Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I'm infected with something I do believe [Solved]

Started by sweetsuzee , Sep 07 2020 02:22 PM
Infected antivirus software

  • This topic is locked This topic is locked

#1
sweetsuzee
Posted 07 September 2020 - 02:22 PM

sweetsuzee

    Member

  • Member
  • PipPip
  • 55 posts

I am infected with nasty little gremlins that remember every single item I've ever looked at or purchased whether from Walmart, Amazon, a private company, etc. as every time I open a webpage it takes forever to open since popups are everywhere with pictures of every single item I've looked at or purchased online to the point that it is frightening.  However, in the meantime I have a more immediate need in that one of your advisors previously mentioned I should get rid of AVG.  I just received a renewal notice from them and I'm wondering what you folks suggest for antivirus, along with all other protections since the automatic renewal is in 4 days. I do have Malwarebytes loaded. 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-09-2020
Ran by suesarkis (administrator) on SUESBABY (Hewlett-Packard HP Spectre XT TouchSmart PC) (07-09-2020 12:22:04)
Running from C:\Users\suesarkis\Downloads
Loaded Profiles: suesarkis & User & Administrator
Platform: Windows 10 Home Version 1909 18363.1016 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(AOL, Inc -> AOL Inc.) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2793\AolDesktop.exe <2>
(AOL, Inc -> AOL) C:\Users\suesarkis\AppData\Local\AOLDesktop\app-11.0.2793\CefSharp.BrowserSubprocess.exe <12>
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(AVG Netherlands B.V. -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler.exe
(AVG Netherlands B.V. -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.155.333\AVGBrowserCrashHandler64.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe <2>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Secure VPN\Vpn.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Secure VPN\VpnSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupUI.exe <2>
(Corel Corporation -> Corel Corporation) C:\Program Files (x86)\Corel\WordPerfect Office X9\Programs\wpwin19.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_972058dc64815bf9\RstMwService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2007.1.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation) C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.exe
(N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation) C:\Program Files\Copernic\DesktopSearch\Copernic.Plugins.PluginsService.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(The CefSharp Authors) [File not signed] C:\Program Files\Copernic\DesktopSearch\CefSharp.BrowserSubprocess.exe <2>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [156808 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [2609680 2020-07-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X9\Programs\QFSCHD190.EXE [247512 2018-05-13] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [4126624 2016-01-22] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [AOLDesktop] => C:\Users\suesarkis\AppData\Local\AOLDesktop\AolDesktop.exe [563216 2020-08-24] (AOL, Inc -> AOL Inc.)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5482544 2020-08-17] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [Copernic Desktop Search] => C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.exe [635104 2020-03-04] (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD2369190632306] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5eebd6d3" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2369190632306 /f <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD2438971811832] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5eebd6b6" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2438971811832 /f <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD236292033243] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5f4d6ba8" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD236292033243 /f <==== ATTENTION
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe [2020-09-03] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\84.1.5543.137\Installer\chrmstp.exe [2020-08-25] (AVG Technologies USA, LLC -> AVG Technologies)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG Secure VPN.lnk [2020-04-01]
ShortcutTarget: AVG Secure VPN.lnk -> C:\Program Files (x86)\AVG\Secure VPN\Vpn.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop Launcher.lnk [2020-09-07]
ShortcutTarget: AOL Desktop Launcher.lnk -> C:\Users\suesarkis\AppData\Local\AOLDesktop\AolTrayApp.exe (AOL, Inc -> AOL Inc.)
Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyCorkboard.lnk [2017-10-15]
ShortcutTarget: MyCorkboard.lnk -> C:\Program Files (x86)\Corkboard\CORK.EXE (PC Dynamics, Inc.) [File not signed]
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop Launcher.lnk [2019-11-15]
ShortcutTarget: AOL Desktop Launcher.lnk -> C:\Users\suesarkis\AppData\Local\AOLDesktop\AolTrayApp.exe (AOL, Inc -> AOL Inc.)
BootExecute: autocheck autochk * icarus_rvrt.exe
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01AEFE23-8B51-4189-9C7B-9F6A3EE580CB} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [39176 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {0405FE5E-2941-48AF-AE02-56CAE1594428} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-11] (Adobe Inc. -> Adobe)
Task: {085A5A56-2A9C-4B2D-9AF2-44C557059D89} - System32\Tasks\AVG Secure VPN Update => C:\Program Files (x86)\AVG\Secure VPN\VpnUpdate.exe [1067384 2020-07-30] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {15AFEAF8-C948-455B-A0A2-4481BA6AFB43} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1959800 2020-08-19] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {185D8A69-4E7C-488D-AE93-83A8460CF2F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1312664 2020-08-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {1B85E52C-FE45-4013-89B4-025B9610DC7C} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1959800 2020-08-19] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {2327FDBA-E77C-4DBD-8194-A7794FD85FE4} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-02-28] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {24D159AF-2621-4816-A52D-15EB6935A314} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23819120 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {256D31FF-126F-4ECF-91D9-F7D4ACE32013} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [3858056 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {2DCAC850-E0C4-43ED-9778-33873572DB4D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1336400 2020-07-08] (Adobe Inc. -> Adobe Inc.)
Task: {30515428-0D06-4844-BAC0-7FADFE6C79C3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {31AE6321-96E8-4C12-B24B-DA824B61A316} - System32\Tasks\AVG\AVG TuneUp Update => C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus.exe [5151368 2020-07-08] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {366B36C9-EB22-4CCC-9BBD-BF52B3F13C11} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3583264 2020-06-03] (Corel Corporation -> Corel Corporation)
Task: {3A488821-1ABC-45C9-BC85-00E9BF0E7786} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\suesarkis\Downloads\esetonlinescanner_enu.exe [8149816 2019-09-29] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {48F582DD-B519-49AB-AFF7-1E812641931A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)
Task: {539DC07A-69B8-4293-8A86-A46141B01492} - System32\Tasks\AVG\AVG TuneUp Update BugReport => C:\Program Files\AVG\TuneUp\AvBugReport.exe [2812656 2020-07-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {559C1EE8-B918-4FF8-B901-40131935A0E1} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel® Trusted Connect Service -> Intel® Corporation)
Task: {57100AE3-B92D-4FC1-8D7F-8CFB19AA6707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-01] (Google Inc -> Google Inc.)
Task: {5C917868-F942-4B66-B771-5E38612C276E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {632E7769-C60E-4A67-88BD-0D154557E567} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
Task: {75BF6DE9-4FCA-4BC3-827F-FE7528955A2E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {82B94AD8-29A8-40ED-A907-224D53D80DFA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\suesarkis\Downloads\esetonlinescanner_enu.exe [8149816 2019-09-29] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {8A16F885-42CC-43BA-A14D-E4A493001610} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {8FA0207E-0F04-4B48-BD37-B2136C28A95A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-01] (Google Inc -> Google Inc.)
Task: {945F86E0-CF04-4F2A-BC2A-9165D07A9434} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118616 2020-08-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {9825C3A4-2208-4810-BB34-0E82B5F8CE3B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118616 2020-08-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {A330AAEB-37AA-4A78-86A0-81001483C172} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {A3BA81C8-77D3-4CF3-AEEC-A900AB6792FF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23819120 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9A555E0-9B0D-4230-B577-05A5E76B8619} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [1967880 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {B0885ABB-A5DF-4D8A-9340-B64A604EBC38} - System32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun => C:\Program Files (x86)\Advanced System Repair Pro 1.9.1.0.0\AdvancedSystemRepairPro.exe
Task: {B2A8DC90-58FC-4E6F-A8CF-E058AED0BD75} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {BA66CF97-BF0D-4C4A-8E44-91B8D1F91147} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
Task: {BBF33665-2444-4F15-A3F4-F7AEC254031D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {D7C58521-6404-4F1D-B081-D49AB55C30C4} - System32\Tasks\Microsoft\Windows\AVGAntiTrack\AVGAntiTrackStart => C:\Program Files (x86)\AVG Software\AntiTrack\AVGAntiTrack.exe
Task: {DEC2E8AB-AF71-4069-837A-F83ADD0F36EC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {ECA727E2-B229-46F7-8BE8-13B2B09AACF8} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.63 209.18.47.61
Tcpip\..\Interfaces\{1b626343-04a6-45cd-b559-9a91b11fb27c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a2dfdca2-88d0-4a80-a575-518f72e15f51}: [NameServer] 100.120.216.1
Tcpip\..\Interfaces\{dace9ba1-7c81-4972-8e00-a728cdf2e3da}: [DhcpNameServer] 209.18.47.63 209.18.47.61
 
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2020-03-10] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2020-03-10] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-09] (Microsoft Corporation -> Microsoft Corporation)
 
Edge: 
======
DownloadDir: C:\Users\suesarkis\Downloads
Edge Profile: C:\Users\suesarkis\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-25]
Edge DownloadDir: C:\Users\suesarkis\Downloads
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2020-03-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2020-03-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-08-17] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default [2020-09-07]
CHR DownloadDir: C:\Users\suesarkis\Desktop
CHR Notifications: Default -> hxxps://ecopowerplate.com; hxxps://gop.com; hxxps://helpx.adobe.com; hxxps://ilovemyfreedom.pushcrew.com; hxxps://ktla.com; hxxps://kubrakhademi.org; hxxps://markets.businessinsider.com; hxxps://news.mynewswire.co; hxxps://section-8-apartments.copush.com; hxxps://timesofindia.indiatimes.com; hxxps://townhall.com; hxxps://www.ae.com; hxxps://www.alibaba.com; hxxps://www.allrecipes.com; hxxps://www.aol.com; hxxps://www.att.com; hxxps://www.bettymills.com; hxxps://www.bunsinmyoven.com; hxxps://www.businessinsider.com; hxxps://www.cnet.com; hxxps://www.cousinsmainelobster.com; hxxps://www.dallasnews.com; hxxps://www.ebags.com; hxxps://www.facebook.com; hxxps://www.globalindustrial.com; hxxps://www.health.com; hxxps://www.infowars.com; hxxps://www.inspireuplift.com; hxxps://www.newsbreak.com; hxxps://www.newsmax.com; hxxps://www.reddit.com; hxxps://www.taketwotapas.com; hxxps://www.traveltrivia.com; hxxps://www.triviadaily.com; hxxps://www.triviagenius.com; hxxps://www.washingtontimes.com; hxxps://www.wayfair.com; hxxps://www.westernjournal.com; hxxps://www.westernjournalism.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311457&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2KzKng6DqDwLXGzQuImnSkuMRjGBMJKVXU9IRCVZHYmv03SMviyUpr2foFPnoYkJaB3zfa5tmymI5biZxxjmVTIbN5ffDfL8kCtQrGoxi2kMRzHbkFAtg5EnpK5Hu5iMnnZUYerfkfO61IRimZ47UAtI3vkxx%2FSpXj3joplwZyWJfCIZm2pmJkfO%2F12o7jo58hmN5FO46RpWqsGGdB92u35v50dGIfe8QyECGyKPI9WTZlPjMpXto87EcWfoMMx88%3D"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Extension: (Slides) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Entanglement Web App) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-10-08]
CHR Extension: (e-Player) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\agilokibjakdcmghlogojfbjmhbkhgmc [2020-06-08]
CHR Extension: (Docs) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (YouTube) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-08-08]
CHR Extension: (Adobe Acrobat) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-08-05]
CHR Extension: (Sheets) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-13]
CHR Extension: (Poppit!) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-03]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-26]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-03-01]
CHR Notifications: Profile 1 -> hxxps://www.allrecipes.com; hxxps://www.att.com; hxxps://www.facebook.com; hxxps://www.pinterest.com; hxxps://www.reddit.com; hxxps://www.washingtontimes.com
CHR Extension: (Slides) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-24]
CHR Extension: (Docs) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-24]
CHR Extension: (Google Drive) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-24]
CHR Extension: (YouTube) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-24]
CHR Extension: (Adobe Acrobat) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-02-24]
CHR Extension: (Sheets) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-02-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-24]
CHR Extension: (Gmail) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-11-24]
CHR Extension: (Chrome Media Router) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-29]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-07-08] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)
S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [354272 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [1072872 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [7823296 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-07-11] (AVG Netherlands B.V. -> AVG Technologies)
S3 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\84.1.5543.137\elevation_service.exe [1071864 2020-08-19] (AVG Technologies USA, LLC -> AVG Technologies)
R2 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [110608 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [12987160 2020-07-13] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10566536 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-08-30] (Malwarebytes Inc -> Malwarebytes)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SecureVpn; C:\Program Files (x86)\AVG\Secure VPN\VpnSvc.exe [6909048 2020-07-30] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [205952 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [235656 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [195720 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61064 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16320 2020-07-21] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42840 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175264 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [515600 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [109336 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [84912 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [851664 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [466816 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [217392 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgTap; C:\WINDOWS\System32\drivers\avgTap.sys [54888 2018-09-05] (AVG Technologies CZ, s.r.o. -> The OpenVPN Project)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [323848 2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-10-06] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-08-30] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [217608 2020-09-04] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197280 2020-09-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73880 2020-09-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-09-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131232 2020-09-07] (Malwarebytes Inc -> Malwarebytes)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [86632 2020-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
U1 avgbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-09-07 12:11 - 2020-09-07 12:11 - 002297344 _____ (Farbar) C:\Users\suesarkis\Downloads\FRST64 (5).exe
2020-09-07 12:00 - 2020-09-07 12:00 - 002297344 _____ (Farbar) C:\Users\suesarkis\Downloads\FRST64 (4).exe
2020-09-07 12:00 - 2020-09-07 12:00 - 002297344 _____ (Farbar) C:\Users\suesarkis\Downloads\FRST64 (3).exe
2020-09-07 12:00 - 2020-09-07 12:00 - 002297344 _____ (Farbar) C:\Users\suesarkis\Downloads\FRST64 (2).exe
2020-09-07 09:46 - 2020-09-07 09:46 - 000000258 _____ C:\Users\suesarkis\Desktop\Geeks Leads.txt
2020-09-07 08:52 - 2020-09-07 08:52 - 000002339 _____ C:\Users\suesarkis\Desktop\AOL Desktop Gold.lnk
2020-09-07 08:28 - 2020-09-07 08:28 - 000197280 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-09-07 08:28 - 2020-09-07 08:28 - 000131232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-09-07 08:28 - 2020-09-07 08:28 - 000073880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-09-05 09:47 - 2020-09-05 09:47 - 000009346 _____ C:\Users\suesarkis\Documents\2020-9-5 Food Recipients.wpd
2020-09-04 22:30 - 2020-09-04 22:56 - 001124524 _____ C:\WINDOWS\Minidump\090420-41500-01.dmp
2020-09-04 08:35 - 2020-09-04 08:35 - 000000000 ____D C:\WINDOWS\%LOCALAPPDATA%
2020-09-04 08:23 - 2020-09-04 08:23 - 000217608 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-09-03 19:38 - 2020-09-03 19:38 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-09-03 01:07 - 2020-09-05 23:28 - 000000943 _____ C:\Users\suesarkis\Desktop\Walkenhorst.txt
2020-09-01 20:51 - 2020-09-01 20:51 - 000000160 _____ C:\Users\suesarkis\Desktop\Dr Lentz.txt
2020-08-31 21:09 - 2020-08-31 21:40 - 001284420 _____ C:\WINDOWS\Minidump\083120-40421-01.dmp
2020-08-31 15:02 - 2020-08-31 15:02 - 000000000 ____D C:\Users\suesarkis\db
2020-08-31 14:59 - 2020-08-31 15:00 - 093753336 _____ (Oath Inc.) C:\Users\suesarkis\Downloads\Install_AOL_Desktop (2).exe
2020-08-31 14:58 - 2020-08-31 15:00 - 000401025 _____ C:\Users\suesarkis\Desktop\AOL Desktop Backup 2020-08-31 14-58.AolSave
2020-08-30 19:32 - 2020-08-30 19:31 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-08-29 08:56 - 2020-08-29 09:19 - 000681148 _____ C:\WINDOWS\Minidump\082920-44640-01.dmp
2020-08-26 23:48 - 2020-08-26 23:48 - 011519037 _____ C:\Users\suesarkis\Desktop\Cal Mafia.mp4
2020-08-26 13:22 - 2020-08-26 13:39 - 001154748 _____ C:\WINDOWS\Minidump\082620-46968-01.dmp
2020-08-26 13:22 - 2020-08-26 13:23 - 000530360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-08-26 11:02 - 2020-08-26 11:02 - 000000124 _____ C:\Users\suesarkis\Desktop\Voter Fraud cases.txt
2020-08-25 22:17 - 2020-08-25 22:17 - 000001402 _____ C:\Users\suesarkis\Desktop\Incontinence underwear.txt
2020-08-22 21:34 - 2020-08-22 21:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-08-22 21:34 - 2020-08-10 10:38 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-08-22 21:34 - 2020-08-10 10:37 - 000905528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-08-21 00:39 - 2020-08-21 00:52 - 000000551 _____ C:\Users\suesarkis\Desktop\Amazon gift cards.txt
2020-08-20 11:49 - 2020-08-20 11:49 - 000002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-08-20 08:02 - 2020-08-21 08:42 - 000000000 ____D C:\found.002
2020-08-19 19:09 - 2020-09-01 23:18 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2069550446-780284186-1707450264-1001
2020-08-19 19:09 - 2020-08-19 19:09 - 000002375 _____ C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-08-17 11:49 - 2020-08-17 11:49 - 000011368 _____ C:\Users\suesarkis\Documents\Food Bank List entire.wpd
2020-08-17 10:44 - 2020-08-17 10:44 - 000006549 _____ C:\Users\suesarkis\Documents\Dora Tate food recipients numberless.wpd
2020-08-13 19:03 - 2020-08-13 19:03 - 000779316 _____ C:\Users\suesarkis\Desktop\WAD_Virtual_updated.pdf
2020-08-13 14:42 - 2020-08-13 14:42 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-08-13 14:42 - 2020-08-13 14:42 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000724480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrahc.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 019852288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 018032128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 006294528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 005904896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 005013504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 004611072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 004129408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 003822592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 003637760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 003516416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 002950808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-08-13 14:41 - 2020-08-13 14:41 - 002588688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 002422384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 002259192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 002138280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 001870200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001418832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2020-08-13 14:41 - 2020-08-13 14:41 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2020-08-13 14:41 - 2020-08-13 14:41 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000738064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000359496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000343408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapisrv.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\net1.exe
2020-08-13 14:41 - 2020-08-13 14:41 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2020-08-13 14:41 - 2020-08-13 14:41 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2020-08-13 14:40 - 2020-08-13 14:41 - 007270912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 025903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 022642688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 007758848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 006526448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 006074552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 005946368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 005849872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 005767224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 005003824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 004859904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 003743056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 002799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-08-13 14:40 - 2020-08-13 14:40 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-08-13 14:40 - 2020-08-13 14:40 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directml.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 002583496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 002576896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 002022400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001740800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001672544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001420320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001282872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-08-13 14:40 - 2020-08-13 14:40 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 001197056 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000995840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000897648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000894032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000875520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000775480 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000718336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000690536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000675040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000675024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000671040 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000593480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000568128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000564488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000379704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-08-13 14:40 - 2020-08-13 14:40 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000273744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\net1.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000165176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Winlangdb.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000133256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47mrm.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000124512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\globinputhost.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000090936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acwow64.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Drivers\afunix.sys
2020-08-13 14:40 - 2020-08-13 14:40 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000000357 _____ C:\WINDOWS\system32\DrtmAuthKeyDelegate_From_20190529_To_20200303.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth1KeyDelegate.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-08-13 14:39 - 2020-08-13 14:40 - 014820352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 009932088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 006436864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 005111296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 003974376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 003806208 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 003368616 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 002766952 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 002737664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 002698048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 002085632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001654312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001482568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 001406464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001393960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001101312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000888352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000867840 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000823744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000822800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000661816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-08-13 14:39 - 2020-08-13 14:39 - 000463168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000457016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HrtfApo.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000220984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000132408 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpkinstall.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmRes.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afunix.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmprovhost.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmplpxy.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 007915864 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 007583272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 007270728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 005283776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 004565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 004005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 003727872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-08-13 14:38 - 2020-08-13 14:38 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 002717696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-08-13 14:38 - 2020-08-13 14:38 - 002552120 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 002471936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 002260312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001885184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001756592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-08-13 14:38 - 2020-08-13 14:38 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001660536 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001512848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 001366144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-08-13 14:38 - 2020-08-13 14:38 - 001338368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001182248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 001123344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000917800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-08-13 14:38 - 2020-08-13 14:38 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000716312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-08-13 14:38 - 2020-08-13 14:38 - 000548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000522688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-08-13 14:38 - 2020-08-13 14:38 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000369304 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Winlangdb.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000186472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47mrm.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\globinputhost.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguageProfileCallback.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 017792512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 007850784 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 007297536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 004625184 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2020-08-13 14:37 - 2020-08-13 14:37 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 003581240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-08-13 14:37 - 2020-08-13 14:37 - 003141632 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 002808832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 002289152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 002136064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001072128 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001059328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001055232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000875424 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\HrtfApo.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayServer.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000201544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2020-08-13 14:37 - 2020-08-13 14:37 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2020-08-13 13:44 - 2020-08-13 13:45 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-08-13 13:44 - 2020-08-13 13:45 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-08-12 10:43 - 2020-08-12 10:44 - 000000035 _____ C:\END
2020-08-12 10:43 - 2020-05-24 23:30 - 000086632 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\netfilter2.sys
2020-08-12 10:13 - 2020-08-12 10:13 - 000000000 ____D C:\ProgramData\UpdShl
2020-08-12 10:11 - 2020-08-12 10:13 - 000000000 _RSHD C:\ProgramData\Key-Base
2020-08-12 10:11 - 2020-08-12 10:11 - 000000000 ____D C:\ProgramData\{02B25B49-3E3B-7060-C715-B31FF3DAB738}
2020-08-12 10:10 - 2020-08-12 10:37 - 000002079 _____ C:\Users\suesarkis\Desktop\AVG AntiTrack.lnk
2020-08-12 10:09 - 2020-08-12 10:43 - 000000000 ____D C:\Users\suesarkis\AppData\Local\AVGAntiTrack
2020-08-12 10:07 - 2020-08-12 10:10 - 000000000 ____D C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG AntiTrack
2020-08-12 10:06 - 2020-08-12 10:07 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2020-08-12 10:06 - 2020-08-12 10:06 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2020-08-12 10:02 - 2020-08-12 10:04 - 140139360 _____ (AVG Software) C:\Users\suesarkis\Desktop\avg_antitrack_setup.exe
2020-08-11 15:28 - 2020-08-11 15:42 - 002998407 _____ C:\Users\suesarkis\Desktop\White Peacock121.mp4
2020-08-11 06:31 - 2020-09-01 23:18 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-08-11 06:22 - 2020-09-04 08:35 - 000004278 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2020-08-11 06:22 - 2020-08-11 06:22 - 000323848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2020-08-11 06:22 - 2020-08-11 06:21 - 000336520 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2020-08-11 06:21 - 2020-08-11 06:21 - 000851664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2020-08-11 06:21 - 2020-08-11 06:21 - 000515600 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2020-08-11 06:21 - 2020-08-11 06:21 - 000466816 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2020-08-11 06:21 - 2020-08-11 06:21 - 000235656 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2020-08-11 06:21 - 2020-08-11 06:21 - 000217392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2020-08-11 06:21 - 2020-08-11 06:21 - 000205952 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2020-08-11 06:21 - 2020-08-11 06:21 - 000195720 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2020-08-11 06:21 - 2020-08-11 06:21 - 000175264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2020-08-11 06:21 - 2020-08-11 06:21 - 000109336 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2020-08-11 06:21 - 2020-08-11 06:21 - 000084912 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2020-08-11 06:21 - 2020-08-11 06:21 - 000061064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2020-08-11 06:21 - 2020-08-11 06:21 - 000042840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2020-08-08 10:11 - 2020-08-08 17:26 - 000009117 _____ C:\Users\suesarkis\Documents\Working Food Recipients 8-8-2020.wpd
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-09-07 12:30 - 2019-03-18 21:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-09-07 12:25 - 2013-11-30 18:43 - 000037026 _____ C:\Users\suesarkis\Downloads\FRST.txt
2020-09-07 12:23 - 2013-11-20 14:44 - 000000000 ____D C:\FRST
2020-09-07 11:52 - 2019-09-26 10:33 - 000000000 ____D C:\Users\suesarkis\Desktop\FRST-OlderVersion
2020-09-07 11:45 - 2019-12-01 15:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-09-07 11:43 - 2020-04-04 13:04 - 000000000 ____D C:\Users\suesarkis\AppData\LocalLow\IGDump
2020-09-07 11:10 - 2019-12-01 15:55 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B2E84DCE-1944-445C-A875-3E8412E6C94E}
2020-09-07 08:52 - 2017-06-01 08:00 - 000000000 ____D C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aol Inc
2020-09-07 08:36 - 2017-07-13 21:14 - 000000000 ____D C:\ProgramData\Avg
2020-09-07 08:28 - 2014-11-23 14:39 - 000000000 __SHD C:\Users\suesarkis\IntelGraphicsProfiles
2020-09-07 08:26 - 2017-10-12 15:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-09-07 08:25 - 2019-12-01 15:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-09-06 23:32 - 2019-03-18 21:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-09-06 23:15 - 2017-09-14 23:52 - 000001829 _____ C:\Users\suesarkis\Desktop\GROCERIES.txt
2020-09-05 23:28 - 2017-07-27 16:07 - 000003391 _____ C:\Users\suesarkis\Desktop\email addresses.txt
2020-09-05 16:22 - 2019-03-18 21:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-09-05 16:22 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-09-05 14:51 - 2020-01-12 14:45 - 000000118 _____ C:\Users\suesarkis\Desktop\Ernestine.txt
2020-09-05 09:03 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-09-04 23:29 - 2019-12-01 15:09 - 000000000 ____D C:\Users\suesarkis
2020-09-04 22:30 - 2020-03-19 14:42 - 000000000 ____D C:\WINDOWS\Minidump
2020-09-04 10:50 - 2018-07-06 11:29 - 000000000 ____D C:\Users\suesarkis\AppData\Local\CrashDumps
2020-09-04 10:24 - 2013-05-23 10:25 - 000000000 ____D C:\Users\suesarkis\Documents\STOCKS
2020-09-03 23:49 - 2019-12-01 15:09 - 000000000 ____D C:\Users\Administrator
2020-09-03 13:02 - 2017-06-01 07:49 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-09-03 13:02 - 2017-06-01 07:49 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-09-03 13:02 - 2017-06-01 07:49 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-09-02 15:48 - 2013-05-23 10:22 - 000000000 ____D C:\Users\suesarkis\Documents\PHONE BOOK
2020-09-02 08:45 - 2017-07-14 18:34 - 000000264 _____ C:\Users\suesarkis\Desktop\for Jim.txt
2020-09-01 23:18 - 2020-06-14 07:37 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-09-01 23:18 - 2020-06-14 07:37 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-09-01 23:18 - 2020-03-04 12:16 - 000002440 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTaskCore
2020-09-01 23:18 - 2019-12-01 15:55 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-09-01 23:18 - 2019-12-01 15:55 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-09-01 23:18 - 2019-12-01 15:55 - 000003118 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2020-09-01 23:18 - 2019-12-01 15:55 - 000002982 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-09-01 23:18 - 2019-12-01 15:55 - 000002896 _____ C:\WINDOWS\system32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2069550446-780284186-1707450264-1004
2020-09-01 23:18 - 2019-12-01 15:55 - 000002602 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-09-01 23:18 - 2019-12-01 15:55 - 000002444 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000002392 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000002388 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_itype_exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000002374 _____ C:\WINDOWS\system32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000002370 _____ C:\WINDOWS\system32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-09-01 20:58 - 2013-05-23 10:21 - 000000000 ____D C:\Users\suesarkis\Documents\MISC
2020-09-01 08:28 - 2020-06-14 07:38 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-09-01 08:28 - 2020-06-14 07:38 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-09-01 08:28 - 2020-06-14 07:38 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-08-31 15:02 - 2020-06-18 14:09 - 000000000 ____D C:\Users\suesarkis\AppData\Local\AOLDesktopData
2020-08-31 15:01 - 2018-06-09 17:51 - 000000000 ____D C:\Users\suesarkis\AppData\Local\D3DSCache
2020-08-31 10:58 - 2013-05-23 10:15 - 000000000 ____D C:\Users\suesarkis\Documents\Complaints
2020-08-30 19:32 - 2020-08-03 08:49 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-30 19:32 - 2020-08-03 08:49 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-30 19:32 - 2020-08-03 08:49 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-08-30 19:32 - 2019-03-18 21:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-08-30 19:31 - 2020-08-03 08:37 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-08-30 17:10 - 2013-05-20 14:48 - 000000000 ____D C:\Users\suesarkis\Documents\JOKES
2020-08-29 21:42 - 2020-05-17 21:52 - 000002968 _____ C:\Users\suesarkis\Desktop\Tenants.txt
2020-08-28 18:19 - 2017-06-02 16:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-08-26 16:18 - 2019-03-18 21:50 - 000000000 ____D C:\WINDOWS\INF
2020-08-25 08:47 - 2018-07-11 07:52 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2020-08-25 08:47 - 2018-07-11 07:52 - 000002342 _____ C:\Users\Public\Desktop\AVG Secure Browser.lnk
2020-08-25 08:47 - 2018-07-11 07:52 - 000002342 _____ C:\ProgramData\Desktop\AVG Secure Browser.lnk
2020-08-24 15:03 - 2018-04-26 18:20 - 000000000 ____D C:\Users\suesarkis\AppData\Local\AOLDesktop
2020-08-24 15:01 - 2017-06-01 07:59 - 000000000 ____D C:\Users\suesarkis\AppData\Local\SquirrelTemp
2020-08-19 19:09 - 2014-12-28 20:34 - 000000000 ___RD C:\Users\suesarkis\OneDrive
2020-08-16 18:50 - 2013-04-24 08:40 - 000000000 ____D C:\Users\suesarkis\Documents\POLITICAL
2020-08-15 08:33 - 2019-12-01 15:23 - 000842668 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-08-14 20:03 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-08-14 08:23 - 2013-01-14 11:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-08-14 08:22 - 2017-12-09 17:00 - 000000000 ___RD C:\Users\suesarkis\3D Objects
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-08-13 22:11 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\servicing
2020-08-13 14:57 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-08-12 10:05 - 2017-06-02 22:27 - 000000000 ____D C:\ProgramData\Package Cache
2020-08-12 09:58 - 2017-10-12 13:15 - 000000000 ____D C:\Program Files (x86)\AVG
2020-08-08 17:12 - 2016-10-11 10:27 - 000000000 ____D C:\Users\suesarkis\Documents\RELIGION
 
==================== Files in the root of some directories ========
 
2015-02-11 19:02 - 2015-02-11 19:02 - 000880208 _____ (Google Inc.) C:\Users\suesarkis\ChromeSetup.exe
2019-12-01 10:41 - 2019-12-01 10:41 - 000000538 _____ () C:\Program Files (x86)\LMIR0838B001.tmp_r.bat
2019-12-01 13:57 - 2019-12-01 13:57 - 000000738 _____ () C:\Program Files (x86)\LMIR0B414001.tmp.bat
2019-12-01 13:57 - 2019-12-01 13:57 - 000000538 _____ () C:\Program Files (x86)\LMIR0B414001.tmp_r.bat
2019-12-01 13:51 - 2019-12-01 13:51 - 000000556 _____ () C:\Users\suesarkis\AppData\Local\LMIR09622001.tmp_r.bat
2019-12-01 14:18 - 2019-12-01 14:18 - 000000756 _____ () C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp.bat
2019-12-01 14:18 - 2019-12-01 14:18 - 000000556 _____ () C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp_r.bat
2017-11-17 09:38 - 2017-11-17 09:38 - 000000017 _____ () C:\Users\suesarkis\AppData\Local\resmon.resmoncfg
2017-10-15 07:43 - 2017-07-28 14:57 - 000105744 _____ (Bomgar) C:\Users\suesarkis\AppData\Local\Z@H!-147561942927653119494-32.tmp
2017-10-15 07:43 - 2017-07-28 14:57 - 000123152 _____ (Bomgar) C:\Users\suesarkis\AppData\Local\Z@H!-147561942927653119494-64.tmp
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 

 

==================== End of FRST.txt ========================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2020

Ran by suesarkis (07-09-2020 12:35:16)
Running from C:\Users\suesarkis\Downloads
Windows 10 Home Version 1909 18363.1016 (X64) (2019-12-01 22:57:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2069550446-780284186-1707450264-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2069550446-780284186-1707450264-503 - Limited - Disabled)
Guest (S-1-5-21-2069550446-780284186-1707450264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2069550446-780284186-1707450264-1003 - Limited - Enabled)
suesarkis (S-1-5-21-2069550446-780284186-1707450264-1001 - Administrator - Enabled) => C:\Users\suesarkis
User (S-1-5-21-2069550446-780284186-1707450264-1004 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2069550446-780284186-1707450264-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}
FW: AVG Antivirus (Enabled) {77FCDD80-5C3B-5549-57A4-B1A62BD5FB8F}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20043 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
AOL Desktop Gold (HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\AOLDesktop) (Version: 11.0.2793 - Oath Inc.)
AOL Desktop Gold (HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\AOLDesktop) (Version: 11.0.1268 - Oath Inc.)
AVG AntiTrack (HKLM-x32\...\AVGAntiTrack) (Version: 2.1.0.62 - AVG Technologies)
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 20.6.3135 - AVG Technologies)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 84.1.5543.137 - AVG Technologies)
AVG Secure VPN (HKLM\...\{078F51FA-D92F-419A-9E69-08BC59265F7E}_is1) (Version: 1.10.765 - AVG)
AVG TuneUp (HKLM\...\AVG TuneUp) (Version: 20.1.1997.256 - AVG)
AVG Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.155.333 - AVG Technologies) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copernic Desktop Search (HKLM\...\{CFC6FE00-2609-4D6D-8209-C232864B9861}) (Version: 7.1.2.13449 - Copernic) Hidden
Copernic Desktop Search (HKLM\...\CopernicDesktopSearch7) (Version: 7.1.2.13449 - Copernic)
Corel Update Manager (HKLM-x32\...\{970F0689-74EE-4847-82DD-37F33D62C6A5}) (Version: 2.13.594 - Corel corporation) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Free Countdown Timer (HKLM-x32\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 85.0.4183.83 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HP LaserJet Pro M402-M403 n-dne (HKLM-x32\...\{e2164336-c5d8-4ac9-a53b-125779c4c21b}) (Version: 16.0.17174.675 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{2D0909B2-FA33-4C36-8845-BF930A5A945E}) (Version: 3.0.26.20 - HP) Hidden
HPLJPRoM402M403ndne (HKLM-x32\...\{58532038-B97D-4C9B-9B96-C70D5EA763F4}) (Version: 0.10.0000 - Hewlett-Packard) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.11.1193 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{66afb482-3029-428f-8283-135d3c272132}) (Version: 19.00.0000.4496 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.0.3.1080 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C81FD018-F151-460F-B4F9-0D58039503E2}) (Version: 17.2.4.9002 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Malwarebytes version 4.2.0.82 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.0.82 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13029.20344 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 85.0.564.44 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.29 - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.2.116.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{406C9ADB-1325-4FD0-9D13-C119CFF64E0A}) (Version: 2.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MyCorkboard Screen Saver (HKLM-x32\...\Corkboard) (Version:  - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13029.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.6 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.6 - Corel Corporation)
WordPerfect Office X7 - IPM Content HSE (HKLM-x32\...\{8E879C65-6BA7-4108-9A0D-C455A30ECAF6}) (Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM HSE (HKLM-x32\...\{D55537B5-123F-4CEE-A56C-557582FA285D}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X9 - Common Files (HKLM-x32\...\{50567D26-6C7E-4A3E-9752-BE23977A6C8D}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Common Files English (HKLM-x32\...\{97D165C7-7B4C-442D-9DC6-FE0240A1C98C}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - IPM Content HSE (HKLM-x32\...\{2C332DEE-CB1A-4C4C-A976-7F6FBBDA08F1}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - IPM HSE (HKLM-x32\...\{EF04AF62-9B04-470E-B2EB-D28EE053D991}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Lightning Files (HKLM-x32\...\{5D00E927-0798-4F5D-83B2-A60AFA4C7B93}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Lightning Files English (HKLM-x32\...\{0705BB45-E2C0-41AF-A24D-BB66FB78F574}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Oxford (HKLM-x32\...\{9B32CB12-C951-417E-8490-EAD6E56D920D}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Presentations Files (HKLM-x32\...\{6C2494D8-AA48-49E8-8449-BCDA8BB7F01C}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Presentations Files English (HKLM-x32\...\{C55FBD71-ACA9-495F-9EBA-EB23A51206D0}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Quattro Pro Files (HKLM-x32\...\{B085C003-6454-4512-A3CB-B873E4F8ABEF}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Quattro Pro Files English (HKLM-x32\...\{941020B9-7483-4FA2-B40B-C56815361DAB}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Redists (HKLM-x32\...\{8092CE83-3E55-499F-B746-06E6825C7381}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Setup Files (HKLM-x32\...\{F5784FBC-42E2-429F-A7CF-34959D995957}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - WordPerfect Files (HKLM-x32\...\{55D49A6A-BCBE-40A4-8A9E-1AEC5F125CAC}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - WordPerfect Files English (HKLM-x32\...\{6052701D-0BA0-4AC9-9E7C-0209E0CB2873}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - WPD format Props x64 (HKLM\...\{32B843EE-A124-4DBE-84D0-BB2AE22FF5C1}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Writing Tools Files (HKLM-x32\...\{116B261F-1198-4F52-B46A-D6C3A70171FA}) (Version: 19.0 -  Corel Corporation) Hidden
WordPerfect Office X9 (HKLM-x32\...\_{F5784FBC-42E2-429F-A7CF-34959D995957}) (Version: 19.0.0.325 - Corel Corporation)
WordPerfect Office X9 (HKLM-x32\...\{60338C41-EFE7-42C2-9442-46AE4FE90CC5}) (Version: 19.0 - Corel Corporation) Hidden
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-01-21] (Autodesk Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-27] (HP Inc.)
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2020-01-21] (Keeper Security Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-22] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.6.10070.0_x64__8wekyb3d8bbwe [2020-01-21] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-23] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-06-11] (Adobe Systems Incorporated)
RICOH Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.RICOHDriverUtility_4.6.0.0_x86__fxme7667cy4q4 [2020-02-14] (Ricoh Company, Ltd.)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-13] (Synaptics Incorporated)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2020-01-21] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2069550446-780284186-1707450264-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [CopernicFileShellContextMenuExtension] -> {fad66f81-4ada-3a28-a8d3-97f227e9abc4} => C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.ShellContextMenu.dll [2020-03-04] (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers2: [CopernicFolderShellContextMenuExtension] -> {c29b51af-17b7-3bf8-a3c1-93920128ef65} => C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.ShellContextMenu.dll [2020-03-04] (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {0c5824b1-555e-4799-b8be-97b08362623b} => c:\Program Files (x86)\Corel\WordPerfect Office X9\Programs\PFSE190.DLL [2018-05-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed]
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [CopernicFolderShellContextMenuExtension] -> {c29b51af-17b7-3bf8-a3c1-93920128ef65} => C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.ShellContextMenu.dll [2020-03-04] (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {0c5824b1-555e-4799-b8be-97b08362623b} => c:\Program Files (x86)\Corel\WordPerfect Office X9\Programs\PFSE190.DLL [2018-05-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [CopernicFolderShellContextMenuExtension] -> {c29b51af-17b7-3bf8-a3c1-93920128ef65} => C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.ShellContextMenu.dll [2020-03-04] (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-08-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers2_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers6_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyCorkboard Screen Saver\Special Offers.lnk -> hxxp://www.mycorkboard.com/SpecialOffers.as
Shortcut: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyCorkboard Screen Saver\Visit MyCorkboard.com.lnk -> hxxp://www.mycorkboard.com
ShortcutWithArgument: C:\Users\suesarkis\Desktop\Sweetsuzee - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
 
==================== Loaded Modules (Whitelisted) =============
 
2019-11-03 02:45 - 2019-11-03 02:45 - 001225216 _____ () [File not signed] C:\Program Files\Copernic\DesktopSearch\CefSharp.BrowserSubprocess.Core.dll
2019-11-03 02:45 - 2019-11-03 02:45 - 001869312 _____ () [File not signed] C:\Program Files\Copernic\DesktopSearch\CefSharp.Core.dll
2019-07-27 08:57 - 2019-07-27 08:57 - 112718336 _____ () [File not signed] C:\Program Files\Copernic\DesktopSearch\libcef.dll
2009-09-16 19:44 - 2009-09-16 19:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 19:45 - 2009-09-16 19:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 12:44 - 2009-09-16 12:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2019-02-25 14:15 - 2019-02-25 14:15 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2009-09-16 19:45 - 2009-09-16 19:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
2019-07-27 08:57 - 2019-07-27 08:57 - 000869376 _____ (The Chromium Authors) [File not signed] C:\Program Files\Copernic\DesktopSearch\chrome_elf.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-06-01 07:47 - 2020-02-29 16:05 - 000450599 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15459 more lines.
 
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;c:\Program Files\Intel\WiFi\bin\;c:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2069550446-780284186-1707450264-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2069550446-780284186-1707450264-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.18.47.63 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AOL OnePoint.lnk"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Digital Coupon Print Driver"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\StartupFolder: => "AOL Desktop Launcher.lnk"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\StartupFolder: => "MyCorkboard.lnk"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "Copernic Desktop Search - Home"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "Embedded Callback - remotesupport.aol.com"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "FreeAC"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "FreeCT"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "AOLDesktop"
HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\StartupApproved\StartupFolder: => "AOL Desktop Launcher.lnk"
HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2069550446-780284186-1707450264-1004\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-2069550446-780284186-1707450264-500\...\StartupApproved\Run: => "OneDriveSetup"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{644E8E3F-A22B-438C-9991-E79FCE7AEE80}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6FA02D24-8C66-4400-9D74-DB957DF26456}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{26A6A246-CD82-4BA1-A8FA-DF8EFF017DAF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FD5CA861-AF5A-4745-B6CF-8C9972039858}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{691BB49A-75DB-48CB-AE42-979AB3D5E7A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{171D7A6E-D088-4CC2-A349-679171E9DA0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{362CD2AD-DD29-4461-B961-06AFF91EC639}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2849DD0E-4B2C-41D6-8F6C-270D8B695EA8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{351E634D-B39D-4303-89E9-108F28D4CFCA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{56DFA6EE-B223-48DA-AE2D-7B6FB7B42EA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AFF96C6E-87ED-48B0-9140-E9FBF107C4DD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{20476A79-F171-41B9-8A9F-AC2AA3C5D0D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BCAFC238-F073-46A9-989F-09EC7909000D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3121FCA4-0227-4705-83A9-FEA5E7D75193}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{835B0B78-5478-41AD-B336-95A81D30AFAD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9244B37B-4BD6-4502-A28A-566F4B89C988}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3CD4EA73-50E6-4ED3-821B-42EDFC036842}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8C95CD6D-AA8F-4418-9B6F-50058C112E3E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{88388D18-1D93-4892-BC4C-04008E4A7C45}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6CD4C8C-7F69-4F51-988A-13EF795379E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C7D888F4-5E25-419A-AA35-A65EF831CEFD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E35B656B-CE90-4FB8-8F13-EFED49EA09BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A415169A-3696-4674-9C2A-69E130772B05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FFB02FD5-DDE7-40E8-8139-2DF0883E6689}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2BB0580-314A-47EE-B439-D281FA70A33C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5061C8D4-DBED-4796-8760-442AEF3C4F10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8DDDB957-5175-421C-B86B-5F7B90E5A2AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0D862E8-9DE5-4B32-B102-2EF907BEC393}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD31E2C6-F3EB-4453-BCFE-B9241D7770E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4DA0C036-3986-4D21-BEC2-7E7A5866CB21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1F967218-F25E-454F-89E0-D0A8A7E7A35B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{54C4B7BB-0E96-490E-8C45-FC7C2B7D7FB8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{18296F8A-B57F-48C7-95AB-0E1F218B7D43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E3D6C282-FF9F-41BC-AAF3-43BC982D8687}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6B48C52A-F93C-4C86-BD6B-A080A06AC8FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F09221EE-7648-42C5-B166-DBCE3A859307}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5E44700D-544F-421A-9275-0E13366A81B4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CCF1E509-4E11-407A-912A-28D1EB193B88}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{54C20567-1CA6-4DCB-84E3-91E28531BC4A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EC585C8D-30EA-49C5-994B-CDC871132BD3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{F9AF2762-4334-4687-BF0D-77BF0B03E8CF}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{34798627-A975-441B-B281-E8AA0015473F}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{7A5484C7-E126-486A-A83D-AA35BD6DEFA1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{6EED88CA-2AFE-4B7C-8729-D55D4B1BDA9C}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{93B0CC9B-5194-43B5-9135-3C944AB5E55D}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{C0978A63-9B6B-4132-AFE8-45D3061E40CF}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{287A1AC2-C261-4096-B923-B712F5B287E1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{E0FE3271-C6C4-48D5-84D1-8D3101A60ADB}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{4DC9DC3E-1F8A-4702-9F9F-034668F3F4F6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{60E196CD-2BA2-4ADD-8EDD-9514118C9CCC}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{AD13F1CC-2C57-4016-AB73-7A2C964DDBA6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{5849A25F-9F8C-4803-8AD9-BA8C9CCF9ED1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe => No File
FirewallRules: [{0DE47B94-519F-42C0-8D1F-70FD43447FD1}] => (Allow) C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
FirewallRules: [TCP Query User{7093B2BC-D81B-4A88-8491-1D9E9E74FBB8}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{9CFF8D2A-5771-4F7F-90C1-5A785E705078}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe => No File
FirewallRules: [{0465935A-48A2-4394-9C58-239FC8F41820}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{51BC37A2-EFC6-4E76-AD5B-981860A1D7AD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B7BE7EC3-26C1-4DC8-AE90-2108C240B75B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1D4E3B8-CE06-4DD1-8985-CE867AB0A314}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{886D9901-F86F-465A-93A7-234ED9FF916B}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{7A872F75-0DAE-4033-984F-80A9E5D28EC9}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe => No File
FirewallRules: [{2D16B19C-B78D-45B0-8ED3-D22B487672B7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0AFBC62C-62C7-4A69-A315-1B86D89801BC}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{22115C3F-4926-4277-9040-3D16E6A99CA6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe => No File
FirewallRules: [{6190C3AF-F761-43FF-959D-061A5B507267}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, LLC -> AVG Technologies)
FirewallRules: [TCP Query User{EFCDA0CA-A386-47D5-B29D-15CDAE4CCFE3}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2793\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2793\cefsharp.browsersubprocess.exe (AOL, Inc -> AOL)
FirewallRules: [UDP Query User{C4F5DBC4-7E72-4E7E-8627-4258EB62D1AD}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2793\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2793\cefsharp.browsersubprocess.exe (AOL, Inc -> AOL)
FirewallRules: [{21AA5FFB-8D6B-497B-BE5D-B983AC3852AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{51E7428C-BC24-41F2-8988-9B8A743F29C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{09F718A5-955B-43DF-9FA3-5033C197381B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0E4D34AF-8378-49E3-8D6D-F5F5727DA697}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{60A929F7-F9A7-43A6-ABE4-CC5F82AF1596}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0445FBF-940B-4122-B483-36CB108A5D18}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5F7754D6-A8EF-4FDE-8609-4D02B8288904}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9435FF40-5608-484D-AA27-3D69D7047711}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D1137A56-28A1-4537-A367-870995379059}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
03-09-2020 10:35:18 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
Name: AVG TAP Adapter v3
Description: AVG TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: avgTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/07/2020 12:01:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13756,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/07/2020 11:46:42 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15148,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/07/2020 11:12:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10228,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/07/2020 10:46:41 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10800,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/07/2020 10:29:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8036,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/07/2020 09:46:46 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14104,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/07/2020 09:07:38 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2248,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/07/2020 09:02:01 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3384,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
 
System errors:
=============
Error: (09/07/2020 08:56:32 AM) (Source: DCOM) (EventID: 10010) (User: SUESBABY)
Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (09/07/2020 08:48:58 AM) (Source: DCOM) (EventID: 10010) (User: SUESBABY)
Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (09/07/2020 08:33:32 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.
 
Error: (09/07/2020 08:31:29 AM) (Source: DCOM) (EventID: 10010) (User: SUESBABY)
Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (09/07/2020 08:31:25 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The File History Service service hung on starting.
 
