:34 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 26/04/2020 11:56:33 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 26/04/2020 11:55:25 AM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe GBE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 26/04/2020 11:55:21 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ACPI\INT3400\2&daba3ff&1.
 
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 26/04/2020 1:24:53 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/04/2020 11:58:39 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=UserLogon(1)
 
Log: 'Application' Date/Time: 26/04/2020 11:55:56 AM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable
 

  • 0






Similar Topics


Also tagged with one or more of these keywords: windows 10, password login, fake login screen

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP