Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Persistent malware on Windows 7 Pro partition

Started by mrsawyer , Feb 17 2021 01:53 PM
malware Windows 7 MultiBoot

  • Please log in to reply

#1
mrsawyer
Posted 17 February 2021 - 01:53 PM

mrsawyer

    Member

  • Member
  • PipPip
  • 11 posts

I have a multiboot system in which the Windows 7 Pro partition has malware. I've tried booting to the Win7 partition and scanning the affected partition, but the scans stop prematurely as soon as they detect an infection and a message displays that a reboot is required. I tried booting to another partition and scanning the Win7 partition using Malwarebytes, SuperAntiSpyware, and ZoneAlarm. Though they run to completion, none of them find any infection. I ran the FRST scan software as recommended and will post the results here in hopes of getting assistance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2021
Ran by Adande (administrator) on 5558I7WIN7810PR (Dell Inc. Inspiron 5558) (15-02-2021 17:57:01)
Running from C:\Users\Adande\Desktop
Loaded Profiles: Adande
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" "%1"
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com) C:\Program Files\Ext2Fsd\Ext2Srv.exe
(Centered Systems LLP -> Centered Systems) C:\Program Files\Second Copy\ScVssService64.exe
(Centered Systems LLP -> Centered Systems) C:\Program Files\Second Copy\SecCopy.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Wireless Connectivity Solutions -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(June Fabrics Technology Inc. -> ) C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Windows\explorer.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\audiodg.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\conhost.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\csrss.exe <2>
(Microsoft Corporation) [File not signed] C:\Windows\System32\dllhost.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\dwm.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\lsass.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\lsm.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\msdtc.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\msiexec.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\services.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\smss.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\spoolsv.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\svchost.exe <16>
(Microsoft Corporation) [File not signed] C:\Windows\System32\taskeng.exe <2>
(Microsoft Corporation) [File not signed] C:\Windows\System32\taskhost.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\wbem\WmiPrvSE.exe <2>
(Microsoft Corporation) [File not signed] C:\Windows\System32\wininit.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\winlogon.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\wlanext.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\WUDFHost.exe
(Nero AG -> ) C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Old McDonald's Farm) [File not signed] C:\Program Files (x86)\Autorun Eater\billy.exe
(Old McDonald's Farm) [File not signed] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
(Paragon Software GmbH -> ) C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
(Paragon Software GmbH -> Paragon Software) C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Paragon HFS for Windows.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [936056 2016-03-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies LTD)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [714160 2015-09-21] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871464 2015-01-14] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Autorun Eater] => C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe [522720 2012-02-17] (Old McDonald's Farm) [File not signed]
HKLM-x32\...\Run: [HFS Activator] => C:\Program Files (x86)\Paragon Software\HFS+ for Windows  10.5\activation\hfsactivator.exe [245456 2015-06-22] (Paragon Software GmbH -> )
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [146800 2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM\...\Winlogon: [Shell] C:\windows\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Winlogon: [Shell] C:\Windows\SysWOW64\explorer.exe [2972672 2016-08-29] (Microsoft Corporation) [File not signed]
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) [File not signed]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) [File not signed]
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) [File not signed]
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) [File not signed]
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\Run: [Second Copy] => C:\Program Files\Second Copy\SecCopy.exe [27902120 2017-03-23] (Centered Systems LLP -> Centered Systems)
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11219376 2020-11-12] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: I - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: J - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: {25dc3282-cbea-11e6-aab9-b46d83f96d2e} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: {75b21e1d-241f-11e6-b93f-b46d83f96d2e} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: {82f66e00-0874-11e6-82e6-b46d83f96d2a} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: {88bb6258-fc12-11e5-9827-34e6ad92e59a} - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: {8cd3df3f-163b-11e7-93f4-b46d83f96d2e} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\Run: [EasyTether] => C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [73728 2015-11-22] (Polyclef Software -> Mobile Stream)
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: I - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {25dc3282-cbea-11e6-aab9-b46d83f96d2e} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {75b21e1d-241f-11e6-b93f-b46d83f96d2e} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {82f66cf6-0874-11e6-82e6-b46d83f96d2a} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {82f66e00-0874-11e6-82e6-b46d83f96d2a} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {88bb6258-fc12-11e5-9827-34e6ad92e59a} - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {8cd3df3f-163b-11e7-93f4-b46d83f96d2e} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
HKLM\...\Providers\Internet Print Provider: C:\windows\system32\inetpp.dll [166400 2017-08-11] (Microsoft Corporation) [File not signed]
HKLM\...\Providers\LanMan Print Services: C:\windows\system32\win32spl.dll [757248 2017-08-11] (Microsoft Corporation) [File not signed] [File is in use]
HKLM\...\Windows x64\Print Processors\BJ Print Processor3: C:\Windows\System32\spool\prtprocs\x64\CNBPP3.DLL [83968 2009-07-13] (CANON INC.) [File not signed]
HKLM\...\Windows x64\Print Processors\hpcpp175: C:\Windows\System32\spool\prtprocs\x64\hpcpp175.dll [617712 2014-11-20] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\HPM1210PrintProc: C:\Windows\System32\spool\prtprocs\x64\HPM1210PP.dll [74240 2012-09-29] () [File not signed]
HKLM\...\Windows x64\Print Processors\winprint: C:\Windows\System32\spool\prtprocs\x64\winprint.dll [38912 2019-02-16] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\windows\system32\AdobePDF.dll [51032 2008-04-07] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\BJ Language Monitor: C:\windows\system32\CNBJMON.DLL [504320 2009-06-22] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\BJ Language Monitor2: C:\windows\system32\CNBJMON2.DLL [690176 2009-06-22] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\BJ Language Monitor3_2: C:\windows\system32\CNBLM3_2.DLL [211456 2009-07-13] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\windows\system32\hpinksts7112LM.dll [328704 2013-08-10] (Hewlett-Packard Co.) [File not signed]
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\windows\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8610): C:\windows\system32\HPDiscoPM7112.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\windows\system32\HPMPW081.DLL [73968 2014-11-20] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Print\Monitors\HPM1210LM: C:\windows\system32\HPM1210LM.DLL [409088 2012-09-29] () [File not signed]
HKLM\...\Print\Monitors\HPMLM135: C:\windows\system32\hpmlm135.dll [237296 2014-11-20] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\Local Port: C:\windows\system32\localspl.dll [972288 2019-02-16] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\Microsoft Shared Fax Monitor: C:\windows\system32\FXSMON.DLL [41984 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\Standard TCP/IP Port: C:\windows\system32\tcpmon.dll [195072 2009-07-13] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\USB Monitor: C:\windows\system32\usbmon.dll [45056 2009-07-13] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\WSD Port: C:\windows\system32\WSDMon.dll [224768 2009-07-13] (Microsoft Corporation) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe [2018-01-09] (Google Inc -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{AAB894E0-0BE2-4C07-8D86-60FE6E869D62}] -> C:\windows\System32\AntiTheftCredentialProvider.dll [2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{2C7A9643-2876-4A11-9A55-183EC9322074}] -> C:\windows\System32\AntiTheftCredentialProvider.dll [2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
Startup: C:\Users\Adande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2017-04-15]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (June Fabrics Technology Inc. -> )
Startup: C:\Users\Adande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com [2016-08-25] (Bleeping Computer, LLC. -> Bleeping Computer, LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16943648-7383-4E3D-8FC0-3E421B568329} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {16E9E41E-495E-4592-AE64-ACA51F689C08} - System32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization => {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} C:\windows\System32\cscui.dll [498688 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {1C027909-8432-4D11-83A1-B1222B124652} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - System32\Tasks\Microsoft\Windows\Task Manager\Interactive => {855fec53-d2e4-4999-9e87-3414e9cf0ff4} C:\windows\system32\wdc.dll [1363456 2017-06-12] (Microsoft Corporation) [File not signed]
Task: {1FF89668-D38B-4E14-B710-D17D77D59DF6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {2470470F-2634-478E-B181-571E98A789BB} - System32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService => {2DEA658F-54C1-4227-AF9B-260AB5FC3543} C:\windows\System32\PlaySndSrv.dll [84992 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {24C4139D-D80B-4EA7-907E-1AC4B3682B2A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {261E80F8-28B9-4A9F-8BBB-80ED8A693E57} - System32\Tasks\HFS+ Activator => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Paragon HFS for Windows.exe [4073152 2017-10-11] (Paragon Software GmbH -> Paragon Software)
Task: {28011108-68DF-4C73-B91B-57427D501BBA} - System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) => {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} C:\windows\system32\msdrm.dll [528384 2013-12-03] (Microsoft Corporation) [File not signed]
Task: {283FD44C-FFCE-4567-96B7-5AFBE44A54DC} - System32\Tasks\BundleApplicationRepairToolLauncherTask => C:\Users\Adande\AppData\Roaming\PCDr\Repair\BundleApplicationRepairTool.exe
Task: {2B3AE1F6-DC46-49CD-A5E8-B2BFB6FE3B81} - System32\Tasks\Microsoft\Windows\Wininet\CacheTask => {0358b920-0ac7-461f-98f4-58e32cd89148} C:\windows\system32\wininet.dll [4859392 2019-12-16] (Microsoft Corporation) [File not signed]
Task: {2D759C27-F7BC-487C-876B-6174D4B9AE4E} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\windows\System32\sdclt.exe [1264640 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {36147DD7-9DB8-425A-A1A6-A396D6689A95} - System32\Tasks\{0D02EB08-5B4D-44FE-BD05-1A7A62F70460} => C:\windows\system32\pcalua.exe -a "F:\Downloads\Oracle Virtual Box 5.2\VirtualBox-5.2.6-120293-Win.exe" -d "F:\Downloads\Oracle Virtual Box 5.2"
Task: {36D75840-4970-42BC-B3FB-0F6347CD180E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\windows\ehome\MCUpdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {377B3796-3A3B-449F-8DAF-D5D6EED207D6} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {39A045F3-21A2-48A4-A282-AEE8C5604E61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd -> Piriform Ltd)
Task: {3C8BE053-46D0-4822-9040-E55D3620981E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {43526EF9-D201-4DD4-A4B1-12B5ED5C67F7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {4613BD06-41A5-4C9E-A77A-998F5F8E8379} - System32\Tasks\AdobeGCInvoker-1.0-5558I7WIN7810PR-KRK => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {461F33B5-652E-4EBB-B3BC-FA3BA5CC7F2D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip => {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} C:\windows\System32\usbceip.dll [27648 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB} C:\Windows\System32\wpcmig.dll [17408 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {4A9B1A21-523F-4498-A988-119320B296CC} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E} C:\windows\System32\HotStartUserAgent.dll [27136 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - System32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor => {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} C:\windows\system32\MsCtfMonitor.dll [28160 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {4E29A40C-9247-4C64-9D4C-01BD9C3BCAD2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {517A068B-8754-4314-8FB2-D828AA1B672E} - System32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization => {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} C:\windows\System32\cscui.dll [498688 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {563CEE8D-BAF9-4021-8875-389AF7127267} - System32\Tasks\AdobeGCInvoker-1.0-I7WIN7810-Adande => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} C:\Windows\System32\wpcumi.dll [188416 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\windows\system32\defrag.exe [183296 2009-07-13] (Microsoft Corp.) [File not signed]
Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask => {58fb76b9-ac85-4e55-ac04-427593b1d060} C:\windows\system32\dimsjob.dll [40448 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) => {CF2CF428-325B-48D3-8CA8-7633E36E5A32} C:\windows\system32\msdrm.dll [528384 2013-12-03] (Microsoft Corporation) [File not signed]
Task: {70B356DF-1823-492B-9F53-AE5210A0DB5D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61} C:\windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {7281130C-08C7-4A78-82E4-5EC8B0E9393D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\windows\system32\appidcertstorecheck.exe [17920 2020-01-02] (Microsoft Corporation) [File not signed]
Task: {73D09CCD-39D1-4611-914F-3CA45CE83816} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [70656 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {7834390A-6033-404F-A7FB-972FDF58FDD7} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\windows\system32\EOSNotify.exe [492032 2019-12-30] (Microsoft Corporation) [File not signed]
Task: {78EE6B4C-0DB3-4958-8F2E-2371CE094173} - System32\Tasks\Uninstaller_SkipUac_Adande => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5900560 2019-09-10] (IObit Information Technology -> IObit)
Task: {7AE143CE-0CE5-4B27-8B23-BD0940B1A616} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask => {58fb76b9-ac85-4e55-ac04-427593b1d060} C:\windows\system32\dimsjob.dll [40448 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {7BC2A264-7B37-4619-9FE2-7107DF3B98C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-11-26] (Google Inc -> Google Inc.)
Task: {7D16F0D1-26CB-44C0-B256-FDB424383763} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => C:\windows\system32\schtasks.exe [285696 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {7D9ECAE4-2D8F-478D-8254-E4912E17A9C5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {833601B9-34B9-4730-BD6E-97DCE2E3A379} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158768 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {85FEC87B-B8CB-46FA-891E-ADFE98F7F738} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {8A7FD0C3-7A42-4B49-922B-8CA0F3EFF832} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\windows\ehome\ehrec.exe [76800 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {8F63F103-90E0-4001-AC14-3ECBAF9F46A7} - System32\Tasks\HFS+ Updater => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Updater.exe [322240 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
Task: {8FC9A240-D867-4A23-80AB-D47730EA2730} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\windows\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {90D97FE2-EE47-4409-A40B-F1A2944E17B8} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-15] (Corel Corporation -> WinZip) [File not signed]
Task: {914F02E2-BF65-44AC-A2DE-B68F5F990DE8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {922B8F09-7E6F-4254-A1A1-4C7AC72866DD} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3f4e4479-b269-4770-9631-48221f82eceb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:3f4e4479-b269-4770-9631-48221f82eceb
Task: {93AD7DB2-DBFD-4CFC-9FAF-1C43E36BF5A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-11-26] (Google Inc -> Google Inc.)