Error: (09/07/2020 08:30:35 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service avg with arguments "/comsvc" in order to run the server:
{82C85EAA-7C94-4702-AA75-DF39403AE358}
 
Error: (09/07/2020 08:30:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/07/2020 08:30:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The %1!s! Update Service (avg) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
Windows Defender:
===================================
Date: 2020-08-26 13:53:04.539
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A83EF79B-1C54-40BA-8CEC-30976EF5DDC7}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-08-22 15:03:15.285
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {699C7A99-8BB5-4F93-BB2C-194CDBCAA81D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-08-22 08:39:53.027
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C7992FFE-4358-42A9-A902-0DF9369F879A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-08-21 08:43:59.752
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BFD15A39-521A-4FFF-87D0-7CFCCBCC5C97}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-08-19 16:50:26.379
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {629EF395-681D-4CA1-A324-BE0EF177FF5A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-08-26 13:59:15.172
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
Date: 2020-08-26 13:59:15.172
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
Date: 2020-08-26 13:59:15.171
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
Date: 2020-08-26 13:38:50.344
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
Date: 2020-08-26 13:38:50.344
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
CodeIntegrity:
===================================
 
Date: 2020-09-07 12:46:50.348
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-07 12:46:50.333
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-07 12:46:49.512
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-07 12:46:49.494
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-07 12:46:41.039
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-07 12:46:40.861
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-07 12:46:30.571
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-07 12:46:30.529
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Insyde F.04 11/10/2012
Motherboard: Hewlett-Packard 1886
Processor: Intel® Core™ i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 72%
Total physical RAM: 8088.28 MB
Available physical RAM: 2227.82 MB
Total Virtual: 9880.28 MB
Available Virtual: 2495.19 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:444.93 GB) (Free:339.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.19 GB) (Free:2.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (OD3.0 SSD) (Removable) (Total:117.53 GB) (Free:48.03 GB) FAT32
 
\\?\Volume{a4e7abf3-f886-47bb-96ff-bc698ba7c3ae}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFS
\\?\Volume{6f3b996f-1ccc-4000-95d7-0bd109594337}\ () (Fixed) (Total:0.87 GB) (Free:0.24 GB) NTFS
\\?\Volume{01376181-7b57-4385-8f74-5719a12592e7}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F893BEDB)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 65103047)
 
Partition: GPT.
 
==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 117.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=117.6 GB) - (Type=0C)
 
==================== End of Addition.txt =======================

  • 0

Advertisements

#2
DR M
Posted 07 September 2020 - 02:41 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hi, sweetsuzee.

 

I am DR M and I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. You have to reply to my posts within four days. If you need some additional time, just let me know. If I don't get any reply from you within these three days, the topic will be closed. You can send me a personal message if you still want help, after this period of time.

2. Always ask before act! Do not continue if you are not sure, or if something unexpected happens!

3. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

4. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. I will be with you, as far as I can.

================================================

 

I am currently reviewing your logs. This will take some time. :)


  • 0

#3
sweetsuzee
Posted 07 September 2020 - 03:16 PM

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Understood and will do. Take all the time you need. However, if your instructions will eventually have me deleting AVG I hope that will happen before I pay an annual renewal fee.  As a very disabled septuagenarian, I truly appreciate all the assistance you can afford.


  • 0

#4
DR M
Posted 08 September 2020 - 10:30 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hi, sweetsuzee.

 

I wanted to tell you that I will be back to you soon and before the 3 days left for the AVG annual renewal fee. Thank you for your patience. :)


  • 1

#5
sweetsuzee
Posted 08 September 2020 - 11:53 AM

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

I'd rather you take it slow and steady to analyze correctly rather than give me wrong instructions.  Take all the time you need - within the AVG timeline, of course.  LOL  Thanks, Sue


  • 0

#6
DR M
Posted 09 September 2020 - 08:04 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hi, Sue.

 

Wrong instructions??? Never!!! :prop:

 

Thank you for your patience.

 

I will also recommend you to uninstall AVG and keep the built-in Windows 10 antivirus solution, Windows Defender. It is good enough to keep you safe, along with Malwarebytes you already have, considering that you follow the safe computing rules.

You have also a few programs that I recommend you to uninstall:

Defraggler

 

Windows 10 automatically defrags in background weekly by default. There is no point in using a third-party software for this action.

AVG TuneUp

 

Most of the times optimizers do more harm rather than any good.
You may want to read about pc cleaners, optimizers, boosters, registry cleaners in the following articles:

https://www.howtogee...or-fix-crashes/
https://blog.malware...ital-snake-oil/
https://support.micr...aning-utilities

Outdata Java

 

You have outdated Java installed in your computer. It has been stated that old versions of Java are responsible for a great percentage of the vulnerabilities in Windows systems exploited by malware. Therefore, it's important to keep everything updated. Here, I'm asking you to uninstall Java. If you really need it, you can install the newest version at the end of the cleaning procedure.

Spybpot - Search & Destroy

 

Many antivirus software in the system may conflict with each other and cause the following:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

 

So... let's start work!

1. Uninstall programs:

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
Defraggler
AVG AntiTrack
AVG Internet Security
AVG Secure Browser
AVG Secure VPN
AVG TuneUp
Java 8 Update 181
Java 8 Update 201
Spybot - Search & Destroy
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer at the end of the procedure.

 

Use AVG Clear

After restarting the computer, please download and run AVG Clear to completely uninstall AVG. Follow the instructions here.


2. Notifications

You mentioned that you are getting pop ups. The fact that your browsers are set to be receiving notifications from so many sites it is a main reason for that.

Did you intentionally set your browsers to be receiving notifications from all these sites?

hxxps://ecopowerplate.com;
hxxps://gop.com;
hxxps://helpx.adobe.com;
hxxps://ilovemyfreedom.pushcrew.com;
hxxps://ktla.com; hxxps://kubrakhademi.org;
hxxps://markets.businessinsider.com;
hxxps://news.mynewswire.co;
hxxps://section-8-apartments.copush.com;
hxxps://timesofindia.indiatimes.com;
hxxps://townhall.com; hxxps://www.ae.com;
hxxps://www.alibaba.com;
hxxps://www.allrecipes.com;
hxxps://www.aol.com;
hxxps://www.att.com;
hxxps://www.bettymills.com;
hxxps://www.bunsinmyoven.com;
hxxps://www.businessinsider.com;
hxxps://www.cnet.com;
hxxps://www.cousinsmainelobster.com;
hxxps://www.dallasnews.com;
hxxps://www.ebags.com;
hxxps://www.facebook.com;
hxxps://www.globalindustrial.com;
hxxps://www.health.com;
hxxps://www.infowars.com;
hxxps://www.inspireuplift.com;
hxxps://www.newsbreak.com;
hxxps://www.newsmax.com;
hxxps://www.reddit.com;
hxxps://www.taketwotapas.com;
hxxps://www.traveltrivia.com;
hxxps://www.triviadaily.com;
hxxps://www.triviagenius.com;
hxxps://www.washingtontimes.com;
hxxps://www.wayfair.com;
hxxps://www.westernjournal.com;
hxxps://www.westernjournalism.com;
hxxps://www.youtube.com
hxxps://www.allrecipes.com;
hxxps://www.att.com;
hxxps://www.facebook.com;
hxxps://www.pinterest.com;
hxxps://www.reddit.com;
hxxps://www.washingtontimes.com

 

3. Search.yahoo.com

I would recommend you to change/remove this start up page in Chrome: search.yahoo.com. Yahoo Search is a legitimate search engine, but it may also be set by a browser hijacker. If you didn't set it, then let me know.


4. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

 

 


  • 0

#7
sweetsuzee
Posted 09 September 2020 - 05:55 PM

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

I would like to thank you in advance for your time and trouble on my behalf.  I believe I did everything you wanted me to do.  However, I am quite confused about the Search.yahoo.com matter as I thought my default was to Google Chrome.  I know every now and then BING tries to sneak in and I change it back but try as I might, I have found no indication of the Search,yahoo,com so please tell me where do I look.  Also, the popups that I get have to do with orders I place and then they haunt me forever.  My purchases are usually from Amazon or Walmart but I do shop from other places.  Regardless, please tell me where you found that concise list with hxxps://www as opposed to https//www.  I've never seen the exes before.  LOL

 

Now another issue, the BSOD stop code hit me twice in the past week.  Both times was uneventful and considering what the Blue Screen meant years ago, the current fix seems better. However, obviously something is wrong somewhere and I do not know what to do about it.  If I didn't mention before, I'm still a DOS person in my mind.  LOL   Anyway, here's the logs -

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-09-2020
Ran by suesarkis (administrator) on SUESBABY (Hewlett-Packard HP Spectre XT TouchSmart PC) (09-09-2020 14:48:07)
Running from C:\Users\suesarkis\Desktop
Loaded Profiles: suesarkis
Platform: Windows 10 Home Version 1909 18363.1016 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Comfort Software Group -> Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_972058dc64815bf9\RstMwService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2007.1.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation) C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.exe
(N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation) C:\Program Files\Copernic\DesktopSearch\Copernic.Plugins.PluginsService.exe
(N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Systems) C:\Program Files\Copernic\DesktopSearch\DesktopSearchOutlookConnector.exe
(PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\CORK.EXE
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320056 2019-02-28] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X9\Programs\QFSCHD190.EXE [247512 2018-05-13] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\RunOnce: [AvgRemover] => C:\WINDOWS\system32\avgremoverx.exe /run_number=2 /max_runs=2 /ndis_nextstep=4 /norestart /selfremove
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [4126624 2016-01-22] (Comfort Software Group -> Comfort Software Group)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [AOLDesktop] => C:\Users\suesarkis\AppData\Local\AOLDesktop\AolDesktop.exe [563216 2020-09-08] (AOL, Inc -> AOL Inc.)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5482544 2020-08-17] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Run: [Copernic Desktop Search] => C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.exe [635104 2020-03-04] (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD2369190632306] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5eebd6d3" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2369190632306 /f <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD2438971811832] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5eebd6b6" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2438971811832 /f <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD236292033243] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5f4d6ba8" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD236292033243 /f <==== ATTENTION
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe [2020-09-03] (Google LLC -> Google LLC)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop Launcher.lnk [2020-09-09]
ShortcutTarget: AOL Desktop Launcher.lnk -> C:\Users\suesarkis\AppData\Local\AOLDesktop\AolTrayApp.exe (AOL, Inc -> AOL Inc.)
Startup: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyCorkboard.lnk [2017-10-15]
ShortcutTarget: MyCorkboard.lnk -> C:\Program Files (x86)\Corkboard\CORK.EXE (PC Dynamics, Inc.) [File not signed]
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop Launcher.lnk [2019-11-15]
ShortcutTarget: AOL Desktop Launcher.lnk -> C:\Users\suesarkis\AppData\Local\AOLDesktop\AolTrayApp.exe (AOL, Inc -> AOL Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01AEFE23-8B51-4189-9C7B-9F6A3EE580CB} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [39176 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {0405FE5E-2941-48AF-AE02-56CAE1594428} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-11] (Adobe Inc. -> Adobe)
Task: {185D8A69-4E7C-488D-AE93-83A8460CF2F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1312664 2020-08-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {24D159AF-2621-4816-A52D-15EB6935A314} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23819120 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DCAC850-E0C4-43ED-9778-33873572DB4D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1336400 2020-07-08] (Adobe Inc. -> Adobe Inc.)
Task: {30515428-0D06-4844-BAC0-7FADFE6C79C3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {366B36C9-EB22-4CCC-9BBD-BF52B3F13C11} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3583264 2020-06-03] (Corel Corporation -> Corel Corporation)
Task: {3A488821-1ABC-45C9-BC85-00E9BF0E7786} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\suesarkis\Downloads\esetonlinescanner_enu.exe [8149816 2019-09-29] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {48F582DD-B519-49AB-AFF7-1E812641931A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)
Task: {559C1EE8-B918-4FF8-B901-40131935A0E1} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel® Trusted Connect Service -> Intel® Corporation)
Task: {57100AE3-B92D-4FC1-8D7F-8CFB19AA6707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-01] (Google Inc -> Google Inc.)
Task: {75BF6DE9-4FCA-4BC3-827F-FE7528955A2E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {82B94AD8-29A8-40ED-A907-224D53D80DFA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\suesarkis\Downloads\esetonlinescanner_enu.exe [8149816 2019-09-29] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {8FA0207E-0F04-4B48-BD37-B2136C28A95A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-06-01] (Google Inc -> Google Inc.)
Task: {945F86E0-CF04-4F2A-BC2A-9165D07A9434} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118616 2020-08-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {9825C3A4-2208-4810-BB34-0E82B5F8CE3B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118616 2020-08-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {A330AAEB-37AA-4A78-86A0-81001483C172} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {A3BA81C8-77D3-4CF3-AEEC-A900AB6792FF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23819120 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9A555E0-9B0D-4230-B577-05A5E76B8619} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [1967880 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {B0885ABB-A5DF-4D8A-9340-B64A604EBC38} - System32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun => C:\Program Files (x86)\Advanced System Repair Pro 1.9.1.0.0\AdvancedSystemRepairPro.exe
Task: {BA66CF97-BF0D-4C4A-8E44-91B8D1F91147} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {BBF33665-2444-4F15-A3F4-F7AEC254031D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {DEC2E8AB-AF71-4069-837A-F83ADD0F36EC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.63 209.18.47.61
Tcpip\..\Interfaces\{1b626343-04a6-45cd-b559-9a91b11fb27c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dace9ba1-7c81-4972-8e00-a728cdf2e3da}: [DhcpNameServer] 209.18.47.63 209.18.47.61
 
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-09] (Microsoft Corporation -> Microsoft Corporation)
 
Edge: 
======
DownloadDir: C:\Users\suesarkis\Downloads
Edge Profile: C:\Users\suesarkis\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-25]
Edge DownloadDir: C:\Users\suesarkis\Downloads
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-08-17] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default [2020-09-09]
CHR DownloadDir: C:\Users\suesarkis\Desktop
CHR Notifications: Default -> hxxps://ecopowerplate.com; hxxps://gop.com; hxxps://helpx.adobe.com; hxxps://ilovemyfreedom.pushcrew.com; hxxps://ktla.com; hxxps://kubrakhademi.org; hxxps://markets.businessinsider.com; hxxps://news.mynewswire.co; hxxps://section-8-apartments.copush.com; hxxps://timesofindia.indiatimes.com; hxxps://townhall.com; hxxps://www.ae.com; hxxps://www.alibaba.com; hxxps://www.allrecipes.com; hxxps://www.aol.com; hxxps://www.att.com; hxxps://www.bettymills.com; hxxps://www.bunsinmyoven.com; hxxps://www.businessinsider.com; hxxps://www.cnet.com; hxxps://www.cousinsmainelobster.com; hxxps://www.dallasnews.com; hxxps://www.ebags.com; hxxps://www.facebook.com; hxxps://www.globalindustrial.com; hxxps://www.health.com; hxxps://www.infowars.com; hxxps://www.inspireuplift.com; hxxps://www.newsbreak.com; hxxps://www.newsmax.com; hxxps://www.reddit.com; hxxps://www.taketwotapas.com; hxxps://www.traveltrivia.com; hxxps://www.triviadaily.com; hxxps://www.triviagenius.com; hxxps://www.washingtontimes.com; hxxps://www.wayfair.com; hxxps://www.westernjournal.com; hxxps://www.westernjournalism.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311457&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2KzKng6DqDwLXGzQuImnSkuMRjGBMJKVXU9IRCVZHYmv03SMviyUpr2foFPnoYkJaB3zfa5tmymI5biZxxjmVTIbN5ffDfL8kCtQrGoxi2kMRzHbkFAtg5EnpK5Hu5iMnnZUYerfkfO61IRimZ47UAtI3vkxx%2FSpXj3joplwZyWJfCIZm2pmJkfO%2F12o7jo58hmN5FO46RpWqsGGdB92u35v50dGIfe8QyECGyKPI9WTZlPjMpXto87EcWfoMMx88%3D"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Extension: (Slides) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Entanglement Web App) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2017-10-08]
CHR Extension: (e-Player) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\agilokibjakdcmghlogojfbjmhbkhgmc [2020-06-08]
CHR Extension: (Docs) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-01]
CHR Extension: (YouTube) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-01]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-08-08]
CHR Extension: (Adobe Acrobat) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-08-05]
CHR Extension: (Sheets) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-13]
CHR Extension: (Poppit!) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2017-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-03]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-26]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-03-01]
CHR Notifications: Profile 1 -> hxxps://www.allrecipes.com; hxxps://www.att.com; hxxps://www.facebook.com; hxxps://www.pinterest.com; hxxps://www.reddit.com; hxxps://www.washingtontimes.com
CHR Extension: (Slides) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-24]
CHR Extension: (Docs) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-24]
CHR Extension: (Google Drive) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-24]
CHR Extension: (YouTube) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-24]
CHR Extension: (Adobe Acrobat) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-02-24]
CHR Extension: (Sheets) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-02-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-11-24]
CHR Extension: (Gmail) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-11-24]
CHR Extension: (Chrome Media Router) - C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-29]
CHR Profile: C:\Users\suesarkis\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-07-08] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10566536 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-08-30] (Malwarebytes Inc -> Malwarebytes)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 avgTap; C:\WINDOWS\System32\drivers\avgTap.sys [54888 2018-09-05] (AVG Technologies CZ, s.r.o. -> The OpenVPN Project)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-10-06] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-08-30] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [217608 2020-09-04] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-08-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197280 2020-09-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73880 2020-09-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-09-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131232 2020-09-09] (Malwarebytes Inc -> Malwarebytes)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
U1 avgbdisk; no ImagePath
S1 netfilter2; system32\drivers\netfilter2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-09-09 14:48 - 2020-09-09 14:49 - 000026962 _____ C:\Users\suesarkis\Desktop\FRST.txt
2020-09-09 14:47 - 2020-09-09 14:47 - 002297344 _____ (Farbar) C:\Users\suesarkis\Desktop\FRST64 (2).exe
2020-09-09 14:47 - 2020-09-09 14:47 - 002297344 _____ (Farbar) C:\Users\suesarkis\Desktop\FRST64 (1).exe
2020-09-09 14:46 - 2020-09-09 14:46 - 002297344 _____ (Farbar) C:\Users\suesarkis\Desktop\FRST64.exe
2020-09-09 14:07 - 2020-09-09 14:07 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe
2020-09-09 14:07 - 2020-09-09 14:07 - 000000000 ____D C:\Program Files\Common Files\AVG
2020-09-09 13:58 - 2020-09-09 13:58 - 000197280 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-09-09 13:58 - 2020-09-09 13:58 - 000131232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-09-09 13:58 - 2020-09-09 13:58 - 000073880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-09-09 13:52 - 2020-09-09 13:52 - 000002339 _____ C:\Users\suesarkis\Desktop\AOL Desktop Gold.lnk
2020-09-09 13:51 - 2020-09-09 13:53 - 000002928 _____ C:\Users\suesarkis\Desktop\Geeks instructions.txt
2020-09-09 13:51 - 2020-09-09 13:51 - 000000085 _____ C:\WINDOWS\wininit.ini
2020-09-09 13:27 - 2020-09-09 13:27 - 000000035 _____ C:\END
2020-09-09 13:20 - 2020-09-09 13:20 - 000000246 _____ C:\Users\suesarkis\Desktop\Kaiser appointment.txt
2020-09-08 20:01 - 2020-09-08 20:01 - 005977466 _____ C:\Users\suesarkis\Desktop\Jon Voight Do or Die.mp4
2020-09-08 15:37 - 2020-09-08 16:03 - 001094172 _____ C:\WINDOWS\Minidump\090820-44484-01.dmp
2020-09-08 09:42 - 2020-09-08 09:42 - 004536073 _____ C:\Users\suesarkis\Desktop\We Are Democrats_.mp4
2020-09-07 16:59 - 2020-09-07 16:59 - 000482126 _____ C:\Users\suesarkis\Desktop\trummp.mp4
2020-09-07 12:35 - 2020-09-07 12:48 - 000064068 _____ C:\Users\suesarkis\Downloads\Addition.txt
2020-09-07 12:11 - 2020-09-07 12:11 - 002297344 _____ (Farbar) C:\Users\suesarkis\Downloads\FRST64 (5).exe
2020-09-07 12:00 - 2020-09-07 12:00 - 002297344 _____ (Farbar) C:\Users\suesarkis\Downloads\FRST64 (4).exe
2020-09-07 12:00 - 2020-09-07 12:00 - 002297344 _____ (Farbar) C:\Users\suesarkis\Downloads\FRST64 (3).exe
2020-09-07 12:00 - 2020-09-07 12:00 - 002297344 _____ (Farbar) C:\Users\suesarkis\Downloads\FRST64 (2).exe
2020-09-07 09:46 - 2020-09-07 23:43 - 000001957 _____ C:\Users\suesarkis\Desktop\Geeks Leads.txt
2020-09-05 09:47 - 2020-09-05 09:47 - 000009346 _____ C:\Users\suesarkis\Documents\2020-9-5 Food Recipients.wpd
2020-09-04 22:30 - 2020-09-04 22:56 - 001124524 _____ C:\WINDOWS\Minidump\090420-41500-01.dmp
2020-09-04 08:35 - 2020-09-04 08:35 - 000000000 ____D C:\WINDOWS\%LOCALAPPDATA%
2020-09-04 08:23 - 2020-09-04 08:23 - 000217608 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-09-03 19:38 - 2020-09-03 19:38 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-09-03 01:07 - 2020-09-05 23:28 - 000000943 _____ C:\Users\suesarkis\Desktop\Walkenhorst.txt
2020-09-01 20:51 - 2020-09-01 20:51 - 000000160 _____ C:\Users\suesarkis\Desktop\Dr Lentz.txt
2020-08-31 21:09 - 2020-08-31 21:40 - 001284420 _____ C:\WINDOWS\Minidump\083120-40421-01.dmp
2020-08-31 15:02 - 2020-08-31 15:02 - 000000000 ____D C:\Users\suesarkis\db
2020-08-31 14:59 - 2020-08-31 15:00 - 093753336 _____ (Oath Inc.) C:\Users\suesarkis\Downloads\Install_AOL_Desktop (2).exe
2020-08-31 14:58 - 2020-08-31 15:00 - 000401025 _____ C:\Users\suesarkis\Desktop\AOL Desktop Backup 2020-08-31 14-58.AolSave
2020-08-30 19:32 - 2020-08-30 19:31 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-08-29 08:56 - 2020-08-29 09:19 - 000681148 _____ C:\WINDOWS\Minidump\082920-44640-01.dmp
2020-08-26 23:48 - 2020-08-26 23:48 - 011519037 _____ C:\Users\suesarkis\Desktop\Cal Mafia.mp4
2020-08-26 13:22 - 2020-08-26 13:39 - 001154748 _____ C:\WINDOWS\Minidump\082620-46968-01.dmp
2020-08-26 13:22 - 2020-08-26 13:23 - 000530360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-08-26 11:02 - 2020-08-26 11:02 - 000000124 _____ C:\Users\suesarkis\Desktop\Voter Fraud cases.txt
2020-08-25 22:17 - 2020-08-25 22:17 - 000001402 _____ C:\Users\suesarkis\Desktop\Incontinence underwear.txt
2020-08-22 21:34 - 2020-08-22 21:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-08-22 21:34 - 2020-08-10 10:38 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-08-22 21:34 - 2020-08-10 10:37 - 000905528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-08-21 00:39 - 2020-08-21 00:52 - 000000551 _____ C:\Users\suesarkis\Desktop\Amazon gift cards.txt
2020-08-20 11:49 - 2020-08-20 11:49 - 000002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-08-20 08:02 - 2020-08-21 08:42 - 000000000 ____D C:\found.002
2020-08-19 19:09 - 2020-09-01 23:18 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2069550446-780284186-1707450264-1001
2020-08-19 19:09 - 2020-08-19 19:09 - 000002375 _____ C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-08-17 11:49 - 2020-08-17 11:49 - 000011368 _____ C:\Users\suesarkis\Documents\Food Bank List entire.wpd
2020-08-17 10:44 - 2020-08-17 10:44 - 000006549 _____ C:\Users\suesarkis\Documents\Dora Tate food recipients numberless.wpd
2020-08-13 19:03 - 2020-08-13 19:03 - 000779316 _____ C:\Users\suesarkis\Desktop\WAD_Virtual_updated.pdf
2020-08-13 14:42 - 2020-08-13 14:42 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-08-13 14:42 - 2020-08-13 14:42 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000724480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2020-08-13 14:42 - 2020-08-13 14:42 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrahc.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 019852288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 018032128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 006294528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 005904896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 005013504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 004611072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 004129408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 003822592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 003637760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 003516416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 002950808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-08-13 14:41 - 2020-08-13 14:41 - 002588688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 002422384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 002259192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 002138280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 001870200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001418832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2020-08-13 14:41 - 2020-08-13 14:41 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2020-08-13 14:41 - 2020-08-13 14:41 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000738064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000359496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000343408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2020-08-13 14:41 - 2020-08-13 14:41 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapisrv.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\net1.exe
2020-08-13 14:41 - 2020-08-13 14:41 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2020-08-13 14:41 - 2020-08-13 14:41 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-08-13 14:41 - 2020-08-13 14:41 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2020-08-13 14:40 - 2020-08-13 14:41 - 007270912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 025903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 022642688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 007758848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 006526448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 006074552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 005946368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 005849872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 005767224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 005003824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 004859904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 003743056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 002799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-08-13 14:40 - 2020-08-13 14:40 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-08-13 14:40 - 2020-08-13 14:40 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directml.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 002583496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 002576896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 002022400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001740800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001672544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001420320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001282872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-08-13 14:40 - 2020-08-13 14:40 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 001197056 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 001009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000995840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000897648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000894032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000875520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000775480 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000718336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000690536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000675040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000675024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000671040 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000593480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000568128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000564488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000379704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-08-13 14:40 - 2020-08-13 14:40 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000273744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\net1.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000165176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Winlangdb.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000133256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47mrm.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000124512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\globinputhost.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000090936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acwow64.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Drivers\afunix.sys
2020-08-13 14:40 - 2020-08-13 14:40 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2020-08-13 14:40 - 2020-08-13 14:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-08-13 14:40 - 2020-08-13 14:40 - 000000357 _____ C:\WINDOWS\system32\DrtmAuthKeyDelegate_From_20190529_To_20200303.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth1KeyDelegate.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-08-13 14:40 - 2020-08-13 14:40 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-08-13 14:39 - 2020-08-13 14:40 - 014820352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 009932088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 006436864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 005111296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 003974376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 003806208 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 003368616 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 002766952 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 002737664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 002698048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 002085632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001654312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001482568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 001406464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001393960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 001101312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000888352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000867840 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000823744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000822800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000661816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-08-13 14:39 - 2020-08-13 14:39 - 000463168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000457016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HrtfApo.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000220984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000132408 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpkinstall.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmRes.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afunix.sys
2020-08-13 14:39 - 2020-08-13 14:39 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmprovhost.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-08-13 14:39 - 2020-08-13 14:39 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmplpxy.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-08-13 14:39 - 2020-08-13 14:39 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 007915864 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 007583272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 007270728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 005283776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 004565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 004005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 003727872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-08-13 14:38 - 2020-08-13 14:38 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 002717696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-08-13 14:38 - 2020-08-13 14:38 - 002552120 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 002471936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 002260312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001885184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001756592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-08-13 14:38 - 2020-08-13 14:38 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001660536 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001512848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 001366144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-08-13 14:38 - 2020-08-13 14:38 - 001338368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001182248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 001123344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000917800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-08-13 14:38 - 2020-08-13 14:38 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000716312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-08-13 14:38 - 2020-08-13 14:38 - 000548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000522688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-08-13 14:38 - 2020-08-13 14:38 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000369304 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Winlangdb.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000186472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47mrm.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\globinputhost.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-08-13 14:38 - 2020-08-13 14:38 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguageProfileCallback.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-08-13 14:38 - 2020-08-13 14:38 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 017792512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 007850784 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 007297536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 004625184 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2020-08-13 14:37 - 2020-08-13 14:37 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 003581240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-08-13 14:37 - 2020-08-13 14:37 - 003141632 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 002808832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 002289152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 002136064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001072128 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001059328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 001055232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000875424 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\HrtfApo.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayServer.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000201544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2020-08-13 14:37 - 2020-08-13 14:37 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2020-08-13 14:37 - 2020-08-13 14:37 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-08-13 14:37 - 2020-08-13 14:37 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2020-08-13 13:44 - 2020-08-13 13:45 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-08-13 13:44 - 2020-08-13 13:45 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-08-12 10:13 - 2020-08-12 10:13 - 000000000 ____D C:\ProgramData\UpdShl
2020-08-12 10:11 - 2020-08-12 10:13 - 000000000 _RSHD C:\ProgramData\Key-Base
2020-08-12 10:11 - 2020-08-12 10:11 - 000000000 ____D C:\ProgramData\{02B25B49-3E3B-7060-C715-B31FF3DAB738}
2020-08-12 10:06 - 2020-08-12 10:07 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2020-08-12 10:06 - 2020-08-12 10:06 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2020-08-12 10:02 - 2020-08-12 10:04 - 140139360 _____ (AVG Software) C:\Users\suesarkis\Desktop\avg_antitrack_setup.exe
2020-08-11 15:28 - 2020-08-11 15:42 - 002998407 _____ C:\Users\suesarkis\Desktop\White Peacock121.mp4
2020-08-11 06:31 - 2020-09-01 23:18 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-09-09 14:49 - 2013-11-20 14:44 - 000000000 ____D C:\FRST
2020-09-09 14:45 - 2019-03-18 21:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-09-09 14:08 - 2018-05-18 09:51 - 000000000 ____D C:\Users\suesarkis\AppData\Local\AVG
2020-09-09 13:58 - 2020-04-04 13:04 - 000000000 ____D C:\Users\suesarkis\AppData\LocalLow\IGDump
2020-09-09 13:58 - 2014-11-23 14:39 - 000000000 __SHD C:\Users\suesarkis\IntelGraphicsProfiles
2020-09-09 13:56 - 2019-12-01 15:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-09-09 13:56 - 2017-10-12 15:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-09-09 13:56 - 2017-10-12 13:15 - 000000000 ____D C:\Program Files (x86)\AVG
2020-09-09 13:55 - 2019-03-18 21:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-09-09 13:52 - 2017-06-01 08:00 - 000000000 ____D C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aol Inc
2020-09-09 13:51 - 2017-10-12 15:17 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-09-09 13:41 - 2019-12-01 15:55 - 000003094 _____ C:\WINDOWS\system32\Tasks\Java Platform SE Auto Updater
2020-09-09 11:09 - 2019-12-01 15:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-09-09 09:29 - 2019-12-01 15:55 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B2E84DCE-1944-445C-A875-3E8412E6C94E}
2020-09-09 00:01 - 2019-03-18 21:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-09-09 00:01 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-09-08 17:14 - 2019-12-01 15:09 - 000000000 ____D C:\Users\suesarkis
2020-09-08 15:37 - 2020-03-19 14:42 - 000000000 ____D C:\WINDOWS\Minidump
2020-09-08 14:32 - 2018-04-26 18:20 - 000000000 ____D C:\Users\suesarkis\AppData\Local\AOLDesktop
2020-09-08 14:30 - 2017-06-01 07:59 - 000000000 ____D C:\Users\suesarkis\AppData\Local\SquirrelTemp
2020-09-07 18:42 - 2013-05-23 10:22 - 000000000 ____D C:\Users\suesarkis\Documents\PHONE BOOK
2020-09-07 16:29 - 2013-05-15 11:30 - 000000000 ____D C:\Users\suesarkis\Documents\PASSWORDS
2020-09-07 12:48 - 2013-11-30 18:43 - 000098336 _____ C:\Users\suesarkis\Downloads\FRST.txt
2020-09-07 11:52 - 2019-09-26 10:33 - 000000000 ____D C:\Users\suesarkis\Desktop\FRST-OlderVersion
2020-09-06 23:15 - 2017-09-14 23:52 - 000001829 _____ C:\Users\suesarkis\Desktop\GROCERIES.txt
2020-09-05 23:28 - 2017-07-27 16:07 - 000003391 _____ C:\Users\suesarkis\Desktop\email addresses.txt
2020-09-05 14:51 - 2020-01-12 14:45 - 000000118 _____ C:\Users\suesarkis\Desktop\Ernestine.txt
2020-09-05 09:03 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-09-04 10:50 - 2018-07-06 11:29 - 000000000 ____D C:\Users\suesarkis\AppData\Local\CrashDumps
2020-09-04 10:24 - 2013-05-23 10:25 - 000000000 ____D C:\Users\suesarkis\Documents\STOCKS
2020-09-03 23:49 - 2019-12-01 15:09 - 000000000 ____D C:\Users\Administrator
2020-09-03 13:02 - 2017-06-01 07:49 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-09-03 13:02 - 2017-06-01 07:49 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-09-03 13:02 - 2017-06-01 07:49 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-09-02 08:45 - 2017-07-14 18:34 - 000000264 _____ C:\Users\suesarkis\Desktop\for Jim.txt
2020-09-01 23:18 - 2020-06-14 07:37 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-09-01 23:18 - 2020-06-14 07:37 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-09-01 23:18 - 2020-03-04 12:16 - 000002440 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTaskCore
2020-09-01 23:18 - 2019-12-01 15:55 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-09-01 23:18 - 2019-12-01 15:55 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-09-01 23:18 - 2019-12-01 15:55 - 000003118 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2020-09-01 23:18 - 2019-12-01 15:55 - 000002982 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-09-01 23:18 - 2019-12-01 15:55 - 000002896 _____ C:\WINDOWS\system32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2069550446-780284186-1707450264-1004
2020-09-01 23:18 - 2019-12-01 15:55 - 000002602 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-09-01 23:18 - 2019-12-01 15:55 - 000002444 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000002392 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000002388 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_itype_exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000002374 _____ C:\WINDOWS\system32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000002370 _____ C:\WINDOWS\system32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2020-09-01 23:18 - 2019-12-01 15:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-09-01 20:58 - 2013-05-23 10:21 - 000000000 ____D C:\Users\suesarkis\Documents\MISC
2020-09-01 08:28 - 2020-06-14 07:38 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-09-01 08:28 - 2020-06-14 07:38 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-09-01 08:28 - 2020-06-14 07:38 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-08-31 15:02 - 2020-06-18 14:09 - 000000000 ____D C:\Users\suesarkis\AppData\Local\AOLDesktopData
2020-08-31 15:01 - 2018-06-09 17:51 - 000000000 ____D C:\Users\suesarkis\AppData\Local\D3DSCache
2020-08-31 10:58 - 2013-05-23 10:15 - 000000000 ____D C:\Users\suesarkis\Documents\Complaints
2020-08-30 19:32 - 2020-08-03 08:49 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-30 19:32 - 2020-08-03 08:49 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-30 19:32 - 2020-08-03 08:49 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-08-30 19:32 - 2019-03-18 21:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-08-30 19:31 - 2020-08-03 08:37 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-08-30 17:10 - 2013-05-20 14:48 - 000000000 ____D C:\Users\suesarkis\Documents\JOKES
2020-08-29 21:42 - 2020-05-17 21:52 - 000002968 _____ C:\Users\suesarkis\Desktop\Tenants.txt
2020-08-28 18:19 - 2017-06-02 16:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-08-26 16:18 - 2019-03-18 21:50 - 000000000 ____D C:\WINDOWS\INF
2020-08-19 19:09 - 2014-12-28 20:34 - 000000000 ___RD C:\Users\suesarkis\OneDrive
2020-08-16 18:50 - 2013-04-24 08:40 - 000000000 ____D C:\Users\suesarkis\Documents\POLITICAL
2020-08-15 08:33 - 2019-12-01 15:23 - 000842668 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-08-14 20:03 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-08-14 08:23 - 2013-01-14 11:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-08-14 08:22 - 2017-12-09 17:00 - 000000000 ___RD C:\Users\suesarkis\3D Objects
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-08-13 22:11 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-08-13 22:11 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\servicing
2020-08-13 14:57 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-08-12 10:05 - 2017-06-02 22:27 - 000000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories ========
 