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - System32\Tasks\Microsoft\Windows\WDI\ResolutionHost => {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} C:\windows\System32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
Task: {9725A533-3837-4347-BD19-5CBB04867436} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [190976 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam => {58fb76b9-ac85-4e55-ac04-427593b1d060} C:\windows\system32\dimsjob.dll [40448 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {9CDC236A-625B-4B72-ACE0-EBD6891A0B14} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1} C:\windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {A0F28EFB-F553-42BA-83B7-4459D8413C09} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader => {B210D694-C8DF-490d-9576-9E20CDBC20BD} C:\windows\System32\mscms.dll [623104 2019-11-14] (Microsoft Corporation) [File not signed]
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\windows\system32\appidpolicyconverter.exe [148480 2020-01-02] (Microsoft Corporation) [File not signed]
Task: {A6259F60-F445-4656-88C2-6428450F846E} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} C:\windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\windows\System32\LocationNotifications.exe [90112 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {A6B0C73B-640E-4EC6-9F0D-E9645073849A} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\windows\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {AA862C79-E235-4ABD-AF42-99B46D2433BD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\windows\system32\aitagent.exe [122880 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - System32\Tasks\Microsoft\Windows\Ras\MobilityManager => {c463a0fc-794f-4fdf-9201-01938ceacafa} C:\windows\system32\rasmbmgr.dll [57344 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371} C:\Windows\System32\perftrack.dll [950272 2015-01-08] (Microsoft Corporation) [File not signed]
Task: {B2DCB069-F513-44CC-B3B2-95798B4CAFE9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158768 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - System32\Tasks\Microsoft\Windows\Diagnosis\Scheduled => {c1f85ef8-bcc2-4606-bb39-70c523715eb3} C:\windows\System32\sdiagschd.dll [51200 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\windows\System32\wsqmcons.exe [293888 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {C16080C3-2A23-4CD0-9042-2E88FCAD5DCC} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} C:\windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {C28708E0-9314-408F-A3DA-AAA566E89769} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {C6C90AF7-F12B-483F-8E61-B2269400E17B} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [6526328 2016-03-01] (Nero AG -> Nero AG)
Task: {C79CF3EE-4B43-4043-BDD1-34E11F3FE418} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - System32\Tasks\Microsoft\Windows\Registry\RegIdleBackup => {ca767aa8-9157-4604-b64b-40747123d5f2} C:\windows\System32\regidle.dll [14336 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {CABF5195-3BD0-4233-BA6B-20F9FD52B781} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\windows\system32\RAServer.exe [125952 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => {190BA3F6-0205-4f46-B589-95C6822899D2} C:\windows\System32\memdiag.dll [18432 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\windows\system32\wermgr.exe [50688 2019-09-09] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {D11DC53B-E87D-4DD6-B7A9-638D677FC389} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {D73F3B21-590F-45AB-8655-60DDBE18A310} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify2 => C:\windows\system32\EOSNotify.exe [492032 2019-12-30] (Microsoft Corporation) [File not signed]
Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - System32\Tasks\Microsoft\Windows\Maintenance\WinSAT => {A9A33436-678B-4C9C-A211-7CC38785E79D} C:\windows\system32\WinSATAPI.dll [501248 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {E188D55C-4D78-43AC-826D-10CAB77B6473} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\windows\system32\BthUdTask.exe [36864 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {E6905797-FDC8-40DC-808F-B42BBE00ED0F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {E8921115-6C75-4347-8014-4627A70BD050} - System32\Tasks\AdobeGCInvoker-1.0-5558I7WIN7810PR-Adande => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - System32\Tasks\Microsoft\Windows\RAC\RacTask => {42060D27-CA53-41f5-96E4-B1E8169308A6} C:\windows\system32\RacEngn.dll [1556992 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\windows\system32\lpremove.exe [71168 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {F5EDDA8F-BADE-47D6-8FB8-E65E4C72C617} - System32\Tasks\{6084F7A0-D4CC-4E95-9F05-E35E8A9DE6EF} => C:\windows\system32\pcalua.exe -a "F:\Downloads\oracle virtual box\VirtualBox-5.2.12-122591-Win.exe" -d "F:\Downloads\oracle virtual box"
Task: {F8C8EDFC-6EE8-46C9-AFAC-D37514A27287} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\windows\system32\DFDWiz.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => {190BA3F6-0205-4f46-B589-95C6822899D2} C:\windows\System32\memdiag.dll [18432 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem => C:\windows\System32\powercfg.exe [71168 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {FB7B0A7C-A355-443E-8C0A-ED0017FCB637} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1553880 2020-03-12] (Dell Inc. -> Dell Inc.)
Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask => {e7ed314f-2816-4c26-aeb5-54a34d02404c} C:\windows\System32\kernelceip.dll [18432 2009-07-13] (Microsoft Corporation) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 224aa167-1348-4db0-bc74-e788910b9d05.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8d41b48c-bc42-4202-a572-6fbf6c23457f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task a6f8dfdf-a09d-44d3-b6c4-ea114a1a40a1.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224 2017-12-31] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352 2010-11-20] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 11 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 01 C:\Windows\system32\NLAapi.dll [70656 2017-12-31] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 02 C:\Windows\system32\napinsp.dll [68096 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [86016 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 04 C:\Windows\system32\pnrpnsp.dll [86016 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [28672 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 07 C:\Windows\system32\wshbth.dll [47104 2010-11-20] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{10E61C92-6B18-46CB-9C35-B96B54D97029}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1F33E930-0B70-48B9-98C2-0B9E493C5872}: [DhcpNameServer] 192.168.8.254
Tcpip\..\Interfaces\{1F7965C6-DF54-4AAF-94FD-30BD610C1252}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{801DFF61-73C3-4168-93F0-92FEB962A4FE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8434CB34-C949-4603-8ED5-27D685306BBE}: [DhcpNameServer] 192.168.8.254
Tcpip\..\Interfaces\{9D6A80E8-652B-4EE5-B7B7-7F4ABF315CDC}: [DhcpNameServer] 192.168.117.1
Tcpip\..\Interfaces\{A2885237-983E-47CE-934B-2B0C2539BA9B}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{C53692F6-49D4-4CD7-8333-3FAFF035D79F}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D07ECE9C-2EE6-4000-8D49-92FAE019CB0E}: [DhcpNameServer] 192.168.8.254
Tcpip\..\Interfaces\{D71C8C67-7367-4711-8AB3-78D955DD4F11}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E2E72DC8-1B18-4B36-B736-02A2A6FD9A88}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{F2790E3D-D785-4D68-9714-609799ABDEE4}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{FB4D6990-E3B3-42F0-BA4C-D8A9B38352E4}: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc -> Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2335114495-2311945624-3795076225-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Adande\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-10-02] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default [2020-11-12]
CHR Notifications: Default -> hxxps://voice.google.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-23]
CHR Extension: (Docs) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-23]
CHR Extension: (Google Drive) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-05]
CHR Extension: (YouTube) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-05]
CHR Extension: (Sheets) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-23]
CHR Extension: (ZoneAlarm Web Secure) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\flljooaijgdgaaogmfhakpojmddcjjmj [2020-07-05]
CHR Extension: (Google Docs Offline) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-07-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-29]
CHR Extension: (Gmail) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-27]
CHR Extension: (Chrome Media Router) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-05]
CHR HKLM-x32\...\Chrome\Extension: [flljooaijgdgaaogmfhakpojmddcjjmj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R3 AeLookupSvc; C:\windows\System32\aelupsvc.dll [72192 2015-10-29] (Microsoft Corporation) [File not signed]
S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 ALG; C:\windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe [1879744 2017-10-11] (Paragon Software GmbH -> )
S3 AppIDSvc; C:\windows\System32\appidsvc.dll [34816 2020-01-02] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\windows\System32\appinfo.dll [70144 2019-11-05] (Microsoft Corporation) [File not signed]
S4 AppMgmt; C:\windows\System32\appmgmts.dll [193536 2009-07-13] (Microsoft Corporation) [File not signed]
S4 AppMgmt; C:\windows\SysWOW64\appmgmts.dll [149504 2009-07-13] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\windows\System32\Audiosrv.dll [680960 2019-09-11] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\windows\System32\Audiosrv.dll [680960 2019-09-11] (Microsoft Corporation) [File not signed]
S4 AxInstSV; C:\windows\System32\AxInstSV.dll [114688 2019-11-05] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\windows\System32\bfe.dll [705024 2017-12-31] (Microsoft Corporation) [File not signed]
S2 BITS; C:\windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
R3 bthserv; C:\windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation) [File not signed]
S4 CertPropSvc; C:\windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137448 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
R3 COMSysApp; C:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [9728 2009-07-13] (Microsoft Corporation) [File not signed]
R3 COMSysApp; C:\windows\SysWOW64\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [254520 2017-07-27] (Connectify (Connectify, Inc.) -> Connectify)
R2 CryptSvc; C:\windows\system32\cryptsvc.dll [191488 2019-12-10] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\windows\SysWOW64\cryptsvc.dll [146432 2019-12-10] (Microsoft Corporation) [File not signed]
S4 CscService; C:\windows\System32\cscsvc.dll [695808 2018-06-29] (Microsoft Corporation) [File not signed]
S3 CWUpdaterDaemon; C:\Program Files (x86)\CheckPoint\Parental Controls\bin\cwupdater.exe [9729368 2015-08-13] (ContentWatch -> ContentWatch, Inc.)
R2 DcomLaunch; C:\windows\system32\rpcss.dll [517632 2019-11-14] (Microsoft Corporation) [File not signed]
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [244280 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3339824 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [271416 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
S3 defragsvc; C:\windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation) [File not signed]
S2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1402\DSAPI.exe [965104 2020-03-23] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36032 2020-02-12] (Dell Inc -> )
R2 Dhcp; C:\windows\system32\dhcpcore.dll [318976 2019-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\windows\SysWOW64\dhcpcore.dll [256512 2019-07-13] (Microsoft Corporation) [File not signed]
R2 DiagTrack; C:\windows\system32\diagtrack.dll [1391856 2018-08-13] (Microsoft Windows -> Microsoft Corporation) [File not signed]
R2 Dnscache; C:\windows\System32\dnsrslvr.dll [182272 2018-06-08] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EFS; C:\windows\System32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation) [File not signed] [File is in use]
R2 EventSystem; C:\windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Ext2Srv; C:\Program Files\Ext2Fsd\Ext2Srv.exe [42488 2017-11-02] (Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com)
S3 Fax; C:\windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
S3 FDResPub; C:\windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-04-13] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
R2 FontCache; C:\windows\system32\FntCache.dll [1182208 2019-10-14] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\windows\System32\gpsvc.dll [794624 2016-05-12] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2016-09-20] (Nero AG -> Nero AG)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [506536 2017-05-27] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 IEEtwCollectorService; C:\windows\system32\IEEtwCollector.exe [116224 2019-12-16] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\windows\System32\ikeext.dll [863232 2017-12-31] (Microsoft Corporation) [File not signed]
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [156944 2019-08-23] (IObit Information Technology -> IObit)
S2 IPBusEnum; C:\windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation) [File not signed]
S4 iphlpsvc; C:\windows\System32\iphlpsvc.dll [572416 2019-11-05] (Microsoft Corporation) [File not signed]
S3 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1157752 2016-03-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies LTD)
R3 KeyIso; C:\windows\system32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\windows\system32\srvsvc.dll [236032 2020-01-02] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\windows\System32\wkssvc.dll [124416 2018-04-25] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
S4 Mcx2Svc; C:\windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\windows\system32\mpssvc.dll [828928 2018-08-10] (Microsoft Corporation) [File not signed]
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R3 MSDTC; C:\windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation) [File not signed]
S4 MSiSCSI; C:\windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation) [File not signed]
R2 msiserver; C:\windows\system32\msiexec.exe /V [128512 2019-11-05] (Microsoft Corporation) [File not signed]
R2 msiserver; C:\windows\SysWOW64\msiexec.exe /V [73216 2019-11-05] (Microsoft Corporation) [File not signed]
S4 napagent; C:\windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S4 Netlogon; C:\windows\system32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
R3 Netman; C:\windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\windows\System32\nlasvc.dll [303104 2017-12-31] (Microsoft Corporation) [File not signed]
R2 nsi; C:\windows\system32\nsisvc.dll [26112 2017-08-11] (Microsoft Corporation) [File not signed]
S4 p2pimsvc; C:\windows\system32\pnrpsvc.dll [327168 2019-07-13] (Microsoft Corporation) [File not signed]
S4 p2psvc; C:\windows\system32\p2psvc.dll [439296 2017-12-31] (Microsoft Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PcaSvc; C:\windows\System32\pcasvc.dll [187904 2019-06-12] (Microsoft Corporation) [File not signed]
S4 PeerDistSvc; C:\windows\system32\peerdistsvc.dll [1361408 2017-12-31] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\windows\system32\pla.dll [1389056 2017-03-10] (Microsoft Corporation) [File not signed]
S3 pla; C:\windows\SysWOW64\pla.dll [1508352 2017-03-10] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
S3 PNRPAutoReg; C:\windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S4 PNRPsvc; C:\windows\system32\pnrpsvc.dll [327168 2019-07-13] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\windows\System32\ipsecsvc.dll [502272 2016-05-12] (Microsoft Corporation) [File not signed]
R2 Power; C:\windows\system32\umpo.dll [168448 2019-09-18] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\windows\system32\profsvc.dll [210432 2014-12-18] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\windows\system32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\windows\SysWOW64\qwave.dll [210944 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
R2 RealtekCU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R2 RealtekCU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R2 RealtekCU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S4 RemoteAccess; C:\windows\System32\mprdim.dll [97792 2017-11-02] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\windows\SysWOW64\mprdim.dll [75264 2017-11-02] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\windows\system32\rpcss.dll [517632 2019-11-14] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\windows\system32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\windows\system32\schedsvc.dll [1110528 2019-06-03] (Microsoft Corporation) [File not signed]
S4 SCPolicySvc; C:\windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ScVssService64; C:\Program Files\Second Copy\ScVssService64.exe [76568 2017-03-23] (Centered Systems LLP -> Centered Systems)
S3 SDRSVC; C:\windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\windows\system32\seclogon.dll [30720 2016-02-09] (Microsoft Corporation) [File not signed]
R2 SENS; C:\windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\windows\System32\shsvcs.dll [371712 2019-12-10] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\windows\SysWOW64\shsvcs.dll [328704 2019-12-10] (Microsoft Corporation) [File not signed]
S4 SNMPTRAP; C:\windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (SONY Corporation -> Sony Corporation)
R2 Spooler; C:\windows\System32\spoolsv.exe [559616 2017-12-31] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) [File not signed]
R3 SSDPSRV; C:\windows\System32\ssdpsrv.dll [193024 2019-07-13] (Microsoft Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (SONY Corporation -> Sony Corporation)
S3 SstpSvc; C:\windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 stisvc; C:\windows\System32\wiaservc.dll [583168 2019-12-10] (Microsoft Corporation) [File not signed]
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38360 2020-03-12] (Dell Inc. -> Dell Inc.)