2015-02-11 19:02 - 2015-02-11 19:02 - 000880208 _____ (Google Inc.) C:\Users\suesarkis\ChromeSetup.exe
2019-12-01 10:41 - 2019-12-01 10:41 - 000000538 _____ () C:\Program Files (x86)\LMIR0838B001.tmp_r.bat
2019-12-01 13:57 - 2019-12-01 13:57 - 000000738 _____ () C:\Program Files (x86)\LMIR0B414001.tmp.bat
2019-12-01 13:57 - 2019-12-01 13:57 - 000000538 _____ () C:\Program Files (x86)\LMIR0B414001.tmp_r.bat
2019-12-01 13:51 - 2019-12-01 13:51 - 000000556 _____ () C:\Users\suesarkis\AppData\Local\LMIR09622001.tmp_r.bat
2019-12-01 14:18 - 2019-12-01 14:18 - 000000756 _____ () C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp.bat
2019-12-01 14:18 - 2019-12-01 14:18 - 000000556 _____ () C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp_r.bat
2017-11-17 09:38 - 2017-11-17 09:38 - 000000017 _____ () C:\Users\suesarkis\AppData\Local\resmon.resmoncfg
2017-10-15 07:43 - 2017-07-28 14:57 - 000105744 _____ (Bomgar) C:\Users\suesarkis\AppData\Local\Z@H!-147561942927653119494-32.tmp
2017-10-15 07:43 - 2017-07-28 14:57 - 000123152 _____ (Bomgar) C:\Users\suesarkis\AppData\Local\Z@H!-147561942927653119494-64.tmp
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2020
Ran by suesarkis (09-09-2020 14:50:59)
Running from C:\Users\suesarkis\Desktop
Windows 10 Home Version 1909 18363.1016 (X64) (2019-12-01 22:57:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2069550446-780284186-1707450264-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2069550446-780284186-1707450264-503 - Limited - Disabled)
Guest (S-1-5-21-2069550446-780284186-1707450264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2069550446-780284186-1707450264-1003 - Limited - Enabled)
suesarkis (S-1-5-21-2069550446-780284186-1707450264-1001 - Administrator - Enabled) => C:\Users\suesarkis
User (S-1-5-21-2069550446-780284186-1707450264-1004 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2069550446-780284186-1707450264-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
FW: AVG Antivirus (Enabled) {77FCDD80-5C3B-5549-57A4-B1A62BD5FB8F}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20043 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
AOL Desktop Gold (HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\AOLDesktop) (Version: 11.0.2811 - Oath Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copernic Desktop Search (HKLM\...\{CFC6FE00-2609-4D6D-8209-C232864B9861}) (Version: 7.1.2.13449 - Copernic) Hidden
Copernic Desktop Search (HKLM\...\CopernicDesktopSearch7) (Version: 7.1.2.13449 - Copernic)
Corel Update Manager (HKLM-x32\...\{970F0689-74EE-4847-82DD-37F33D62C6A5}) (Version: 2.13.594 - Corel corporation) Hidden
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Free Countdown Timer (HKLM-x32\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 85.0.4183.83 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HP LaserJet Pro M402-M403 n-dne (HKLM-x32\...\{e2164336-c5d8-4ac9-a53b-125779c4c21b}) (Version: 16.0.17174.675 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{2D0909B2-FA33-4C36-8845-BF930A5A945E}) (Version: 3.0.26.20 - HP) Hidden
HPLJPRoM402M403ndne (HKLM-x32\...\{58532038-B97D-4C9B-9B96-C70D5EA763F4}) (Version: 0.10.0000 - Hewlett-Packard) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.11.1193 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{66afb482-3029-428f-8283-135d3c272132}) (Version: 19.00.0000.4496 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.0.3.1080 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C81FD018-F151-460F-B4F9-0D58039503E2}) (Version: 17.2.4.9002 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Malwarebytes version 4.2.0.82 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.0.82 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13029.20344 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 85.0.564.44 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.29 - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.2.116.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{406C9ADB-1325-4FD0-9D13-C119CFF64E0A}) (Version: 2.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MyCorkboard Screen Saver (HKLM-x32\...\Corkboard) (Version:  - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13029.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.6 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.6 - Corel Corporation)
WordPerfect Office X7 - IPM Content HSE (HKLM-x32\...\{8E879C65-6BA7-4108-9A0D-C455A30ECAF6}) (Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM HSE (HKLM-x32\...\{D55537B5-123F-4CEE-A56C-557582FA285D}) (Version: 17.2 - Corel Corporation) Hidden
WordPerfect Office X9 - Common Files (HKLM-x32\...\{50567D26-6C7E-4A3E-9752-BE23977A6C8D}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Common Files English (HKLM-x32\...\{97D165C7-7B4C-442D-9DC6-FE0240A1C98C}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - IPM Content HSE (HKLM-x32\...\{2C332DEE-CB1A-4C4C-A976-7F6FBBDA08F1}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - IPM HSE (HKLM-x32\...\{EF04AF62-9B04-470E-B2EB-D28EE053D991}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Lightning Files (HKLM-x32\...\{5D00E927-0798-4F5D-83B2-A60AFA4C7B93}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Lightning Files English (HKLM-x32\...\{0705BB45-E2C0-41AF-A24D-BB66FB78F574}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Oxford (HKLM-x32\...\{9B32CB12-C951-417E-8490-EAD6E56D920D}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Presentations Files (HKLM-x32\...\{6C2494D8-AA48-49E8-8449-BCDA8BB7F01C}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Presentations Files English (HKLM-x32\...\{C55FBD71-ACA9-495F-9EBA-EB23A51206D0}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Quattro Pro Files (HKLM-x32\...\{B085C003-6454-4512-A3CB-B873E4F8ABEF}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Quattro Pro Files English (HKLM-x32\...\{941020B9-7483-4FA2-B40B-C56815361DAB}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Redists (HKLM-x32\...\{8092CE83-3E55-499F-B746-06E6825C7381}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Setup Files (HKLM-x32\...\{F5784FBC-42E2-429F-A7CF-34959D995957}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - WordPerfect Files (HKLM-x32\...\{55D49A6A-BCBE-40A4-8A9E-1AEC5F125CAC}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - WordPerfect Files English (HKLM-x32\...\{6052701D-0BA0-4AC9-9E7C-0209E0CB2873}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - WPD format Props x64 (HKLM\...\{32B843EE-A124-4DBE-84D0-BB2AE22FF5C1}) (Version: 19.0 - Corel Corporation) Hidden
WordPerfect Office X9 - Writing Tools Files (HKLM-x32\...\{116B261F-1198-4F52-B46A-D6C3A70171FA}) (Version: 19.0 -  Corel Corporation) Hidden
WordPerfect Office X9 (HKLM-x32\...\_{F5784FBC-42E2-429F-A7CF-34959D995957}) (Version: 19.0.0.325 - Corel Corporation)
WordPerfect Office X9 (HKLM-x32\...\{60338C41-EFE7-42C2-9442-46AE4FE90CC5}) (Version: 19.0 - Corel Corporation) Hidden
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2020-01-21] (Autodesk Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-27] (HP Inc.)
Keeper - Password Manager & Secure File Storage -> C:\Program Files\WindowsApps\KeeperSecurityInc.Keeper_14.0.33.0_x64__kejf07qmg0jnm [2020-01-21] (Keeper Security Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-22] (Microsoft Studios) [MS Ad]
Microsoft Ultimate Word Games -> C:\Program Files\WindowsApps\Microsoft.Studios.Wordament_3.6.10070.0_x64__8wekyb3d8bbwe [2020-01-21] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-23] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-06-11] (Adobe Systems Incorporated)
RICOH Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.RICOHDriverUtility_4.6.0.0_x86__fxme7667cy4q4 [2020-02-14] (Ricoh Company, Ltd.)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-13] (Synaptics Incorporated)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2020-01-21] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2069550446-780284186-1707450264-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [CopernicFileShellContextMenuExtension] -> {fad66f81-4ada-3a28-a8d3-97f227e9abc4} => C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.ShellContextMenu.dll [2020-03-04] (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
ContextMenuHandlers2: [CopernicFolderShellContextMenuExtension] -> {c29b51af-17b7-3bf8-a3c1-93920128ef65} => C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.ShellContextMenu.dll [2020-03-04] (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {0c5824b1-555e-4799-b8be-97b08362623b} => c:\Program Files (x86)\Corel\WordPerfect Office X9\Programs\PFSE190.DLL [2018-05-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-25] () [File not signed] [File is in use]
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [CopernicFolderShellContextMenuExtension] -> {c29b51af-17b7-3bf8-a3c1-93920128ef65} => C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.ShellContextMenu.dll [2020-03-04] (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {0c5824b1-555e-4799-b8be-97b08362623b} => c:\Program Files (x86)\Corel\WordPerfect Office X9\Programs\PFSE190.DLL [2018-05-13] (Corel Corporation -> Corel Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [CopernicFolderShellContextMenuExtension] -> {c29b51af-17b7-3bf8-a3c1-93920128ef65} => C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.ShellContextMenu.dll [2020-03-04] (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-08-03] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers2_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers6_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyCorkboard Screen Saver\Special Offers.lnk -> hxxp://www.mycorkboard.com/SpecialOffers.as
Shortcut: C:\Users\suesarkis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyCorkboard Screen Saver\Visit MyCorkboard.com.lnk -> hxxp://www.mycorkboard.com
ShortcutWithArgument: C:\Users\suesarkis\Desktop\Sweetsuzee - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
 
==================== Loaded Modules (Whitelisted) =============
 
2009-09-16 19:44 - 2009-09-16 19:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 19:45 - 2009-09-16 19:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 12:44 - 2009-09-16 12:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2019-02-25 14:15 - 2019-02-25 14:15 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
1998-06-08 12:06 - 1998-06-08 12:06 - 000914432 _____ (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\LEAD51N.dll
2009-09-16 19:45 - 2009-09-16 19:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
2020-04-09 07:31 - 2020-04-09 07:31 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvSubsystems32.dll
2020-04-09 07:31 - 2020-04-09 07:31 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2002-10-10 21:47 - 2002-10-10 21:47 - 000081920 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\Animate.dll
2002-10-10 21:45 - 2017-10-15 21:50 - 000139264 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\cork.dll
2002-10-10 21:47 - 2002-10-10 21:47 - 000061440 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\CALENDAR.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000065536 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\CLOCKS.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000032768 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\DECOR.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000032768 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\DIALER.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000032768 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\GENGIZMO.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000057344 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\GIZMOS.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000036864 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\NAMEPLT.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000036864 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\PICTURES.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000049152 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\STKYNOTE.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000057344 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\objects\TODOLIST.CBL
2002-10-10 21:47 - 2002-10-10 21:47 - 000077824 _____ (PC Dynamics, Inc.) [File not signed] C:\Program Files (x86)\Corkboard\public.dll
2020-04-29 19:48 - 2014-12-22 14:54 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\bass.dll
2020-04-29 19:48 - 2014-11-28 15:54 - 000021772 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\bassflac.dll
2020-04-29 19:48 - 2014-10-20 15:08 - 000017733 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\FreeCountdownTimer\basswma.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\123simsen.com -> www.123simsen.com
 
There are 7863 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-06-01 07:47 - 2020-02-29 16:05 - 000450599 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15459 more lines.
 
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;c:\Program Files\Intel\WiFi\bin\;c:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 209.18.47.63 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AOL OnePoint.lnk"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run32: => "Digital Coupon Print Driver"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "Copernic Desktop Search - Home"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "Embedded Callback - remotesupport.aol.com"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "FreeAC"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{644E8E3F-A22B-438C-9991-E79FCE7AEE80}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6FA02D24-8C66-4400-9D74-DB957DF26456}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{26A6A246-CD82-4BA1-A8FA-DF8EFF017DAF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FD5CA861-AF5A-4745-B6CF-8C9972039858}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{691BB49A-75DB-48CB-AE42-979AB3D5E7A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{171D7A6E-D088-4CC2-A349-679171E9DA0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{362CD2AD-DD29-4461-B961-06AFF91EC639}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2849DD0E-4B2C-41D6-8F6C-270D8B695EA8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{351E634D-B39D-4303-89E9-108F28D4CFCA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{56DFA6EE-B223-48DA-AE2D-7B6FB7B42EA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AFF96C6E-87ED-48B0-9140-E9FBF107C4DD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{20476A79-F171-41B9-8A9F-AC2AA3C5D0D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BCAFC238-F073-46A9-989F-09EC7909000D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3121FCA4-0227-4705-83A9-FEA5E7D75193}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{835B0B78-5478-41AD-B336-95A81D30AFAD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9244B37B-4BD6-4502-A28A-566F4B89C988}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3CD4EA73-50E6-4ED3-821B-42EDFC036842}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8C95CD6D-AA8F-4418-9B6F-50058C112E3E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{88388D18-1D93-4892-BC4C-04008E4A7C45}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6CD4C8C-7F69-4F51-988A-13EF795379E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C7D888F4-5E25-419A-AA35-A65EF831CEFD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E35B656B-CE90-4FB8-8F13-EFED49EA09BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A415169A-3696-4674-9C2A-69E130772B05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FFB02FD5-DDE7-40E8-8139-2DF0883E6689}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2BB0580-314A-47EE-B439-D281FA70A33C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5061C8D4-DBED-4796-8760-442AEF3C4F10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8DDDB957-5175-421C-B86B-5F7B90E5A2AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0D862E8-9DE5-4B32-B102-2EF907BEC393}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD31E2C6-F3EB-4453-BCFE-B9241D7770E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4DA0C036-3986-4D21-BEC2-7E7A5866CB21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1F967218-F25E-454F-89E0-D0A8A7E7A35B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{54C4B7BB-0E96-490E-8C45-FC7C2B7D7FB8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{18296F8A-B57F-48C7-95AB-0E1F218B7D43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E3D6C282-FF9F-41BC-AAF3-43BC982D8687}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6B48C52A-F93C-4C86-BD6B-A080A06AC8FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F09221EE-7648-42C5-B166-DBCE3A859307}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5E44700D-544F-421A-9275-0E13366A81B4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CCF1E509-4E11-407A-912A-28D1EB193B88}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{54C20567-1CA6-4DCB-84E3-91E28531BC4A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EC585C8D-30EA-49C5-994B-CDC871132BD3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.119.480.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{F9AF2762-4334-4687-BF0D-77BF0B03E8CF}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{34798627-A975-441B-B281-E8AA0015473F}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{7A5484C7-E126-486A-A83D-AA35BD6DEFA1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{6EED88CA-2AFE-4B7C-8729-D55D4B1BDA9C}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{93B0CC9B-5194-43B5-9135-3C944AB5E55D}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{C0978A63-9B6B-4132-AFE8-45D3061E40CF}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{287A1AC2-C261-4096-B923-B712F5B287E1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{E0FE3271-C6C4-48D5-84D1-8D3101A60ADB}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{4DC9DC3E-1F8A-4702-9F9F-034668F3F4F6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{60E196CD-2BA2-4ADD-8EDD-9514118C9CCC}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{AD13F1CC-2C57-4016-AB73-7A2C964DDBA6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{5849A25F-9F8C-4803-8AD9-BA8C9CCF9ED1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe => No File
FirewallRules: [{0DE47B94-519F-42C0-8D1F-70FD43447FD1}] => (Allow) C:\Program Files\Copernic\DesktopSearch\Copernic.DesktopSearch.exe (N. Harris Computer Corporation -> Copernic, a division of N. Harris Computer Corporation)
FirewallRules: [TCP Query User{7093B2BC-D81B-4A88-8491-1D9E9E74FBB8}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{9CFF8D2A-5771-4F7F-90C1-5A785E705078}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe => No File
FirewallRules: [{0465935A-48A2-4394-9C58-239FC8F41820}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{51BC37A2-EFC6-4E76-AD5B-981860A1D7AD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B7BE7EC3-26C1-4DC8-AE90-2108C240B75B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1D4E3B8-CE06-4DD1-8985-CE867AB0A314}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{886D9901-F86F-465A-93A7-234ED9FF916B}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{7A872F75-0DAE-4033-984F-80A9E5D28EC9}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe => No File
FirewallRules: [{2D16B19C-B78D-45B0-8ED3-D22B487672B7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0AFBC62C-62C7-4A69-A315-1B86D89801BC}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{22115C3F-4926-4277-9040-3D16E6A99CA6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{EFCDA0CA-A386-47D5-B29D-15CDAE4CCFE3}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2793\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2793\cefsharp.browsersubprocess.exe (AOL, Inc -> AOL)
FirewallRules: [UDP Query User{C4F5DBC4-7E72-4E7E-8627-4258EB62D1AD}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2793\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2793\cefsharp.browsersubprocess.exe (AOL, Inc -> AOL)
FirewallRules: [{21AA5FFB-8D6B-497B-BE5D-B983AC3852AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{51E7428C-BC24-41F2-8988-9B8A743F29C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{09F718A5-955B-43DF-9FA3-5033C197381B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0E4D34AF-8378-49E3-8D6D-F5F5727DA697}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{60A929F7-F9A7-43A6-ABE4-CC5F82AF1596}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F0445FBF-940B-4122-B483-36CB108A5D18}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5F7754D6-A8EF-4FDE-8609-4D02B8288904}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9435FF40-5608-484D-AA27-3D69D7047711}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D1137A56-28A1-4537-A367-870995379059}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
 
==================== Restore Points =========================
 
03-09-2020 10:35:18 Scheduled Checkpoint
09-09-2020 13:47:19 Removed Java 8 Update 181
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/09/2020 02:46:23 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4792,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/09/2020 02:32:28 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10656,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/09/2020 02:10:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10772,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (09/09/2020 02:07:46 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (09/09/2020 02:07:12 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
 
Error: (09/09/2020 02:07:07 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
 
Error: (09/09/2020 02:07:02 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
 
Error: (09/09/2020 02:06:57 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.
 
 
System errors:
=============
Error: (09/09/2020 02:27:17 PM) (Source: DCOM) (EventID: 10010) (User: SUESBABY)
Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (09/09/2020 02:03:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.
 
Error: (09/09/2020 02:02:18 PM) (Source: DCOM) (EventID: 10010) (User: SUESBABY)
Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (09/09/2020 01:59:40 PM) (Source: DCOM) (EventID: 10010) (User: SUESBABY)
Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (09/09/2020 01:58:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/09/2020 01:58:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (09/09/2020 01:56:59 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
 
Error: (09/09/2020 01:56:59 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.
 
 
Windows Defender:
===================================
Date: 2020-08-26 13:53:04.539
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A83EF79B-1C54-40BA-8CEC-30976EF5DDC7}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-08-22 15:03:15.285
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {699C7A99-8BB5-4F93-BB2C-194CDBCAA81D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-08-22 08:39:53.027
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C7992FFE-4358-42A9-A902-0DF9369F879A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-08-21 08:43:59.752
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BFD15A39-521A-4FFF-87D0-7CFCCBCC5C97}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-08-19 16:50:26.379
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {629EF395-681D-4CA1-A324-BE0EF177FF5A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-08-26 13:59:15.172
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
Date: 2020-08-26 13:59:15.172
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
Date: 2020-08-26 13:59:15.171
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
Date: 2020-08-26 13:38:50.344
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
Date: 2020-08-26 13:38:50.344
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.253.717.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed. 
 
CodeIntegrity:
===================================
 
Date: 2020-09-09 13:38:16.128
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-09 13:38:10.228
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-09 13:33:57.053
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-09 13:18:28.263
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-09 13:18:26.777
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-09 13:18:17.438
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-09 13:18:06.868
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-09-09 13:16:18.934
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Insyde F.04 11/10/2012
Motherboard: Hewlett-Packard 1886
Processor: Intel® Core™ i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 48%
Total physical RAM: 8088.28 MB
Available physical RAM: 4127.28 MB
Total Virtual: 16280.28 MB
Available Virtual: 11785.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:444.93 GB) (Free:334.03 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.19 GB) (Free:2.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (OD3.0 SSD) (Removable) (Total:117.53 GB) (Free:46.76 GB) FAT32
 
\\?\Volume{a4e7abf3-f886-47bb-96ff-bc698ba7c3ae}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.14 GB) NTFS
\\?\Volume{6f3b996f-1ccc-4000-95d7-0bd109594337}\ () (Fixed) (Total:0.87 GB) (Free:0.24 GB) NTFS
\\?\Volume{01376181-7b57-4385-8f74-5719a12592e7}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F893BEDB)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 65103047)
 
Partition: GPT.
 
==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 117.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=117.6 GB) - (Type=0C)
 
==================== End of Addition.txt =======================
 
 

 

I would like to thank you in advance for your time and trouble on my behalf.


  • 0

#8
DR M
Posted 10 September 2020 - 11:46 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts
Hi, Sue.

It's my pleasure helping you. No trouble at all. :)

You did a good job with uninstalling all those unnecessary programs. Since you didn't set the Search.yahoo.com by your own, we are going to remove it with a fix. As for the hxxps, actually I wanted you to check the actual site that follows that hxxps. E.g. the site in bold here: hxxps://www.taketwotapas.com. From your reply, I gather that you don't recognize those sites, and I will add them in the fix too. Please, feel free to let me know if I am wrong about these, before you run the fix.
 
1. McAfee remnants
 
Follow the instructions here (Method 2), to uninstall any McAfee remnants.


2. Please do the following to run a FRST fix:

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\RunOnce: [AvgRemover] => C:\WINDOWS\system32\avgremoverx.exe /run_number=2 /max_runs=2 /ndis_nextstep=4 /norestart /selfremove
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD2369190632306] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5eebd6d3" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2369190632306 /f <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD2438971811832] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5eebd6b6" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2438971811832 /f <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD236292033243] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5f4d6ba8" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD236292033243 /f <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {A330AAEB-37AA-4A78-86A0-81001483C172} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {BA66CF97-BF0D-4C4A-8E44-91B8D1F91147} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {B0885ABB-A5DF-4D8A-9340-B64A604EBC38} - System32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun => C:\Program Files (x86)\Advanced System Repair Pro 1.9.1.0.0\AdvancedSystemRepairPro.exe
CHR Notifications: Default -> hxxps://ecopowerplate.com; hxxps://gop.com; hxxps://helpx.adobe.com; hxxps://ilovemyfreedom.pushcrew.com; hxxps://ktla.com; hxxps://kubrakhademi.org; hxxps://markets.businessinsider.com; hxxps://news.mynewswire.co; hxxps://section-8-apartments.copush.com; hxxps://timesofindia.indiatimes.com; hxxps://townhall.com; hxxps://www.ae.com; hxxps://www.alibaba.com; hxxps://www.allrecipes.com; hxxps://www.aol.com; hxxps://www.att.com; hxxps://www.bettymills.com; hxxps://www.bunsinmyoven.com; hxxps://www.businessinsider.com; hxxps://www.cnet.com; hxxps://www.cousinsmainelobster.com; hxxps://www.dallasnews.com; hxxps://www.ebags.com; hxxps://www.facebook.com; hxxps://www.globalindustrial.com; hxxps://www.health.com; hxxps://www.infowars.com; hxxps://www.inspireuplift.com; hxxps://www.newsbreak.com; hxxps://www.newsmax.com; hxxps://www.reddit.com; hxxps://www.taketwotapas.com; hxxps://www.traveltrivia.com; hxxps://www.triviadaily.com; hxxps://www.triviagenius.com; hxxps://www.washingtontimes.com; hxxps://www.wayfair.com; hxxps://www.westernjournal.com; hxxps://www.westernjournalism.com; hxxps://www.youtube.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311457&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2KzKng6DqDwLXGzQuImnSkuMRjGBMJKVXU9IRCVZHYmv03SMviyUpr2foFPnoYkJaB3zfa5tmymI5biZxxjmVTIbN5ffDfL8kCtQrGoxi2kMRzHbkFAtg5EnpK5Hu5iMnnZUYerfkfO61IRimZ47UAtI3vkxx%2FSpXj3joplwZyWJfCIZm2pmJkfO%2F12o7jo58hmN5FO46RpWqsGGdB92u35v50dGIfe8QyECGyKPI9WTZlPjMpXto87EcWfoMMx88%3D"
CHR Notifications: Profile 1 -> hxxps://www.allrecipes.com; hxxps://www.att.com; hxxps://www.facebook.com; hxxps://www.pinterest.com; hxxps://www.reddit.com; hxxps://www.washingtontimes.com
S3 avgTap; C:\WINDOWS\System32\drivers\avgTap.sys [54888 2018-09-05] (AVG Technologies CZ, s.r.o. -> The OpenVPN Project)
U1 avgbdisk; no ImagePath
S1 netfilter2; system32\drivers\netfilter2.sys [X]
C:\WINDOWS\system32\avgremoverx.exe
C:\Program Files\Common Files\AVG
C:\Users\suesarkis\AppData\Local\AVG
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Program Files (x86)\AVG
C:\ProgramData\Spybot - Search & Destroy
C:\WINDOWS\system32\Tasks\Java Platform SE Auto Updater
C:\Program Files (x86)\Common Files\Java
C:\WINDOWS\System32\drivers\avgTap.sys
C:\Program Files (x86)\Advanced System Repair Pro 1.9.1.0.0
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
FW: AVG Antivirus (Enabled) {77FCDD80-5C3B-5549-57A4-B1A62BD5FB8F}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers2_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers6_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "FreeAC"
FirewallRules: [TCP Query User{F9AF2762-4334-4687-BF0D-77BF0B03E8CF}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{34798627-A975-441B-B281-E8AA0015473F}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{7A5484C7-E126-486A-A83D-AA35BD6DEFA1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{6EED88CA-2AFE-4B7C-8729-D55D4B1BDA9C}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{93B0CC9B-5194-43B5-9135-3C944AB5E55D}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{C0978A63-9B6B-4132-AFE8-45D3061E40CF}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{287A1AC2-C261-4096-B923-B712F5B287E1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{E0FE3271-C6C4-48D5-84D1-8D3101A60ADB}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{4DC9DC3E-1F8A-4702-9F9F-034668F3F4F6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{60E196CD-2BA2-4ADD-8EDD-9514118C9CCC}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{AD13F1CC-2C57-4016-AB73-7A2C964DDBA6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{5849A25F-9F8C-4803-8AD9-BA8C9CCF9ED1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{7093B2BC-D81B-4A88-8491-1D9E9E74FBB8}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{9CFF8D2A-5771-4F7F-90C1-5A785E705078}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{886D9901-F86F-465A-93A7-234ED9FF916B}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{7A872F75-0DAE-4033-984F-80A9E5D28EC9}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{0AFBC62C-62C7-4A69-A315-1B86D89801BC}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{22115C3F-4926-4277-9040-3D16E6A99CA6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe => No File
cmd: type C:\"Program Files (x86)"\LMIR0838B001.tmp_r.bat
cmd: type C:\"Program Files (x86)"\LMIR0B414001.tmp_r.bat
cmd: type C:\Users\suesarkis\AppData\Local\LMIR09622001.tmp_r.bat
cmd: type C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp.bat
cmd: type C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp_r.bat
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

  • 0

#9
sweetsuzee
Posted 11 September 2020 - 12:31 AM

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Dr M - For starters I want to say "thank you" for all that you are doing to help me.  I had a very rough day at the hospital today as the doctors beat me up real bad. Plus they put weird drops in my eyes due to the smoke in the air from the fires and I cannot see well right now.  In other words, having difficulty reading most of what you wrote.  I was just getting ready to go to bed so I will wait until the morning (my morning) before getting back to you.  However, yes, I recognized most of the links under the list that appeared.  I don't remember all of them now but allrecipes, facebook, aol, amazon, walmart, ATT, chase, and a whole bunch more are viable sites I visit frequently.  However, I truly don't understand how some of this works.  If we remove them I assume I would still be able to visit their URLs on my own.  Since none of this would affect my incoming emails from these various sources on a daily basis, could you tell me where would I go to erase some of the garbage on my own when they get cumbersome??  Anyway, as stated, I'm going to bed right now and I will do my very best to address these first thing in the morning before I head back to the hospital.  Oh, another thought.  Since I do recognize most of the hxxps list, by erasing them would that wipeout my automatic login for any of the sites?  I pay all of my bills online and I do ALL of my shopping online.  As a very disabled septuagenarian, I have no choice.  Good night !!  And again, thanks.


  • 0

#10
DR M
Posted 11 September 2020 - 01:01 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hi, Sue.

 

First of all I would like to wish you a fast recovery considering whatever you are dealing with. Our health is more important than our computer's health. :)

 

Adding those sites in the fix won't remove anything. What is going to happen is that you will not be getting automatically notifications from them. Personally, I would remove all these notifications, since with a refresh at the specific site you can see what's new.

 

Have a good night's sleep, and I will be here for you when you are ready.