R3 swprv; C:\windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation) [File not signed]
S2 SysMain; C:\windows\system32\sysmain.dll [1741312 2017-12-31] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\windows\System32\TabSvc.dll [92160 2017-12-05] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
R2 TermService; C:\windows\System32\termsrv.dll [688128 2019-03-11] (Microsoft Corporation) [File not signed]
R2 Themes; C:\windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\windows\System32\umrdp.dll [214528 2010-11-20] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\windows\System32\upnphost.dll [354816 2019-11-05] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\windows\SysWOW64\upnphost.dll [266752 2019-11-05] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\windows\system32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
S3 vds; C:\windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4292984 2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R3 VSS; C:\windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\windows\System32\wcncsvc.dll [366592 2017-12-31] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\windows\SysWOW64\wcncsvc.dll [276992 2017-12-31] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\windows\System32\WcsPlugInService.dll [40960 2019-11-14] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\windows\SysWOW64\WcsPlugInService.dll [33280 2019-11-14] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
S4 WebClient; C:\windows\System32\webclnt.dll [263680 2016-09-08] (Microsoft Corporation) [File not signed]
S4 WebClient; C:\windows\SysWOW64\webclnt.dll [208896 2016-09-08] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\windows\system32\wecsvc.dll [209920 2016-02-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\windows\System32\wercplsupport.dll [86016 2019-09-09] (Microsoft Corporation) [File not signed]
S4 WerSvc; C:\windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WiaRpc; C:\windows\System32\wiarpc.dll [67072 2019-12-10] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed]
S4 WinHttpAutoProxySvc; C:\windows\system32\winhttp.dll [444928 2017-12-31] (Microsoft Corporation) [File not signed]
S4 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351744 2017-12-31] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\windows\system32\wbem\WMIsvc.dll [215040 2016-02-13] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\windows\system32\WsmSvc.dll [2618880 2016-02-13] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\windows\SysWOW64\WsmSvc.dll [2181120 2016-02-13] (Microsoft Corporation) [File not signed]
S3 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] (Corel Corporation -> ) [File not signed]
R2 Wlansvc; C:\windows\System32\wlansvc.dll [887808 2019-06-28] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\windows\system32\wbem\WmiApSrv.exe [198144 2016-02-13] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WPDBusEnum; C:\windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
S2 wscsvc; C:\windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\windows\system32\SearchIndexer.exe [594432 2019-12-10] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\windows\SysWOW64\SearchIndexer.exe [428544 2019-12-10] (Microsoft Corporation) [File not signed]
S3 wuauserv; C:\windows\system32\wuaueng.dll [2651136 2019-12-10] (Microsoft Corporation) [File not signed]
R3 wudfsvc; C:\windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation) [File not signed]
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [42208 2020-03-13] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2018-05-15] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
S2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3011952 2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]
S3 61883; C:\windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\windows\system32\drivers\afd.sys [496128 2017-04-04] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\windows\system32\drivers\amdk8.sys [64512 2020-01-02] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\windows\system32\drivers\amdppm.sys [60928 2020-01-02] (Microsoft Corporation) [File not signed]
R0 apmwin; C:\windows\System32\DRIVERS\apmwin.sys [38736 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
S3 AppID; C:\windows\system32\drivers\appid.sys [62464 2020-01-02] (Microsoft Windows) [File not signed]
S3 AsyncMac; C:\windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 b06bdrv; C:\windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\windows\System32\DRIVERS\bowser.sys [90112 2018-07-18] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 Bridge; C:\windows\System32\DRIVERS\bridge.sys [95232 2019-02-07] (Microsoft Corporation) [File not signed]
S3 BridgeMP; C:\windows\System32\DRIVERS\bridge.sys [95232 2019-02-07] (Microsoft Corporation) [File not signed]
S3 BrSerIb; C:\windows\System32\DRIVERS\BrSerIb.sys [95344 2012-09-10] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 Brserid; C:\windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSIb; C:\windows\System32\DRIVERS\BrUsbSIb.sys [21872 2012-09-10] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BthEnum; C:\windows\system32\drivers\BthEnum.sys [41984 2019-07-29] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\windows\System32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 BthMtpEnum; C:\windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R3 BthPan; C:\windows\System32\DRIVERS\bthpan.sys [119296 2017-07-05] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\windows\System32\Drivers\BTHport.sys [556032 2019-07-29] (Microsoft Corporation) [File not signed]
R3 BTHUSB; C:\windows\System32\Drivers\BTHUSB.sys [80384 2019-07-29] (Microsoft Corporation) [File not signed]
R3 btmaux; C:\windows\System32\DRIVERS\btmaux.sys [158696 2017-05-12] (Intel® Wireless Connectivity Solutions -> Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\System32\DRIVERS\btmhsf.sys [1560552 2017-05-12] (Intel® Wireless Connectivity Solutions -> Motorola Solutions, Inc.)
R4 cdfs; C:\windows\System32\DRIVERS\cdfs.sys [92672 2019-02-10] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed]
R1 cfywlan1; C:\windows\System32\DRIVERS\cfywlan1.sys [36736 2016-11-19] (Connectify (Connectify, Inc.) -> Connectify)
S3 circlass; C:\windows\system32\drivers\circlass.sys [45568 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cnnctfy3; C:\windows\System32\DRIVERS\cnnctfy3.sys [43872 2016-11-19] (Connectify (Connectify, Inc.) -> Connectify)
R3 CompositeBus; C:\windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed]
R1 CSC; C:\windows\System32\drivers\csc.sys [516096 2018-06-29] (Microsoft Corporation) [File not signed]
S2 csvol; C:\windows\System32\DRIVERS\csvol.sys [37200 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
R3 DDDriver; C:\windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\windows\System32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R1 DfsC; C:\windows\System32\Drivers\dfsc.sys [115200 2018-04-25] (Microsoft Corporation) [File not signed]
R1 discache; C:\windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 dmvsc; C:\windows\system32\drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\windows\system32\drivers\drmkaud.sys [5632 2015-12-08] (Microsoft Corporation) [File not signed]
R3 easytether; C:\windows\System32\DRIVERS\easytthr.sys [22728 2015-11-22] (Polyclef Software -> Mobile Stream)
S3 ebdrv; C:\windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\windows\system32\drivers\errdev.sys [9728 2018-02-10] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195584 2019-02-10] (Microsoft Corporation) [File not signed]
R2 Ext2Fsd; C:\windows\system32\Drivers\Ext2Fsd.sys [826360 2017-11-02] (Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com)
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [205312 2019-02-10] (Microsoft Corporation) [File not signed]
S3 fdc; C:\windows\system32\drivers\fdc.sys [29696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\windows\system32\drivers\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R0 gpt_loader; C:\windows\System32\DRIVERS\gpt_loader.sys [70480 2017-10-11] (Paragon Software GmbH -> )
S3 hcw85cir; C:\windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\windows\system32\drivers\HdAudio.sys [350208 2019-08-26] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Hfsplus; C:\windows\System32\DRIVERS\hfsplus.sys [208208 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
R3 HfsplusRec; C:\windows\System32\DRIVERS\hfsplusrec.sys [25936 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
S3 HidBatt; C:\windows\system32\drivers\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\windows\system32\drivers\hidbth.sys [100864 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\windows\system32\drivers\hidir.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidUsb; C:\windows\system32\drivers\hidusb.sys [30208 2019-03-04] (Microsoft Corporation) [File not signed]
R0 hotcore3; C:\windows\System32\DRIVERS\hotcore3.sys [33968 2015-11-10] (Paragon Software GmbH -> Paragon Software Group)
S3 HTCAND64; C:\windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation) [File not signed]
S3 htcnprot; C:\windows\System32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows ® Win 7 DDK provider)
R3 HTTP; C:\windows\System32\drivers\HTTP.sys [754176 2019-12-10] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
S3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-07-17] (Check Point Software Technologies Ltd. -> Check Point Software Technologies LTD)
R3 intelppm; C:\windows\system32\drivers\intelppm.sys [62464 2020-01-02] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2016-03-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies LTD)
S3 kbdhid; C:\windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed]
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [528576 2018-05-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\windows\System32\DRIVERS\klflt.sys [219328 2018-05-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\windows\System32\DRIVERS\klhk.sys [1192136 2018-05-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [1102528 2018-05-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\windows\System32\DRIVERS\klwtp.sys [177344 2018-05-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 ksthunk; C:\windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\windows\system32\drivers\luafv.sys [114688 2019-03-28] (Microsoft Corporation) [File not signed]
S3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [77496 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [130592 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
S3 Modem; C:\windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\windows\system32\drivers\monitor.sys [30208 2019-09-09] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation) [File not signed]
R0 mounthlp; C:\windows\System32\DRIVERS\mounthlp.sys [55120 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
R3 mpsdrv; C:\windows\System32\drivers\mpsdrv.sys [77312 2018-08-10] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\windows\system32\drivers\mrxdav.sys [142336 2016-09-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\windows\System32\DRIVERS\mrxsmb.sys [161280 2020-01-02] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\windows\System32\DRIVERS\mrxsmb10.sys [291328 2020-01-02] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\windows\System32\DRIVERS\mrxsmb20.sys [129536 2020-01-02] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2019-02-03] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\windows\system32\drivers\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\windows\System32\DRIVERS\nwifi.sys [324608 2017-09-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\windows\System32\DRIVERS\ndistapi.sys [24064 2018-12-07] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [58368 2018-12-07] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\windows\System32\DRIVERS\netbios.sys [45056 2017-12-31] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\windows\System32\DRIVERS\netbt.sys [262656 2019-02-21] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44544 2020-01-02] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\windows\System32\drivers\nsiproxy.sys [26112 2017-08-11] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\windows\system32\drivers\parport.sys [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\windows\System32\drivers\peauth.sys [663552 2019-06-12] (Microsoft Corporation) [File not signed]
R3 pneteth; C:\windows\System32\DRIVERS\pneteth.sys [15360 2011-11-24] (June Fabrics Technology Inc.) [File not signed]
R3 PptpMiniport; C:\windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\windows\system32\drivers\processr.sys [60928 2020-01-02] (Microsoft Corporation) [File not signed]
R1 Psched; C:\windows\System32\DRIVERS\pacer.sys [131584 2017-12-31] (Microsoft Corporation) [File not signed]
R0 PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation -> Corel Corporation)
S3 QWAVEdrv; C:\windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\windows\System32\DRIVERS\rdbss.sys [317440 2019-09-09] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\windows\System32\drivers\rdpdr.sys [165888 2010-11-20] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-16] (Microsoft Corporation) [File not signed]
R3 RFCOMM; C:\windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-13] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RTL8168; C:\windows\System32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Realtek) [File not signed]
S3 RTLU3E8023-W7-64; C:\windows\System32\DRIVERS\rtu30x64w7.sys [124632 2015-02-10] (Realtek Semiconductor Corp -> Realtek)
S3 s3cap; C:\windows\system32\drivers\vms3cap.sys [6656 2010-11-20] (Microsoft Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 scfilter; C:\windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\windows\System32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S1 Serial; C:\windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 sermouse; C:\windows\system32\drivers\sermouse.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\windows\system32\drivers\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\windows\System32\DRIVERS\srv.sys [464384 2020-01-02] (Microsoft Corporation) [File not signed]
R3 srv2; C:\windows\System32\DRIVERS\srv2.sys [406016 2020-01-02] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\windows\System32\DRIVERS\srvnet.sys [169984 2020-01-02] (Microsoft Corporation) [File not signed]
S3 ssudmdm; C:\windows\System32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 StillCam; C:\windows\system32\drivers\serscan.sys [12288 2019-12-10] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\windows\System32\drivers\tcpipreg.sys [46080 2016-07-07] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\windows\System32\drivers\tdtcp.sys [23552 2012-02-16] (Microsoft Corporation) [File not signed]
R1 tdx; C:\windows\System32\DRIVERS\tdx.sys [117248 2017-07-29] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\windows\System32\DRIVERS\tssecsrv.sys [40448 2017-08-13] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\windows\System32\drivers\tsusbflt.sys [56832 2013-10-01] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\windows\System32\DRIVERS\udfs.sys [328192 2019-02-10] (Microsoft Corporation) [File not signed]
R1 UimBus; C:\windows\System32\DRIVERS\UimBus.sys [102576 2015-11-10] (Paragon Software GmbH -> )
R1 Uim_DEVIM; C:\windows\System32\DRIVERS\uim_devim.sys [25904 2015-11-10] (Paragon Software GmbH -> )
R1 Uim_IM; C:\windows\System32\DRIVERS\uim_im.sys [701360 2015-11-10] (Paragon Software GmbH -> )
R3 umbus; C:\windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\windows\system32\drivers\umpass.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\windows\System32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\windows\System32\DRIVERS\usbccgp.sys [99840 2018-05-02] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\windows\system32\drivers\usbehci.sys [56320 2018-05-02] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\windows\System32\DRIVERS\usbhub.sys [344064 2018-05-02] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\windows\system32\drivers\usbohci.sys [25600 2018-05-02] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\windows\system32\drivers\usbscan.sys [42496 2019-12-10] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\windows\System32\DRIVERS\USBSTOR.SYS [91648 2016-02-03] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\windows\system32\drivers\usbuhci.sys [30720 2018-05-02] (Microsoft Corporation) [File not signed]
R3 usbvideo; C:\windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) [File not signed]
S3 usb_rndisx; C:\windows\System32\DRIVERS\usb8023x.sys [19968 2013-02-11] (Microsoft Corporation) [File not signed]
R3 VBoxNetAdp; C:\windows\System32\DRIVERS\VBoxNetAdp6.sys [213080 2018-05-09] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\windows\System32\DRIVERS\VBoxNetLwf.sys [222864 2018-05-09] (Oracle Corporation -> Oracle Corporation)
S3 vga; C:\windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [21760 2010-11-20] (Microsoft Corporation) [File not signed]
R3 vrvd5; C:\windows\System32\DRIVERS\vrvd5.sys [13344 2017-02-03] (Rsupport Co., Ltd. -> Rsupport Corporation)
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-15] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R3 vwifibus; C:\windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\windows\system32\drivers\wacompen.sys [27776 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\windows\System32\DRIVERS\wanarp.sys [88576 2018-12-07] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\windows\System32\DRIVERS\wanarp.sys [88576 2018-12-07] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\windows\system32\drivers\wmiacpi.sys [14336 2018-02-10] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\windows\system32\drivers\ws2ifsl.sys [22016 2019-08-19] (Microsoft Corporation) [File not signed]
S3 WSDPrintDevice; C:\windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WSDScan; C:\windows\system32\drivers\WSDScan.sys [25088 2019-12-10] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]
U3 AppleHFS; no ImagePath
S3 RtlWlanu; system32\DRIVERS\rtwlanu.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2036-01-01 01:29 - 2036-01-01 01:29 - 000000000 ____D C:\Users\Adande\AppData\Local\Centered Systems
2036-01-01 01:29 - 2036-01-01 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Copy 9
2036-01-01 01:29 - 2036-01-01 01:29 - 000000000 ____D C:\Program Files\Second Copy
2036-01-01 01:29 - 2015-12-02 19:24 - 000807000 _____ (Xceed Software Inc (450) 442-2626 [email protected] www.xceed.com) C:\windows\system32\XceedZipX64.dll
2021-02-15 17:57 - 2021-02-15 17:58 - 000099808 _____ C:\Users\Adande\Desktop\FRST.txt
2021-02-15 16:25 - 2021-02-15 17:56 - 000000000 ____D C:\Users\Adande\Desktop\2.15.21
2021-02-15 16:16 - 2021-02-15 17:56 - 000000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-02-15 16:08 - 2021-02-15 16:08 - 000000512 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task a6f8dfdf-a09d-44d3-b6c4-ea114a1a40a1.job
2021-02-15 16:08 - 2021-02-15 16:08 - 000000512 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8d41b48c-bc42-4202-a572-6fbf6c23457f.job
2021-02-15 16:08 - 2021-02-15 16:08 - 000000512 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 224aa167-1348-4db0-bc74-e788910b9d05.job
2021-02-15 15:52 - 2021-02-15 15:52 - 000000000 ____D C:\Users\Administrator\Desktop\2.15.21
2021-02-15 15:23 - 2021-02-15 15:23 - 000077496 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2021-02-15 15:23 - 2021-02-15 15:23 - 000001966 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-15 15:23 - 2021-02-15 15:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
2021-02-15 15:22 - 2021-02-15 16:06 - 000248992 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2021-02-15 15:22 - 2021-02-15 15:22 - 000130592 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2021-02-15 15:21 - 2021-02-15 15:21 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2021-01-29 14:17 - 2021-01-29 14:17 - 000000000 ____D C:\ProgramData\MB2Migration
2021-01-29 14:09 - 2021-01-29 14:09 - 000000040 ____H C:\6553593D7DE6
2021-01-29 14:08 - 2021-02-15 15:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-29 14:08 - 2021-01-29 14:08 - 000000000 ____D C:\Program Files\Malwarebytes

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-15 17:57 - 2020-11-17 03:43 - 000000000 ____D C:\FRST
2021-02-15 17:56 - 2020-01-29 03:11 - 000000000 ____D C:\Users\Adande\AppData\Local\HTC MediaHub
2021-02-15 17:56 - 2016-03-28 10:34 - 000000000 __SHD C:\Users\Adande\IntelGraphicsProfiles
2021-02-15 17:56 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2021-02-15 17:55 - 2017-10-12 09:59 - 000065536 _____ C:\windows\system32\Ikeext.etl
2021-02-15 17:55 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-02-15 16:24 - 2009-07-13 23:45 - 000044960 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-02-15 16:24 - 2009-07-13 23:45 - 000044960 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-02-15 16:22 - 2009-07-14 00:13 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2021-02-15 16:22 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2021-02-15 16:17 - 2020-11-17 03:11 - 002297856 _____ (Farbar) C:\Users\Adande\Desktop\FRST64.exe
2021-02-15 16:14 - 2020-11-16 09:51 - 001324178 _____ C:\windows\ntbtlog.txt
2021-02-15 15:57 - 2009-07-14 00:08 - 000032528 _____ C:\windows\Tasks\SCHEDLGU.TXT
2021-02-15 15:30 - 2016-04-01 15:40 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-15 15:30 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-02-15 15:29 - 2016-04-01 15:38 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-15 15:26 - 2017-07-19 09:22 - 000000000 ____D C:\ProgramData\ProductData
2021-02-15 15:24 - 2020-11-17 03:11 - 002297856 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2021-02-15 15:22 - 2017-07-19 09:12 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2021-02-15 15:21 - 2020-11-13 01:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\HTC MediaHub
2021-02-15 15:17 - 2009-07-14 00:32 - 000032768 _____ C:\windows\system32\config\BCD-Template
2021-01-29 16:08 - 2016-06-01 18:38 - 000000000 ____D C:\Users\Adande\AppData\Local\CrashDumps
2021-01-29 14:09 - 2017-07-19 09:14 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2021-01-29 14:05 - 2016-03-29 19:35 - 000000000 ____D C:\sware

==================== Files in the root of some directories ========

2017-05-20 03:53 - 2017-09-25 00:35 - 000000132 _____ () C:\Users\Adande\AppData\Roaming\Adobe GIF Format CS5 Prefs
2016-06-01 18:32 - 2019-07-23 14:13 - 000000132 _____ () C:\Users\Adande\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-10-21 12:13 - 2018-01-25 16:59 - 000005632 _____ () C:\Users\Adande\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-03-25 15:33 - 2018-03-25 15:33 - 000000001 _____ () C:\Users\Adande\AppData\Local\llftool.4.40.agreement
2018-10-01 09:30 - 2020-11-16 09:31 - 000000312 _____ () C:\Users\Adande\AppData\Local\oobelibMkey.log
2017-05-15 16:46 - 2017-05-15 16:46 - 000007604 _____ () C:\Users\Adande\AppData\Local\Resmon.ResmonCfg
2017-10-20 13:32 - 2017-10-20 13:32 - 000000000 _____ () C:\Users\Adande\AppData\Local\{44743CC4-BCED-4EFC-B430-68CC340FB53C}
2017-06-16 21:52 - 2017-06-16 21:52 - 000000000 _____ () C:\Users\Adande\AppData\Local\{FCD400A9-3305-4B91-8D94-94AEE7B457A1}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\SysWOW64\wininit.exe => MD5 is legit
C:\windows\explorer.exe => MD5 is legit
C:\windows\SysWOW64\explorer.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\SysWOW64\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\SysWOW64\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\SysWOW64\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\dnsapi.dll => MD5 is legit
C:\windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\windows\system32\dllhost.exe => MD5 is legit
C:\windows\SysWOW64\dllhost.exe => MD5 is legit

LastRegBack: 2021-01-29 16:42
==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2021
Ran by Adande (15-02-2021 17:58:36)
Running from C:\Users\Adande\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-03-26 06:03:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Adande (S-1-5-21-2335114495-2311945624-3795076225-1000 - Administrator - Enabled) => C:\Users\Adande
Administrator (S-1-5-21-2335114495-2311945624-3795076225-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2335114495-2311945624-3795076225-501 - Limited - Enabled) => C:\Users\Guest
KRK (S-1-5-21-2335114495-2311945624-3795076225-1007 - Administrator - Enabled) => C:\Users\KRK
WEPSStaff (S-1-5-21-2335114495-2311945624-3795076225-1006 - Administrator - Enabled) => C:\Users\WEPSStaff

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {0683CCA9-024E-F5E0-0687-81040471DC5A}
AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {BDE22D4D-2474-FA6E-3C37-BA767FF696E7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Extreme Security Firewall (Enabled) {3EB84D8C-4821-F4B8-2DD8-2831FAA29B21}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.1.0 - IObit)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.5.1 - Angry IP Scanner)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autorun Eater v2.6 (HKLM-x32\...\Autorun Eater_is1) (Version: 2.6 - Old McDonald's Farm)
Camtasia Studio 6 (HKLM-x32\...\{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}) (Version: 6.0.0 - TechSmith Corporation)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - Canon Inc.)
CanoScan LiDE 70 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411) (Version:  - )
CanoScan LiDE 90 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connectify 2017 (HKLM\...\Connectify) (Version: 2017.4.5.38776 - Connectify)
Dell SupportAssist (HKLM\...\{17F0E5C2-638A-4645-A341-03E9C2FDCFF4}) (Version: 3.4.5.366 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.48.1 - Synaptics Incorporated)
DLwin (HKLM-x32\...\{74DBD42A-7B84-4D58-AAEC-33DBE0F46594}) (Version: 8.0 - Attorneys' Computer Network, Inc.)
EasyTether (HKLM\...\{1B7DB4DD-B70D-4FE4-B909-E3D2AC7A17DD}) (Version: 1.3.3 - Mobile Stream) Hidden
EasyTether (HKLM-x32\...\{6f3b40d5-c81b-469b-a7a2-b560f8561a8c}) (Version: 1.3.3 - Mobile Stream)
EasyTether ADB USB driver (HKLM\...\{767071E2-19B8-45D0-B283-776A6403C9BC}) (Version: 1.0.6 - Mobile Stream)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Ext2Fsd 0.69 (HKLM\...\Ext2Fsd_is1) (Version: 0.69 - Matt Wu)
ezCheckPrinting (HKLM-x32\...\{03C3E414-A9A9-42F9-A691-667A19B318DE}) (Version: 6.0.51 - Halfpricesoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.88.3 - HTC)
iMapBuilder Interactive HTML5 Map Builder v12.2 (Free Trial Ver (HKLM-x32\...\imaphtml5_webunion_is1) (Version:  - WebUnion Media Ltd.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM\...\{00000070-0190-4FD1-8F3D-148929CC1385}) (Version: 19.70.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b22b6ab3-9e4d-4017-97c9-8dc328f41396}) (Version: 20.120.1 - Intel Corporation)
IObit Uninstaller 9 (HKLM-x32\...\IObitUninstall) (Version: 9.0.2.40 - IObit)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
K-Lite Codec Pack 9.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Leawo DVD Creator version  5.2.0.0 (HKLM-x32\...\{29312768-5795-483C-805A-7D01B8FC7C0E}_is1) (Version: 5.2.0.0 - Leawo Software Co., Ltd.)
LibreOffice 5.2 Help Pack (English (United States)) (HKLM-x32\...\{869A3022-8FC9-4F19-92EF-06F0E29F6F7E}) (Version: 5.2.2.2 - The Document Foundation)
LibreOffice 5.2.2.2 (HKLM-x32\...\{69751441-D5E0-4668-893F-CB797B082D09}) (Version: 5.2.2.2 - The Document Foundation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.1.1000 - Maxthon International Limited)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6568.0 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.12527.21594 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 11 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero WaveEditor (HKLM-x32\...\{D0656D0B-9712-45BD-9243-21FEBF5B05E5}) (Version: 14.0.00600 - Nero AG)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21594 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21594 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12527.21594 - Microsoft Corporation) Hidden
OpenMG Secure Module 5.0.00 (HKLM-x32\...\{8ED3A392-28F1-4375-97AC-BF275B5855F9}) (Version: 5.0.00.11280 - Sony Corporation) Hidden
OpenMG Secure Module 5.0.00 (HKLM-x32\...\InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}) (Version: 5.0.00.11280 - Sony Corporation)
Oracle VM VirtualBox 5.2.12 (HKLM\...\{128AD467-F107-4FED-A283-F355E74DE103}) (Version: 5.2.12 - Oracle Corporation)
Paragon Hard Disk Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon HFS+ for Windows (HKLM-x32\...\{429D6E81-8E1E-42E6-8AB9-025DD9157F9B}) (Version: 11.3.158 - Paragon Software GmbH)
Paragon HFS+ for Windows™ 10.5 (HKLM-x32\...\{456534C0-51E7-11DF-B336-005056C00008}) (Version: 1.00 - Paragon Software)
PdaNet+ for Android 4.19 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0010 - Nero AG) Hidden
PrimeCheck (HKLM-x32\...\{F7466545-6CC2-4BD9-8137-E5678B63A602}) (Version: 1.5.7 - Primedia Products, Inc.)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.006 - Dell Inc.)
QuickVPN Client (HKLM-x32\...\{5C8AE145-C9F7-4883-9750-7ECD2B41CCCA}) (Version: 1.4.2.1 - Cisco  Small Business)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39060 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11073 - Realtek Semiconductor Corp.)
Realtek USB Gigabit Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.16.203.2015 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
Recover Keys (HKLM\...\Recover Keys_is1) (Version: 8.0.3.113 - Recover Keys)
R-Studio 5.2 (HKLM-x32\...\R-Studio 5.2NSIS) (Version: 5.2.130709 - R-Tools Technology Inc.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SeaTools for Windows 1.4.0.5 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.5 - Seagate Technology)
Second Copy 9 (HKLM\...\Second Copy 9_is1) (Version: 9.0.0.1 - Centered Systems)
Sling (HKLM-x32\...\{33B2A40C-B8BF-4E5A-8213-1EEB309B0DD0}) (Version: 4.8.154 - Echostar)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Speedtest by Ookla (HKLM\...\{CFF1450F-71E9-4286-82AE-99E6D797CAD3}) (Version: 1.1.23.001 - Ookla)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com)
Topaz Studio (HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\{91375d14-8821-4839-b815-5ceb5f198498}) (Version: 1.0.5 - Topaz Labs, LLC)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Visual BCD (HKLM-x32\...\{436D50FF-8FA1-4FDD-A9C9-48B52A990F57}) (Version: 0.9.3.1 - BoYans)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WebViewer DVR 1.0.0.128 (HKLM-x32\...\WebViewer DVR) (Version: 1.0.0.128 - Samsung Techwin Co., Ltd.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dell Inc (DellRbtn) HIDClass  (05/04/2015 1.4.2) (HKLM\...\70CCEEBCDF8A7D01F9CCA083F90CBABE40EAC5EB) (Version: 05/04/2015 1.4.2 - Dell Inc)
Windows Driver Package - Intel net  (01/28/2016 18.33.0.2) (HKLM\...\3C9E4BB008C9C91057A9A267D8912215F3AA297D) (Version: 01/28/2016 18.33.0.2 - Intel)
Windows Driver Package - Intel net  (01/28/2016 18.33.0.2) (HKLM\...\D48DC34EF799C5632AED32E93C4676F873F7542B) (Version: 01/28/2016 18.33.0.2 - Intel)
Windows Driver Package - Intel net  (02/25/2016 18.40.0.9) (HKLM\...\2FD99C6C777BFC1E1635BCE7CDF6E2D84E9D2C45) (Version: 02/25/2016 18.40.0.9 - Intel)
Windows Driver Package - Intel net  (04/30/2015 15.12.0.9) (HKLM\...\902E98F36093A8CAEF99BAC759CF0B845129E207) (Version: 04/30/2015 15.12.0.9 - Intel)
Windows Driver Package - Intel net  (04/30/2015 15.18.0.1) (HKLM\...\A5A8069731A4D4C3B9754F06127ADC3BBCEA8EBA) (Version: 04/30/2015 15.18.0.1 - Intel)
WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}) (Version: 22.0.12706 - Corel Corporation)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 3.0.9.0 - HTC)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
ZoneAlarm Antivirus (HKLM-x32\...\{B7A757CA-7545-4EB4-9EF2-FA4D8CE6D2F7}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Extreme Security (HKLM-x32\...\ZoneAlarm Extreme Security) (Version: 15.3.060.17669 - Check Point)
ZoneAlarm Find My Laptop (HKLM-x32\...\{0B7DC6E7-A65D-4CF0-B348-E90C5AB59578}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{B136506E-D077-4943-9F0D-B22494BAC3BA}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Parental Controls (HKLM\...\{9D0D6B72-4C5C-498D-9A8A-DA53341E8BC1}) (Version: 7.2.6.1 - ContentWatch) Hidden
ZoneAlarm Security (HKLM-x32\...\{21085985-346F-4750-B57C-270359D3BB83}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
Zoom (HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel® pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll () [File not signed]
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-15] (Corel Corporation -> WinZip Computing, S.L.)
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-15] (Corel Corporation -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2016-11-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-15] (Corel Corporation -> WinZip Computing, S.L.)
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [107864 2008-07-10] (TechSmith Corporation -> TechSmith Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2018-09-20 23:50 - 2012-08-08 20:56 - 000863232 _____ ( Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\P2PLib.dll
2018-09-20 23:50 - 2012-11-06 08:47 - 000114688 _____ () [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\EnumDevLib.dll
2017-04-10 17:13 - 2012-09-29 12:25 - 000409088 _____ () [File not signed] C:\windows\System32\HPM1210LM.DLL
2017-03-03 12:00 - 2011-08-25 11:56 - 001844736 _____ () [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\EF320504.dll
2017-04-10 17:13 - 2012-09-29 12:53 - 001038336 _____ () [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\HPM1210GC.dll
2017-04-10 17:13 - 2012-09-29 12:26 - 003120128 _____ () [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\hpm1210su.dll
2017-04-10 17:13 - 2012-09-29 12:25 - 000074240 _____ () [File not signed] C:\windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2009-07-13 20:20 - 2009-07-13 20:40 - 000211456 _____ (CANON INC.) [File not signed] C:\windows\System32\CNBLM3_2.DLL
2019-06-25 01:14 - 2009-07-13 20:40 - 000083968 _____ (CANON INC.) [File not signed] C:\windows\system32\spool\PRTPROCS\x64\CNBPP3.DLL
2016-03-25 06:38 - 2016-03-25 06:38 - 001733632 _____ (Check Point Software Technologies LTD) [File not signed] C:\Program Files (x86)\CheckPoint\AKL\ISWRCS.dll
2013-08-10 10:12 - 2013-08-10 10:12 - 000328704 _____ (Hewlett-Packard Co.) [File not signed] C:\windows\System32\hpinksts7112LM.dll
2013-08-10 10:26 - 2013-08-10 10:26 - 003644928 _____ (Hewlett-Packard Co.) [File not signed] C:\windows\system32\HPScanTRDrv_OJ8610.dll
2014-11-17 09:43 - 2014-11-17 09:43 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2014-11-17 09:43 - 2014-11-17 09:43 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2017-08-11 11:09 - 2016-10-04 09:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2016-03-26 11:16 - 2014-08-25 11:49 - 000074240 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2009-07-13 19:35 - 2009-06-10 16:14 - 000196608 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
2018-05-11 16:00 - 2018-04-10 11:35 - 001735168 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\windows\system32\comsvcs.dll
2009-07-13 19:00 - 2009-07-13 20:40 - 000402944 _____ (Microsoft Corporation) [File not signed] [File is in use] c:\windows\system32\es.dll
2017-09-22 07:56 - 2017-08-11 01:35 - 000757248 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\windows\System32\win32spl.dll
2020-03-22 23:00 - 2019-12-16 19:18 - 000416256 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\SysWOW64\Dxtmsft.dll
2020-03-22 23:00 - 2019-12-16 19:09 - 000279040 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\SysWOW64\Dxtrans.dll
2018-05-15 01:18 - 2018-05-15 01:18 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2016-04-01 08:10 - 2015-09-01 13:14 - 000503296 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
2020-03-22 23:00 - 2019-12-16 18:37 - 000805376 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Internet Explorer\ieproxy.dll
2018-09-11 16:37 - 2018-07-07 11:01 - 000316928 _____ (Microsoft Corporation) [File not signed] C:\windows\AppPatch\AppPatch64\AcGenral.DLL
2016-04-03 13:59 - 2015-10-29 12:50 - 000350208 _____ (Microsoft Corporation) [File not signed] C:\windows\AppPatch\AppPatch64\AcLayers.DLL
2009-07-13 19:24 - 2009-07-13 20:40 - 000026112 _____ (Microsoft Corporation) [File not signed] C:\Windows\ehome\ehSSO.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000053248 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\acppage.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000780800 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\Actioncenter.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000961024 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\actxprxy.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000880640 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ADVAPI32.dll
2016-04-03 13:59 - 2015-10-29 12:50 - 000072192 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\aelupsvc.dll
2019-12-02 16:48 - 2019-09-09 19:09 - 000257024 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\AEPIC.dll
2009-07-13 18:55 - 2009-07-13 20:40 - 000053248 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\AltTab.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000010752 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003584 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000002560 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000005632 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003072 ____H (Microsoft Corporation) [File not signed] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000009728 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000005632 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000004096 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003072 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-04-03 13:59 - 2015-10-29 12:50 - 000342016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\apphelp.dll
2009-07-13 18:32 - 2009-07-13 20:40 - 000033792 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\APPHLPDM.DLL
2019-12-02 16:48 - 2019-11-05 16:19 - 000070144 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\appinfo.dll
2017-04-15 11:28 - 2017-03-07 11:30 - 000085504 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\asycfilt.dll
2009-07-13 19:34 - 2009-07-13 20:40 - 000090624 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ATL.DLL
2019-12-02 16:48 - 2019-09-11 22:44 - 000438784 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\audioeng.dll
2019-12-02 16:48 - 2019-09-11 22:44 - 000295936 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\audioses.dll
2019-12-02 16:48 - 2019-09-11 22:44 - 000680960 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\audiosrv.dll
2019-12-02 16:48 - 2019-11-05 16:19 - 001942016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\authui.dll
2009-07-13 18:50 - 2009-07-13 20:40 - 000177664 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\AUTHZ.dll
2009-07-13 19:22 - 2009-07-13 20:40 - 000018432 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\AVRT.dll
2016-04-01 08:17 - 2015-07-14 22:19 - 000052736 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\basesrv.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000749568 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\BatMeter.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000123904 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\bcrypt.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000705024 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\bfe.dll
2009-07-13 18:46 - 2009-07-13 20:40 - 000056832 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\bitsigd.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000024576 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\bitsperf.dll
2016-04-01 08:09 - 2012-07-04 17:13 - 000059392 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\BROWCLI.DLL
2016-04-01 08:09 - 2012-07-04 17:13 - 000136704 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\browser.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000721408 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\bthprops.cpl
2009-07-13 19:06 - 2009-07-13 20:40 - 000083968 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\bthserv.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000094720 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\Cabinet.dll
2009-07-13 19:00 - 2009-07-13 20:40 - 000472576 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\catsrv.dll
2009-07-13 18:59 - 2009-07-13 20:40 - 000056320 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\catsrvps.dll
2018-05-11 16:00 - 2018-04-10 11:34 - 000525824 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\catsrvut.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000207872 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CFGMGR32.dll
2009-07-13 19:00 - 2009-07-13 20:40 - 000607744 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CLBCatQ.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000314368 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CLUSAPI.DLL
2009-06-22 20:19 - 2009-06-22 20:19 - 000504320 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\CNBJMON.DLL
2009-06-22 20:23 - 2009-06-22 20:23 - 000690176 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\CNBJMON2.DLL
2009-07-13 18:59 - 2009-07-13 20:40 - 000255488 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\Com\comadmin.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000594432 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\COMDLG32.dll
2009-07-13 18:59 - 2009-07-13 20:26 - 001297408 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\COMRES.DLL
2020-03-22 22:59 - 2020-01-02 22:33 - 000022016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\credssp.dll
2016-04-03 13:58 - 2013-10-03 21:25 - 000197120 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\credui.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 001484800 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CRYPT32.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000043520 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CRYPTBASE.dll
2019-06-16 16:42 - 2019-04-04 19:34 - 000064000 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\cryptdll.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000141824 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\CRYPTNET.dll
2019-07-23 10:14 - 2019-06-12 10:07 - 000081920 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CRYPTSP.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000191488 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\cryptsvc.dll
2019-12-02 16:48 - 2019-11-05 16:20 - 001068544 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CRYPTUI.dll
2018-08-20 21:18 - 2018-06-29 10:55 - 000045568 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\cscapi.dll
2018-08-20 21:18 - 2018-06-29 10:55 - 000030208 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\CSCDLL.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000498688 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\cscui.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000044032 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CSRSRV.dll
2016-04-03 13:59 - 2013-11-22 17:48 - 003928064 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d2d1.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000194560 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d3d10_1.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000333312 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d3d10_1core.dll
2019-02-03 10:55 - 2018-10-06 08:05 - 002565120 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\D3D10Warp.dll
2016-04-01 11:52 - 2016-04-01 11:52 - 001887232 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d3d11.dll
2009-07-13 18:41 - 2009-07-13 20:40 - 000012288 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d3d8thk.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 002067456 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d3d9.dll
2017-02-15 00:08 - 2016-09-08 15:34 - 000108544 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\davclnt.dll
2009-07-13 18:23 - 2009-07-13 20:40 - 000025600 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\DAVHLPR.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001087488 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\dbghelp.dll
2020-03-22 23:00 - 2019-11-14 21:21 - 000014336 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DCIMAN32.dll
2009-07-13 18:41 - 2009-07-13 20:40 - 000569344 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DDRAW.dll
2016-04-01 08:13 - 2015-12-08 14:07 - 000076288 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\devenum.dll
2009-07-13 18:26 - 2009-07-13 20:40 - 000093184 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DEVOBJ.dll
2009-07-13 18:26 - 2009-07-13 20:40 - 000058368 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\DEVRTL.dll
2009-07-13 18:53 - 2009-07-13 20:40 - 000062976 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dfscli.dll
2019-08-14 19:54 - 2019-07-13 03:31 - 000318976 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\dhcpcore.dll
2019-08-14 19:54 - 2019-07-13 03:31 - 000226304 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\dhcpcore6.dll
2019-08-14 19:53 - 2019-07-13 03:31 - 000086528 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\dhcpcsvc.DLL
2019-08-14 19:54 - 2019-07-13 03:31 - 000054784 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\dhcpcsvc6.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 001340416 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\diagperf.dll
2009-07-13 18:53 - 2009-07-13 20:40 - 000040448 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dimsjob.dll
2018-07-11 21:24 - 2018-06-08 11:19 - 000357888 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\DNSAPI.dll
2009-07-13 19:12 - 2009-07-13 20:40 - 000008192 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\dnsext.dll
2018-07-11 21:24 - 2018-06-08 11:19 - 000182272 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\dnsrslvr.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000162816 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\dps.dll
2009-07-13 19:17 - 2009-07-13 20:40 - 000024576 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\drprov.dll
2009-07-13 19:18 - 2009-07-13 20:40 - 000540672 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DSOUND.dll
2009-07-13 18:50 - 2009-07-13 20:40 - 000032768 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\dsrole.dll
2009-07-13 19:08 - 2009-07-13 20:40 - 000036352 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dtsh.dll
2009-07-13 18:41 - 2009-07-13 20:40 - 000976896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DUI70.dll
2009-07-13 18:39 - 2009-07-13 20:40 - 000260608 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DUser.dll
2016-04-03 13:57 - 2015-07-09 12:58 - 000082944 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dwmapi.dll
2016-04-03 13:57 - 2015-07-09 12:58 - 001632256 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dwmcore.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000128512 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dwmredir.dll
2019-12-02 16:48 - 2019-10-14 18:58 - 001650176 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DWrite.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000363008 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dxgi.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000459776 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dxp.dll
2009-07-13 19:12 - 2009-07-13 20:40 - 000263680 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\eappcfg.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000303616 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\eapphost.dll
2009-07-13 19:12 - 2009-07-13 20:40 - 000064512 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\eappprxy.dll
2009-07-13 19:12 - 2009-07-13 20:40 - 000111104 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\eapsvc.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000144896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\EhStorAPI.dll
2009-07-13 19:00 - 2009-07-13 20:40 - 000203264 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\EhStorShell.dll
2016-04-03 13:57 - 2011-03-11 01:33 - 002565632 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ESENT.dll
2019-06-16 16:42 - 2019-05-24 19:03 - 001867776 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\EXPLORERFRAME.dll
2019-12-02 16:48 - 2019-09-09 21:24 - 000355328 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\FaultRep.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000016384 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\fdphost.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000051200 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\fdPnp.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000074240 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\fdproxy.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000093696 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\fdssdp.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000101376 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\fdwcn.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000028160 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\fdWNet.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000132096 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\fdwsd.dll
2018-09-11 16:37 - 2018-08-10 10:54 - 000749568 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\FirewallAPI.dll
2009-07-13 18:23 - 2009-07-13 20:40 - 000019456 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\FLTLIB.DLL
2019-12-02 16:48 - 2019-10-14 18:58 - 001182208 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\fntcache.dll
2016-05-22 15:06 - 2016-02-13 05:33 - 000256512 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\framedynos.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000194560 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\FunDisc.dll
2009-07-13 18:21 - 2009-07-13 20:40 - 000020480 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\FVECERTS.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000324096 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\fwpuclnt.dll
2017-02-15 00:07 - 2016-05-12 12:14 - 000075776 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\FwRemoteSvr.DLL
2010-11-20 22:25 - 2010-11-20 22:25 - 000623104 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\FXSAPI.dll
2010-11-20 22:25 - 2010-11-20 22:25 - 000041984 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\FXSMON.DLL
2009-07-13 19:36 - 2009-07-13 20:27 - 000925184 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\FXSRESM.DLL
2009-07-13 19:35 - 2009-07-13 20:40 - 000863744 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\fxsst.dll
2016-04-03 14:01 - 2012-12-07 08:15 - 002746368 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\gameux.dll
2020-03-22 23:00 - 2019-11-27 22:28 - 000405504 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\GDI32.dll
2009-07-13 18:42 - 2009-07-13 20:40 - 000165376 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\GLU32.dll
2017-02-15 00:07 - 2016-05-12 12:14 - 000096256 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\GPAPI.dll
2017-02-15 00:07 - 2016-05-12 12:14 - 000794624 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\gpsvc.dll
2009-07-13 18:56 - 2009-07-13 20:40 - 000031232 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\hcproviders.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000332288 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\hgcpl.dll
2009-07-13 19:06 - 2009-07-13 20:41 - 000030208 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\HID.DLL
2009-07-13 19:08 - 2009-07-13 20:41 - 000424448 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\hnetcfg.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000027136 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\HotStartUserAgent.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000045056 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\HTTPAPI.dll
2017-09-22 07:56 - 2017-08-14 12:35 - 000022528 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ICAAPI.dll
2020-03-22 23:00 - 2019-11-14 21:21 - 000250880 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\icm32.dll
2009-07-13 18:37 - 2009-07-13 20:41 - 000014336 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\IconCodecService.dll
2009-07-13 18:26 - 2009-07-13 20:41 - 000037376 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\IdnDL.dll
2020-03-22 23:00 - 2019-12-16 19:14 - 015445504 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\ieframe.dll
2020-03-22 23:00 - 2019-12-16 20:06 - 002910720 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\iertutil.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000863232 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ikeext.dll
2016-04-01 08:09 - 2013-10-18 21:18 - 000081408 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\imagehlp.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000503296 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\imapi2.dll
2009-07-13 18:38 - 2009-07-13 20:41 - 000167424 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\IMM32.DLL
2017-09-22 07:56 - 2017-08-11 01:34 - 000166400 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\inetpp.dll
2009-07-13 18:35 - 2009-07-13 20:41 - 000101888 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ipbusenum.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000145920 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\IPHLPAPI.DLL
2017-02-15 00:07 - 2016-05-12 12:14 - 000502272 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ipsecsvc.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000733184 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\kerberos.DLL
2020-03-22 23:00 - 2020-01-02 22:33 - 001162752 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\kernel32.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000408576 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\KERNELBASE.dll
2016-04-01 08:13 - 2015-12-08 14:06 - 000250880 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\ksproxy.ax
2016-04-01 08:13 - 2015-12-08 14:07 - 000005120 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ksuser.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000133120 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\kswdmcap.ax
2009-07-13 18:19 - 2009-07-13 20:41 - 000023040 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ktmw32.dll
2009-07-13 19:07 - 2009-07-13 20:41 - 000071168 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\l2gpstore.dll
2009-07-13 18:55 - 2009-07-13 20:41 - 000029696 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\LINKINFO.dll
2009-07-13 19:09 - 2009-07-13 20:41 - 000023552 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\lmhsvc.dll
2019-03-17 09:09 - 2019-02-16 01:02 - 000972288 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\localspl.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000186880 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\LOGONCLI.DLL
2020-03-22 23:00 - 2019-11-14 21:21 - 000041472 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\LPK.dll
2016-04-01 08:09 - 2015-11-13 18:09 - 000091648 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\mapi32.dll
2019-07-23 10:14 - 2019-06-12 10:07 - 004120576 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MF.dll
2016-04-01 08:11 - 2011-03-11 01:34 - 001395712 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MFC42.DLL
2009-07-13 18:59 - 2009-07-13 20:41 - 000033792 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MfcSubs.dll
2019-07-23 10:14 - 2019-06-12 10:07 - 000433152 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MFPlat.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000257024 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MFReadWrite.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000022528 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\mgmtapi.dll
2009-07-13 19:18 - 2009-07-13 20:41 - 000020480 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\midimap.dll
2009-07-13 18:55 - 2009-07-13 20:41 - 000226816 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\MLANG.dll
2009-07-13 19:22 - 2009-07-13 20:41 - 000067584 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\mmcss.dll
2009-07-13 19:18 - 2009-07-13 20:41 - 000284160 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\MMDevAPI.DLL
2009-07-13 19:10 - 2009-07-13 20:41 - 000080896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MPR.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000221184 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\MPRAPI.dll
2018-09-11 16:37 - 2018-08-10 10:54 - 000828928 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\mpssvc.dll
2009-07-13 19:18 - 2009-07-13 20:41 - 000083456 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSACM32.dll
2009-07-13 19:18 - 2009-07-13 20:38 - 000025600 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msacm32.drv
2010-11-20 22:24 - 2010-11-20 22:24 - 000046592 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSASN1.dll
2020-03-22 23:00 - 2019-11-14 21:21 - 000623104 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\mscms.dll
2019-09-11 09:31 - 2019-08-28 21:50 - 001078784 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSCTF.dll
2009-07-13 18:39 - 2009-07-13 20:41 - 000028160 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MsCtfMonitor.dll
2009-07-13 18:39 - 2009-07-13 20:41 - 000114176 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msctfui.dll
2009-07-13 18:22 - 2009-07-13 20:41 - 000451584 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msdelta.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000035840 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msdmo.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000124928 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\MSDTCLOG.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000745472 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSDTCPRX.DLL
2010-11-20 22:23 - 2010-11-20 22:23 - 001509888 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\MSDTCTM.dll
2009-07-13 18:59 - 2009-07-13 20:29 - 000021504 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\msdtcVSp1res.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000799744 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MsftEdit.dll
2019-12-02 16:48 - 2019-11-05 16:20 - 003247616 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msi.dll
2016-04-03 13:55 - 2013-10-29 21:32 - 000335360 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msieftp.dll
2009-07-13 18:48 - 2009-07-13 20:41 - 000019968 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msiltcfg.dll
2019-12-02 16:48 - 2019-11-05 16:20 - 000008192 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSIMG32.dll
2009-07-13 18:39 - 2009-07-13 20:41 - 000041984 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msimtf.dll
2016-04-01 11:57 - 2016-04-01 11:57 - 000247808 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msls31.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000099840 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\mssprxy.dll
2009-07-13 18:39 - 2009-07-13 20:41 - 000235520 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSUTB.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000316928 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msv1_0.DLL
2016-04-01 08:11 - 2011-12-16 03:46 - 000634880 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msvcrt.dll
2017-02-15 00:07 - 2016-05-11 12:02 - 000327168 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\mswsock.dll
2019-05-02 11:05 - 2019-03-11 16:41 - 001894912 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\msxml3.dll
2019-08-14 19:54 - 2019-07-13 03:32 - 002009600 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\msxml6.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000372736 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MTXCLU.DLL
2017-02-15 00:07 - 2016-03-16 13:50 - 000156672 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\mtxoci.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000068096 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\napinsp.dll
2016-05-22 15:06 - 2016-02-13 05:37 - 000059392 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NCObjAPI.DLL
2020-03-22 23:00 - 2020-01-02 22:33 - 000312320 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ncrypt.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000223232 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ncsi.dll
2016-04-01 08:09 - 2012-07-04 17:16 - 000073216 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\NETAPI32.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000519680 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\netcfgx.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000188928 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\netjoin.dll
2009-07-13 19:08 - 2009-07-13 20:41 - 000360448 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\netman.dll
2009-07-13 19:12 - 2009-07-13 20:41 - 000459776 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\netprofm.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 002652160 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\netshell.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000029184 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\netutils.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001672704 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NetworkExplorer.dll
2009-07-13 19:08 - 2009-07-13 20:41 - 000053248 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NetworkItemFactory.dll
2009-07-13 18:26 - 2009-07-13 20:41 - 000313856 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\newdev.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000070656 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NLAapi.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000303104 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\nlasvc.dll
2009-07-13 18:26 - 2009-07-13 20:31 - 000002560 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\normaliz.DLL
2009-07-13 19:12 - 2009-07-13 20:41 - 000031744 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\npmproxy.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000015360 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\nrpsrv.DLL
2017-09-22 07:56 - 2017-08-11 01:35 - 000013312 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NSI.dll
2017-09-22 07:56 - 2017-08-11 01:35 - 000026112 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\nsisvc.dll
2009-07-13 18:54 - 2009-07-13 20:41 - 000152064 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NTDSAPI.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000129536 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\ntlanman.dll
2009-07-13 18:50 - 2009-07-13 20:41 - 000162304 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ntmarta.dll
2016-04-03 13:56 - 2012-01-04 05:44 - 000509952 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ntshrui.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000720896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ODBC32.dll
2009-07-13 19:28 - 2009-07-13 20:31 - 000229376 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\odbcint.dll
2020-03-22 23:00 - 2019-11-14 21:22 - 002072576 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ole32.dll
2016-04-01 11:32 - 2011-08-27 00:37 - 000331776 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\OLEACC.dll
2020-03-22 23:00 - 2019-11-14 21:22 - 000878080 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\OLEAUT32.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000128000 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\oledlg.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000235520 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\OneX.DLL
2009-07-13 18:42 - 2009-07-13 20:41 - 001039872 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\OPENGL32.dll
2019-07-23 10:14 - 2019-06-12 10:07 - 000187904 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\pcasvc.dll
2009-07-13 18:19 - 2009-07-13 20:41 - 000036864 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\pcwum.dll
2017-05-17 00:54 - 2017-03-10 11:32 - 000300544 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\pdh.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000029696 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\perfos.dll
2016-04-03 13:56 - 2015-01-08 22:14 - 000950272 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\perftrack.dll
2009-07-13 19:18 - 2009-07-13 20:41 - 000084992 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\PlaySndSrv.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 001808384 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\pnidui.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000012288 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\pnpts.dll
2009-07-13 19:11 - 2009-07-13 20:41 - 000086016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\pnrpnsp.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000758272 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\PortableDeviceApi.dll
2009-07-13 19:21 - 2009-07-13 20:41 - 000077824 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\portabledeviceconnectapi.dll
2009-07-13 19:21 - 2009-07-13 20:41 - 000219648 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\PortableDeviceTypes.dll
2016-04-03 13:56 - 2015-01-08 22:14 - 000029696 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\powertracker.dll
2009-07-13 18:27 - 2009-07-13 20:41 - 000167424 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\POWRPROF.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000048128 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\PrintIsolationProxy.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000416256 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\prnfldr.dll
2009-07-13 18:20 - 2009-07-13 20:41 - 000044032 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\profapi.dll
2016-04-01 08:09 - 2014-12-18 22:06 - 000210432 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\profsvc.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 001212416 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\PROPSYS.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000187904 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\provsvc.dll
2009-07-13 18:26 - 2009-07-13 20:41 - 000009216 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\psapi.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000266240 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\QAgent.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000181248 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\qcap.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000849920 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\qmgr.dll
2020-03-22 23:00 - 2019-11-14 21:22 - 001574400 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\quartz.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000107520 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\QUtil.dll
2009-07-13 18:32 - 2009-07-13 20:41 - 000097792 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\radardt.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000016384 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\rasadhlp.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000384512 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\RASAPI32.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000860672 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\RASDLG.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000100352 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\rasman.dll
2009-07-13 18:34 - 2009-07-13 20:41 - 000086016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RESUTILS.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000633344 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RICHED20.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000010752 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RICHED32.DLL
2009-07-13 18:21 - 2009-07-13 20:41 - 000067072 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\rpcepmap.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 001211392 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RPCRT4.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RpcRtRemote.dll
2020-03-22 23:00 - 2019-11-14 21:22 - 000517632 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\rpcss.dll
2009-07-13 18:35 - 2009-07-13 20:41 - 000188416 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RstrtMgr.DLL
2010-11-20 22:23 - 2010-11-20 22:23 - 000052224 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\rtutils.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000067584 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\samcli.dll
2017-04-15 11:28 - 2017-02-09 11:32 - 000106496 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SAMLIB.dll
2018-04-10 13:51 - 2018-01-12 11:40 - 000407040 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SCESRV.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000089088 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\scext.dll
2020-03-22 22:59 - 2020-01-02 22:33 - 000345600 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\schannel.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000024064 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SCHEDCLI.DLL
2019-06-16 16:41 - 2019-06-03 18:11 - 001110528 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\schedsvc.dll
2019-02-03 10:56 - 2018-10-26 22:42 - 000230400 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\scrobj.dll
2019-02-03 10:56 - 2018-10-26 22:42 - 000202752 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\scrrun.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000867840 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SearchFolder.dll
2016-04-03 14:00 - 2015-05-25 13:19 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\sechost.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000028160 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\secur32.dll
2009-07-13 18:50 - 2009-07-13 20:32 - 000005120 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\security.dll
2009-07-13 18:34 - 2009-07-13 20:41 - 000064512 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\sens.dll
2009-07-13 18:34 - 2009-07-13 20:41 - 000015872 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SensApi.dll
2009-07-13 19:00 - 2009-07-13 20:41 - 000174592 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\SensorsApi.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001900544 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SETUPAPI.dll
2009-07-13 18:25 - 2009-07-13 20:33 - 000003072 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\sfc.dll
2009-07-13 18:26 - 2009-07-13 20:41 - 000045056 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\sfc_os.DLL
2010-11-20 22:23 - 2010-11-20 22:23 - 000135168 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\shacct.dll
2017-09-22 07:56 - 2017-08-19 10:28 - 000197120 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\shdocvw.dll
2019-06-16 16:42 - 2019-05-24 19:04 - 014185984 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SHELL32.dll
2009-07-13 18:55 - 2009-07-13 20:41 - 000010240 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\shfolder.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000448512 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SHLWAPI.dll
2020-03-22 23:00 - 2019-12-10 03:32 - 000371712 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\shsvcs.dll
2009-07-13 18:51 - 2009-07-13 20:41 - 000030720 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\slc.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SndVolSSO.DLL
2009-07-13 19:10 - 2009-07-13 20:41 - 000027648 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\snmpapi.dll
2009-07-13 18:26 - 2009-07-13 20:41 - 000105472 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\SPINF.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000847872 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\PS5UI.DLL
2019-03-17 09:09 - 2019-02-16 01:02 - 000038912 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\spool\PRTPROCS\x64\winprint.dll
2009-07-13 19:39 - 2009-07-13 20:41 - 000057856 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\SPOOLSS.DLL
2010-11-20 22:25 - 2010-11-20 22:25 - 000244224 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SPP.dll
2010-11-20 22:25 - 2010-11-20 22:25 - 000340992 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\srchadmin.dll
2020-03-22 22:59 - 2020-01-02 22:33 - 000050176 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SRCLIENT.dll
2020-03-22 22:59 - 2020-01-02 22:33 - 000503808 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\srcore.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000128000 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\srvcli.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000236032 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\srvsvc.dll
2009-07-13 18:36 - 2009-07-13 20:41 - 000026624 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\srwmi.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000013312 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SSCORE.DLL
2019-08-14 19:54 - 2019-07-13 03:32 - 000051200 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\SSDPAPI.dll
2019-08-14 19:54 - 2019-07-13 03:32 - 000193024 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ssdpsrv.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000135680 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SSPICLI.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000257024 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\stobject.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000486912 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\StructuredQuery.dll
2009-07-13 18:37 - 2009-07-13 20:41 - 000524288 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\swprv.dll
2009-07-13 18:36 - 2009-07-13 20:41 - 000075776 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\sxproxy.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000582656 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\sxs.dll
2019-05-02 11:05 - 2019-03-20 21:10 - 000032768 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\sxssrv.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 002262528 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\SyncCenter.dll
2016-04-01 08:11 - 2012-09-25 17:46 - 000095744 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SYNCENG.dll
2009-07-13 19:22 - 2009-07-13 20:41 - 000073728 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\Syncreg.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000200192 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\syncui.dll
2009-07-13 18:52 - 2009-07-13 20:41 - 000023040 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SYSNTFY.dll
2019-06-16 16:41 - 2019-06-03 18:11 - 000474112 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\taskcomp.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001197056 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\taskschd.dll
2016-04-03 13:58 - 2016-02-05 13:56 - 000020480 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\tbs.dll
2009-07-13 19:39 - 2009-07-13 20:41 - 000038912 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\tcpmib.dll
2009-07-13 19:39 - 2009-07-13 20:41 - 000195072 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\tcpmon.dll
2016-04-03 13:59 - 2015-07-22 19:02 - 000879104 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\tdh.dll
2019-05-02 11:05 - 2019-03-11 16:41 - 000688128 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\termsrv.dll
2009-07-13 18:54 - 2009-07-13 20:41 - 000044544 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\themeservice.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000112640 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\thumbcache.dll
2016-04-03 13:55 - 2011-12-30 01:26 - 000515584 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\timedate.cpl
2009-07-13 18:59 - 2009-07-13 20:41 - 000119808 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\trkwks.dll
2009-07-13 18:46 - 2009-07-13 20:41 - 000017408 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\tschannel.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000172544 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\twext.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000119296 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\txflog.dll
2016-04-01 08:10 - 2015-02-02 22:31 - 000215552 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\UBPM.dll
2009-07-13 18:37 - 2009-07-13 20:41 - 000328704 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\uDWM.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 003860992 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\UIRibbon.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000059904 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\umb.dll
2016-04-01 08:11 - 2011-05-24 06:42 - 000404480 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\umpnpmgr.dll
2019-12-02 16:48 - 2019-09-18 23:27 - 000168448 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\umpo.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000264192 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\upnp.dll
2020-03-22 23:00 - 2019-12-16 18:52 - 001566720 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\urlmon.dll
2009-07-13 19:39 - 2009-07-13 20:41 - 000045056 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\usbmon.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 001010688 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\USER32.dll
2019-12-02 16:48 - 2019-11-05 16:20 - 000110592 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\USERENV.dll
2019-12-02 16:48 - 2019-11-05 16:20 - 000806400 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\USP10.dll
2009-07-13 18:54 - 2009-07-13 20:41 - 000025088 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\UXINIT.dll
2009-07-13 18:37 - 2009-07-13 20:41 - 000038912 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\uxsms.dll
2009-07-13 18:55 - 2009-07-13 20:41 - 000332288 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\UxTheme.dll
2009-07-13 18:57 - 2009-07-13 20:41 - 000029184 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\VERSION.dll
2009-07-13 19:06 - 2009-07-13 20:38 - 000028672 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\vidcap.ax
2009-07-13 18:25 - 2009-07-13 20:41 - 000021504 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\VirtDisk.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000061952 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\vss_ps.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001753088 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\VSSAPI.DLL
2009-07-13 18:36 - 2009-07-13 20:41 - 000076800 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\VssTrace.DLL
2010-11-20 22:23 - 2010-11-20 22:23 - 002058240 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\cimwin32.dll
2016-05-22 15:05 - 2016-02-13 05:34 - 000401920 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\esscli.dll
2016-05-22 15:05 - 2016-02-13 05:32 - 000854016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\FastProx.dll
2009-07-13 18:47 - 2009-07-13 20:41 - 000044544 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\krnlprov.dll
2016-05-22 15:06 - 2016-02-13 05:31 - 000077312 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\ncprov.dll
2016-05-22 15:05 - 2016-02-13 05:32 - 000352256 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\repdrvfs.dll
2009-07-13 18:37 - 2009-07-13 20:41 - 000190976 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\vsswmi.dll
2016-05-22 15:05 - 2016-02-13 05:22 - 001145856 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wbemcore.dll
2009-07-13 18:47 - 2009-07-13 20:41 - 000266752 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wbemdisp.dll
2016-05-22 15:05 - 2016-02-13 05:32 - 000464896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wbemess.dll
2016-05-22 15:06 - 2016-02-13 05:37 - 000035840 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wbemprox.dll
2016-05-22 15:05 - 2016-02-13 05:37 - 000062976 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wbemsvc.dll
2016-05-22 15:05 - 2016-02-13 05:36 - 000193024 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wmidcprv.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000136192 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\wbem\WmiPerfClass.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000228864 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wmiprov.dll
2016-05-22 15:05 - 2016-02-13 05:31 - 000752128 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wmiprvsd.dll
2016-05-22 15:05 - 2016-02-13 05:30 - 000215040 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wbem\wmisvc.dll
2016-05-22 15:06 - 2016-02-13 05:33 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wmiutils.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000529408 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbemcomn.dll
2016-05-22 15:05 - 2016-02-13 05:33 - 000452608 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbemcomn2.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000120320 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wcnapi.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000366592 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wcncsvc.dll
2016-04-03 13:56 - 2015-01-08 22:14 - 000091136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wdi.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000036352 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wdiasqmmodule.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000217088 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wdmaud.drv
2009-07-13 18:28 - 2009-07-13 20:41 - 000271360 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\WDSCORE.dll
2017-02-15 00:05 - 2016-03-09 14:00 - 000396800 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\webio.dll
2018-06-25 14:44 - 2018-05-14 22:44 - 001159680 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\webservices.dll
2019-12-02 16:48 - 2019-09-09 21:24 - 000486912 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wer.dll
2019-12-02 16:48 - 2019-09-09 21:24 - 001281536 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\werconcpl.dll
2019-12-02 16:48 - 2019-09-09 21:24 - 000086016 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wercplsupport.dll
2009-07-13 18:46 - 2009-07-13 20:41 - 000428032 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wevtapi.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 001646080 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wevtsvc.dll
2018-09-11 16:37 - 2018-08-10 10:55 - 000022528 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wfapigp.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000583168 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wiaservc.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000014848 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wiatrace.dll
2009-07-13 18:53 - 2009-07-13 20:41 - 000078848 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\winbio.dll
2009-07-13 18:30 - 2009-07-13 20:41 - 000016384 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WINBRAND.dll
2018-09-11 16:37 - 2018-08-29 20:10 - 001424896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WindowsCodecs.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000245248 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WindowsCodecsExt.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000444928 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\WINHTTP.dll
2020-03-22 23:00 - 2019-12-16 19:04 - 004859392 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WININET.dll
2009-07-13 19:18 - 2009-07-13 20:41 - 000217600 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WINMM.dll
2017-09-22 07:56 - 2017-08-11 01:35 - 000025600 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\WINNSI.DLL
2009-07-13 18:53 - 2009-07-13 20:41 - 000028672 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\winrnr.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000501248 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WinSATAPI.dll
2018-04-10 13:51 - 2018-02-21 22:28 - 000217600 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\WinSCard.dll
2019-03-17 09:09 - 2019-02-16 01:02 - 000443904 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\winspool.drv
2020-03-22 23:00 - 2020-01-02 22:33 - 000215552 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\winsrv.DLL
2016-04-01 08:14 - 2014-07-16 21:07 - 000235520 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WINSTA.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000229376 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WINTRUST.dll
2009-07-13 19:06 - 2009-07-13 20:41 - 000020480 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WINUSB.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000071680 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wkscli.dll
2018-07-11 21:24 - 2018-04-25 11:02 - 000124416 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wkssvc.dll
2019-07-23 10:14 - 2019-06-28 00:24 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wlanapi.dll
2019-07-23 10:14 - 2019-06-28 00:24 - 000118784 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wlanhlp.dll
2019-07-23 10:14 - 2019-06-28 00:24 - 000414208 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\WLANMSM.DLL
2019-07-23 10:14 - 2019-06-28 00:24 - 000448512 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\WLANSEC.dll
2019-07-23 10:14 - 2019-06-28 00:24 - 000887808 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wlansvc.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000414208 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wlanui.dll
2009-07-13 19:07 - 2009-07-13 20:41 - 000010752 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wlanutil.dll
2017-09-22 07:56 - 2017-08-11 01:35 - 000313856 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WLDAP32.dll
2009-07-13 19:07 - 2009-07-13 20:41 - 000108544 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wlgpclnt.dll
2009-07-13 18:52 - 2009-07-13 20:41 - 000010752 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wls0wndh.dll
2016-04-01 08:30 - 2012-03-01 01:28 - 000005120 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WMI.DLL
2009-07-13 18:52 - 2009-07-13 20:41 - 000014848 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WMsgAPI.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000243712 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\wow64.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000013312 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\wow64cpu.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000361984 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\wow64win.dll
2016-04-03 13:58 - 2015-01-28 22:19 - 002543104 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wpdshext.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000115200 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wpdshserviceobj.dll
2017-02-15 00:07 - 2016-05-11 12:02 - 000296448 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WS2_32.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000063488 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\WSCAPI.dll
2009-07-13 18:48 - 2009-07-13 20:41 - 000146432 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wscinterop.dll
2009-07-13 18:48 - 2009-07-13 20:38 - 001162240 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wscui.cpl
2010-11-20 22:24 - 2010-11-20 22:24 - 000577536 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\wsdapi.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000026112 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WSDCHNGR.DLL
2009-07-13 19:39 - 2009-07-13 20:41 - 000224768 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\WSDMon.dll
2009-07-13 19:39 - 2009-07-13 20:41 - 000069632 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\WSDPrintProxy.dll
2009-07-13 19:35 - 2009-07-13 20:41 - 000067072 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WSDScanProxy.dll
2009-07-13 19:35 - 2009-07-13 20:41 - 000262144 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WSDScDrv.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wshbth.dll
2009-07-13 18:21 - 2009-07-13 20:41 - 000013824 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wship6.dll
2009-07-13 18:21 - 2009-07-13 20:41 - 000013312 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wshtcpip.dll
2018-04-10 13:51 - 2018-03-06 13:07 - 000067072 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wsnmp32.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000018432 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WSOCK32.dll
2009-07-13 19:17 - 2009-07-13 20:41 - 000054272 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WTSAPI32.dll
2016-04-03 14:09 - 2012-07-25 22:08 - 000194048 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\WUDFPlatform.dll
2016-04-03 14:09 - 2012-07-25 22:08 - 000084992 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wudfsvc.dll
2016-04-03 14:09 - 2012-07-25 22:08 - 000744448 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\WUDFx.dll
2009-07-13 19:12 - 2009-07-13 20:41 - 000368640 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wwanapi.dll
2009-07-13 19:12 - 2009-07-13 20:41 - 000036352 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wwapi.dll
2019-08-14 19:54 - 2019-07-13 03:32 - 000198656 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\XmlLite.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000059392 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\XOLEHLP.dll
2018-07-11 21:24 - 2018-06-08 11:21 - 000369664 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\zipfldr.dll
2020-03-22 23:00 - 2020-01-02 22:37 - 000644096 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\ADVAPI32.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000010752 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003584 ____H (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000002560 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000005632 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003072 ____H (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000009728 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000004096 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003072 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
2009-07-13 19:14 - 2009-07-13 20:14 - 000070144 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\ATL.DLL
2020-03-22 23:00 - 2020-01-02 22:38 - 000082944 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\bcrypt.dll
2016-04-01 08:11 - 2011-05-24 05:39 - 000145920 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\CFGMGR32.dll
2009-07-13 18:44 - 2009-07-13 20:15 - 000522240 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\CLBCatQ.DLL
2010-11-20 22:23 - 2010-11-20 22:23 - 000485888 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\comdlg32.dll
2020-03-22 22:59 - 2019-12-10 03:38 - 001177088 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\CRYPT32.dll
2020-03-22 23:00 - 2020-01-02 22:02 - 000036352 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\CRYPTBASE.dll
2020-03-22 23:00 - 2019-11-14 21:29 - 000010240 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\DCIMAN32.dll
2009-07-13 18:27 - 2009-07-13 20:15 - 000531968 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\DDRAW.dll
2009-07-13 18:28 - 2009-07-13 20:15 - 000030208 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\ddrawex.dll
2016-04-01 08:11 - 2011-05-24 05:40 - 000064512 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\DEVOBJ.dll
2019-08-14 19:54 - 2019-07-13 03:33 - 000043520 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\dhcpcsvc6.DLL
2009-07-13 18:22 - 2009-07-13 20:15 - 000041984 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\fdPnp.dll
2009-07-13 18:22 - 2009-07-13 20:15 - 000167424 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\FunDisc.dll
2020-03-22 23:00 - 2019-11-27 22:29 - 000313344 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\GDI32.dll
2020-03-22 23:00 - 2019-12-16 18:56 - 013838336 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\ieframe.dll
2020-03-22 23:00 - 2019-12-16 19:33 - 002304000 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\iertutil.dll
2016-04-01 08:09 - 2013-10-18 20:36 - 000159232 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\imagehlp.dll
2020-03-22 23:00 - 2019-12-16 19:03 - 004112384 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\jscript9.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 001114112 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\kernel32.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 000275968 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\KERNELBASE.dll
2020-03-22 23:00 - 2019-11-14 21:29 - 000025600 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\LPK.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000034304 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\MSASN1.dll
2019-09-11 09:31 - 2019-08-28 21:52 - 000836608 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\MSCTF.dll
2009-07-13 18:12 - 2009-07-13 20:15 - 000305152 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\msdelta.dll
2020-03-22 23:00 - 2019-12-16 19:52 - 020290048 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\mshtml.dll
2019-12-02 16:48 - 2019-11-05 16:25 - 002368000 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\msi.dll
2016-04-01 08:11 - 2011-12-16 02:52 - 000690688 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\msvcrt.dll
2009-07-13 18:15 - 2009-07-13 20:09 - 000002048 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\normaliz.DLL
2017-09-22 07:56 - 2017-08-11 01:19 - 000008704 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\NSI.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000573440 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\odbc32.dll
2009-07-13 19:11 - 2009-07-13 20:09 - 000229376 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\odbcint.dll
2020-03-22 23:00 - 2019-11-14 21:29 - 001425920 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\ole32.dll
2020-03-22 23:00 - 2019-11-14 21:29 - 000583680 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\OLEAUT32.dll
2009-07-13 18:16 - 2009-07-13 20:16 - 000145408 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\powrprof.dll
2009-07-13 18:12 - 2009-07-13 20:16 - 000031744 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\profapi.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000988160 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\propsys.dll
2009-07-13 18:15 - 2009-07-13 20:16 - 000006144 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\PSAPI.DLL
2020-03-22 23:00 - 2020-01-02 22:38 - 000666112 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\RPCRT4.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 000254464 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\schannel.dll
2019-02-03 10:56 - 2018-10-26 22:27 - 000173568 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\scrobj.dll
2016-04-03 14:00 - 2015-05-25 13:01 - 000092160 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\sechost.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 001667584 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\SETUPAPI.dll
2009-07-13 18:15 - 2009-07-13 20:10 - 000002560 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\sfc.dll
2019-06-16 16:42 - 2019-05-24 18:59 - 012880384 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\SHELL32.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000350208 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\SHLWAPI.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 000096768 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\SspiCli.dll
2016-04-03 13:58 - 2016-02-05 12:33 - 000015360 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\tbs.dll
2020-03-22 23:00 - 2019-12-16 18:39 - 001331712 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\urlmon.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 000834048 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\USER32.dll
2019-12-02 16:48 - 2019-11-05 16:25 - 000083968 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\USERENV.dll
2019-12-02 16:48 - 2019-11-05 16:25 - 000628224 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\USP10.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 000172032 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\wdigest.dll
2017-02-15 00:05 - 2016-03-09 13:40 - 000316416 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\webio.dll
2018-01-05 10:02 - 2017-12-31 21:00 - 000351744 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\WINHTTP.dll
2020-03-22 23:00 - 2019-12-16 18:43 - 004387840 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\Wininet.dll
2020-03-22 22:59 - 2019-12-10 03:38 - 000179712 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\WINTRUST.dll
2019-07-23 10:14 - 2019-06-28 00:23 - 000080896 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\wlanapi.dll
2017-09-22 07:56 - 2017-08-11 01:19 - 000271360 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\WLDAP32.dll
2017-02-15 00:07 - 2016-05-11 10:19 - 000206336 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\WS2_32.dll
2016-04-01 08:11 - 2015-04-24 13:17 - 000633856 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\Comctl32.dll
2019-07-23 10:14 - 2019-06-04 13:57 - 002031616 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845\comctl32.dll
2020-03-22 23:00 - 2019-12-10 03:32 - 002180096 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_1459e0f08b91b367\gdiplus.dll
2016-10-21 13:13 - 2016-10-21 13:13 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL
2016-04-01 08:11 - 2015-04-24 12:56 - 000530432 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32.dll
2019-07-23 10:14 - 2019-06-04 14:07 - 001681920 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
2020-03-22 23:00 - 2019-12-10 03:38 - 001636864 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
2019-02-03 10:55 - 2018-08-13 16:49 - 001391856 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] c:\windows\system32\diagtrack.dll
2017-08-10 15:41 - 2017-08-10 15:41 - 000476672 _____ (Paragon Software) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\lsl_client.dll
2018-09-20 23:50 - 2012-11-06 13:31 - 000623616 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlLib.dll
2018-09-20 23:50 - 2012-09-13 08:25 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\IpLib.dll
2018-09-20 23:50 - 2012-05-07 13:23 - 000040960 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlICS.dll
2018-09-20 23:50 - 2012-10-12 09:25 - 000266240 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlIhvOid.dll
2018-09-20 23:50 - 2012-06-22 15:01 - 000044544 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlQRCode.dll
2015-09-25 16:34 - 2015-09-28 13:08 - 000255488 _____ (Sysprogs OU) [File not signed] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll
2017-06-01 10:40 - 2017-06-01 10:40 - 001209856 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\LIBEAY32.dll
2018-09-20 23:50 - 2009-07-23 16:32 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\LIBEAY32.dll
2016-06-10 09:30 - 2016-06-10 09:30 - 000990208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\platforms\qwindows.dll
2017-03-01 17:45 - 2017-03-01 17:45 - 004626432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Qt5Core.dll
2016-06-10 09:20 - 2016-06-10 09:20 - 004854784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Qt5Gui.dll
2016-06-10 09:26 - 2016-06-10 09:26 - 004439552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Qt5Widgets.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-2335114495-2311945624-3795076225-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000 -> {4775DB66-41FA-4B0B-ABC3-8AAB10549BE2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2335114495-2311945624-3795076225-501 -> {4775DB66-41FA-4B0B-ABC3-8AAB10549BE2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2019-06-20] (IObit Information Technology -> IObit)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {81F70B76-B644-491E-99DF-A9CE1F989EEF} hxxp://71.204.118.161:8080/SetupWebviewer.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2018-02-10] (Microsoft Corporation) [File not signed]
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2018-02-10] (Microsoft Corporation) [File not signed]
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll [2018-12-04] (Microsoft Corporation) [File not signed]
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\SysWOW64\itss.dll [2018-12-04] (Microsoft Corporation) [File not signed]
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\system32\inetcomm.dll [2018-05-11] (Microsoft Corporation) [File not signed]
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\SysWOW64\inetcomm.dll [2018-05-10] (Microsoft Corporation) [File not signed]
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll [2018-12-04] (Microsoft Corporation) [File not signed]
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\SysWOW64\itss.dll [2018-12-04] (Microsoft Corporation) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2018-02-10] (Microsoft Corporation) [File not signed]
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2018-02-10] (Microsoft Corporation) [File not signed]
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

IE trusted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

2016-04-20 16:09 - 2016-04-20 16:11 - 000000442 _____ C:\windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%systemroot%\System32\WindowsPowerShell\v1.0\;%systemroot%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPTᬷ媜盰Ѽ;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Adande