  • 0

Advertisements

#11
sweetsuzee
Posted 11 September 2020 - 05:13 PM

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

I am beside myself.  I did everything to the best of my knowledge precisely as you requested.  When I copy and pasted the file using the right mouse click, all went well as expected.  I hit the FIX button once and waited as asked.  It didn't take anywhere near as long as I was expecting when it prompted me that it was finished.  It said something about how it was going to put the file inside the FRST64.  When I went to desktop and saw nothing, I assumed it was in the program file which proved to be negative.  I have torn this computer apart trying to locate and finally did a Copernic Desktop search.  Found it - By the way, my cancer is slowly but surely eating away at my brain which is why my computer is so important to me.  My life is int it including everyone's phone numbers and all of my passwords.  I live on the computer and until my last dying breath, I hope it stays that way.  Anyway, here's the file which has taken me an hour to find.  However, it was not named fixlog.txt either as it actually has today's date along with a little additional info.  LOL  Now I have to wonder what will happen when I no longer remember how to use Copernic.  UGH !!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-09-2020
Ran by suesarkis (11-09-2020 15:09:39) Run:2
Running from C:\Users\suesarkis\Desktop
Loaded Profiles: suesarkis
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\RunOnce: [AvgRemover] => C:\WINDOWS\system32\avgremoverx.exe /run_number=2 /max_runs=2 /ndis_nextstep=4 /norestart /selfremove
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD2369190632306] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5eebd6d3" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2369190632306 /f <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD2438971811832] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5eebd6b6" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2438971811832 /f <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD236292033243] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x5f4d6ba8" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD236292033243 /f <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {A330AAEB-37AA-4A78-86A0-81001483C172} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {BA66CF97-BF0D-4C4A-8E44-91B8D1F91147} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {B0885ABB-A5DF-4D8A-9340-B64A604EBC38} - System32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun => C:\Program Files (x86)\Advanced System Repair Pro 1.9.1.0.0\AdvancedSystemRepairPro.exe
CHR Notifications: Default -> hxxps://ecopowerplate.com; hxxps://gop.com; hxxps://helpx.adobe.com; hxxps://ilovemyfreedom.pushcrew.com; hxxps://ktla.com; hxxps://kubrakhademi.org; hxxps://markets.businessinsider.com; hxxps://news.mynewswire.co; hxxps://section-8-apartments.copush.com; hxxps://timesofindia.indiatimes.com; hxxps://townhall.com; hxxps://www.ae.com; hxxps://www.alibaba.com; hxxps://www.allrecipes.com; hxxps://www.aol.com; hxxps://www.att.com; hxxps://www.bettymills.com; hxxps://www.bunsinmyoven.com; hxxps://www.businessinsider.com; hxxps://www.cnet.com; hxxps://www.cousinsmainelobster.com; hxxps://www.dallasnews.com; hxxps://www.ebags.com; hxxps://www.facebook.com; hxxps://www.globalindustrial.com; hxxps://www.health.com; hxxps://www.infowars.com; hxxps://www.inspireuplift.com; hxxps://www.newsbreak.com; hxxps://www.newsmax.com; hxxps://www.reddit.com; hxxps://www.taketwotapas.com; hxxps://www.traveltrivia.com; hxxps://www.triviadaily.com; hxxps://www.triviagenius.com; hxxps://www.washingtontimes.com; hxxps://www.wayfair.com; hxxps://www.westernjournal.com; hxxps://www.westernjournalism.com; hxxps://www.youtube.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311457&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC2KzKng6DqDwLXGzQuImnSkuMRjGBMJKVXU9IRCVZHYmv03SMviyUpr2foFPnoYkJaB3zfa5tmymI5biZxxjmVTIbN5ffDfL8kCtQrGoxi2kMRzHbkFAtg5EnpK5Hu5iMnnZUYerfkfO61IRimZ47UAtI3vkxx%2FSpXj3joplwZyWJfCIZm2pmJkfO%2F12o7jo58hmN5FO46RpWqsGGdB92u35v50dGIfe8QyECGyKPI9WTZlPjMpXto87EcWfoMMx88%3D"
CHR Notifications: Profile 1 -> hxxps://www.allrecipes.com; hxxps://www.att.com; hxxps://www.facebook.com; hxxps://www.pinterest.com; hxxps://www.reddit.com; hxxps://www.washingtontimes.com
S3 avgTap; C:\WINDOWS\System32\drivers\avgTap.sys [54888 2018-09-05] (AVG Technologies CZ, s.r.o. -> The OpenVPN Project)
U1 avgbdisk; no ImagePath
S1 netfilter2; system32\drivers\netfilter2.sys [X]
C:\WINDOWS\system32\avgremoverx.exe
C:\Program Files\Common Files\AVG
C:\Users\suesarkis\AppData\Local\AVG
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Program Files (x86)\AVG
C:\ProgramData\Spybot - Search & Destroy
C:\WINDOWS\system32\Tasks\Java Platform SE Auto Updater
C:\Program Files (x86)\Common Files\Java
C:\WINDOWS\System32\drivers\avgTap.sys
C:\Program Files (x86)\Advanced System Repair Pro 1.9.1.0.0
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
FW: AVG Antivirus (Enabled) {77FCDD80-5C3B-5549-57A4-B1A62BD5FB8F}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers2_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
ContextMenuHandlers6_.DEFAULT: [FileLocatorPro] -> {1ED0F018-76B9-4DB9-9C06-CA0F3088F04F} =>  -> No File
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2069550446-780284186-1707450264-1001\...\StartupApproved\Run: => "FreeAC"
FirewallRules: [TCP Query User{F9AF2762-4334-4687-BF0D-77BF0B03E8CF}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{34798627-A975-441B-B281-E8AA0015473F}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{7A5484C7-E126-486A-A83D-AA35BD6DEFA1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{6EED88CA-2AFE-4B7C-8729-D55D4B1BDA9C}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{93B0CC9B-5194-43B5-9135-3C944AB5E55D}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{C0978A63-9B6B-4132-AFE8-45D3061E40CF}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{287A1AC2-C261-4096-B923-B712F5B287E1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{E0FE3271-C6C4-48D5-84D1-8D3101A60ADB}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{4DC9DC3E-1F8A-4702-9F9F-034668F3F4F6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{60E196CD-2BA2-4ADD-8EDD-9514118C9CCC}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{AD13F1CC-2C57-4016-AB73-7A2C964DDBA6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{5849A25F-9F8C-4803-8AD9-BA8C9CCF9ED1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{7093B2BC-D81B-4A88-8491-1D9E9E74FBB8}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{9CFF8D2A-5771-4F7F-90C1-5A785E705078}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{886D9901-F86F-465A-93A7-234ED9FF916B}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{7A872F75-0DAE-4033-984F-80A9E5D28EC9}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe] => (Allow) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe => No File
FirewallRules: [TCP Query User{0AFBC62C-62C7-4A69-A315-1B86D89801BC}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe => No File
FirewallRules: [UDP Query User{22115C3F-4926-4277-9040-3D16E6A99CA6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe] => (Block) C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe => No File
cmd: type C:\"Program Files (x86)"\LMIR0838B001.tmp_r.bat
cmd: type C:\"Program Files (x86)"\LMIR0B414001.tmp_r.bat
cmd: type C:\Users\suesarkis\AppData\Local\LMIR09622001.tmp_r.bat
cmd: type C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp.bat
cmd: type C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp_r.bat
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgRemover" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD2369190632306" => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD2438971811832" => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD236292033243" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A330AAEB-37AA-4A78-86A0-81001483C172}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A330AAEB-37AA-4A78-86A0-81001483C172}" => removed successfully
C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTuneUp_Task_BkGndMaintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA66CF97-BF0D-4C4A-8E44-91B8D1F91147}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA66CF97-BF0D-4C4A-8E44-91B8D1F91147}" => removed successfully
C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Java Platform SE Auto Updater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0885ABB-A5DF-4D8A-9340-B64A604EBC38}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0885ABB-A5DF-4D8A-9340-B64A604EBC38}" => removed successfully
C:\WINDOWS\System32\Tasks\AdvancedSystemRepairPro-Maintenance-Autorun => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedSystemRepairPro-Maintenance-Autorun" => removed successfully
"Chrome Notifications" => removed successfully
"Chrome StartupUrls" => removed successfully
"Chrome Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\avgTap => removed successfully
avgTap => service removed successfully
HKLM\System\CurrentControlSet\Services\avgbdisk => removed successfully
avgbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\netfilter2 => removed successfully
netfilter2 => service removed successfully
C:\WINDOWS\system32\avgremoverx.exe => moved successfully
"C:\Program Files\Common Files\AVG" => not found
C:\Users\suesarkis\AppData\Local\AVG => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\Program Files (x86)\AVG => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
"C:\WINDOWS\system32\Tasks\Java Platform SE Auto Updater" => not found
"C:\Program Files (x86)\Common Files\Java" => not found
C:\WINDOWS\System32\drivers\avgTap.sys => moved successfully
C:\Program Files (x86)\Advanced System Repair Pro 1.9.1.0.0 => moved successfully
"AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}" => removed successfully
"AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}" => removed successfully
"AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}" => removed successfully
"FW: AVG Antivirus (Enabled) {77FCDD80-5C3B-5549-57A4-B1A62BD5FB8F}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKU\.DEFAULT\Software\Classes\Drive\ShellEx\ContextMenuHandlers\FileLocatorPro => removed successfully
HKU\.DEFAULT\Software\Classes\Directory\ShellEx\ContextMenuHandlers\FileLocatorPro => removed successfully
HKU\.DEFAULT\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\FileLocatorPro => removed successfully
HKU\.DEFAULT\Software\Classes\Folder\ShellEx\ContextMenuHandlers\FileLocatorPro => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\McAfee Security Scan Plus.lnk" => removed successfully
"HKU\S-1-5-21-2069550446-780284186-1707450264-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CCleaner Monitoring" => removed successfully
"HKU\S-1-5-21-2069550446-780284186-1707450264-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring" => not found
"HKU\S-1-5-21-2069550446-780284186-1707450264-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\FreeAC" => removed successfully
"HKU\S-1-5-21-2069550446-780284186-1707450264-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FreeAC" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F9AF2762-4334-4687-BF0D-77BF0B03E8CF}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{34798627-A975-441B-B281-E8AA0015473F}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2643\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7A5484C7-E126-486A-A83D-AA35BD6DEFA1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6EED88CA-2AFE-4B7C-8729-D55D4B1BDA9C}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2664\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{93B0CC9B-5194-43B5-9135-3C944AB5E55D}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C0978A63-9B6B-4132-AFE8-45D3061E40CF}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2690\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{287A1AC2-C261-4096-B923-B712F5B287E1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E0FE3271-C6C4-48D5-84D1-8D3101A60ADB}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2706\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4DC9DC3E-1F8A-4702-9F9F-034668F3F4F6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{60E196CD-2BA2-4ADD-8EDD-9514118C9CCC}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2709\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AD13F1CC-2C57-4016-AB73-7A2C964DDBA6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5849A25F-9F8C-4803-8AD9-BA8C9CCF9ED1}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2725\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7093B2BC-D81B-4A88-8491-1D9E9E74FBB8}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9CFF8D2A-5771-4F7F-90C1-5A785E705078}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2738\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{886D9901-F86F-465A-93A7-234ED9FF916B}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7A872F75-0DAE-4033-984F-80A9E5D28EC9}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2745\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0AFBC62C-62C7-4A69-A315-1B86D89801BC}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{22115C3F-4926-4277-9040-3D16E6A99CA6}C:\users\suesarkis\appdata\local\aoldesktop\app-11.0.2760\cefsharp.browsersubprocess.exe" => removed successfully
 
========= type C:\"Program Files (x86)"\LMIR0838B001.tmp_r.bat =========
 
@echo off
echo Cleaning up LogMeIn Rescue Applet folders...
rd /S/Q "C:\Program Files (x86)\LogMeIn Rescue Applet\LMIR0838B001.tmp" > NUL
rd /S/Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet\LMIR08346001.tmp" > NUL
rd /Q "C:\WINDOWS\system32\config\systemprofile\AppData\Local\LogMeIn Rescue Applet"
rd /Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet"
rd /Q "C:\Program Files (x86)\LogMeIn Rescue Applet"
del "C:\Program Files (x86)\LMIR0838B001.tmp.bat"
del "C:\Program Files (x86)\LMIR0838B001.tmp_r.bat"
 
========= End of CMD: =========
 
 
========= type C:\"Program Files (x86)"\LMIR0B414001.tmp_r.bat =========
 
@echo off
echo Cleaning up LogMeIn Rescue Applet folders...
rd /S/Q "C:\Program Files (x86)\LogMeIn Rescue Applet\LMIR0B414001.tmp" > NUL
rd /S/Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet\LMIR0B406001.tmp" > NUL
rd /Q "C:\WINDOWS\system32\config\systemprofile\AppData\Local\LogMeIn Rescue Applet"
rd /Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet"
rd /Q "C:\Program Files (x86)\LogMeIn Rescue Applet"
del "C:\Program Files (x86)\LMIR0B414001.tmp.bat"
del "C:\Program Files (x86)\LMIR0B414001.tmp_r.bat"
 
========= End of CMD: =========
 
 
========= type C:\Users\suesarkis\AppData\Local\LMIR09622001.tmp_r.bat =========
 
@echo off
echo Cleaning up LogMeIn Rescue Applet folders...
rd /S/Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet\LMIR09622001.tmp" > NUL
rd /S/Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet\LMIR09622001.tmp" > NUL
rd /Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet"
rd /Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet"
rd /Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet"
del "C:\Users\suesarkis\AppData\Local\LMIR09622001.tmp.bat"
del "C:\Users\suesarkis\AppData\Local\LMIR09622001.tmp_r.bat"
 
========= End of CMD: =========
 
 
========= type C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp.bat =========
 
@echo off
echo Cleaning up LogMeIn Rescue Applet folders...
goto :RemoveAppFolders
:Delay
timeout /T 3 > NUL
:RemoveAppFolders
rd /S/Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet\LMIR0B406001.tmp" > NUL
rd /S/Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet\LMIR0B406001.tmp" > NUL
if exist "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet\LMIR0B406001.tmp" goto :Delay
if exist "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet\LMIR0B406001.tmp" goto :Delay
rd /Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet"
rd /Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet"
rd /Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet"
del "C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp.bat"
 
========= End of CMD: =========
 
 
========= type C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp_r.bat =========
 
@echo off
echo Cleaning up LogMeIn Rescue Applet folders...
rd /S/Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet\LMIR0B406001.tmp" > NUL
rd /S/Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet\LMIR0B406001.tmp" > NUL
rd /Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet"
rd /Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet"
rd /Q "C:\Users\suesarkis\AppData\Local\LogMeIn Rescue Applet"
del "C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp.bat"
del "C:\Users\suesarkis\AppData\Local\LMIR0B406001.tmp_r.bat"
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 15:11:09 ====

  • 0

#12
DR M
Posted 12 September 2020 - 03:04 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hi, Sue.

 

I hope you are doing better today.

 

I would like to tell you that I will be back to you as soon as possible. It was a rather busy day for me.

 

:wave:


  • 0

#13
sweetsuzee
Posted 12 September 2020 - 04:10 PM

sweetsuzee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Hi Dr M,

 

Don't lose any sleep over it.  Glad you told me, however, since I keep looking because I don't want to miss your reply which has me bypassing today's 168 incoming emails, so far.  So now I can go play with them and get rid of the junk and reply to the serious business.  Take your time and as I said, don't lose any sleep over it.   


  • 0

#14
DR M
Posted 13 September 2020 - 12:30 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hi, Sue.

 

I apologize for the delay.

 

I will be back to you with a new set of instructions later tonight. :)


  • 0

#15
DR M
Posted 13 September 2020 - 07:57 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts
Hi, Sue.
 
The fixlog removed everything that was not needed.
 
It seems that you have asked for a remote assistance from someone, probably a technician, last December. Is that correct? The remote assistance left some files in your computer that are not necessary and we will remove them at a later stage.
 
For now, please do the following:
 
1. Run Malwarebytes (Scan mode)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  • Under the title Scan Options, all the options are checked.
  • Under the title Windows Security Center (Premium only) is unchecked.
  • Under the title Potentially unwanted items are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threads are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.
 
2. Run AdwCleaner (Scan mode)
Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
 
In your next reply, please make sure to post:
  • The MBAM report
  • AdwCleaner[S0*].txt

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Infected, antivirus software

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP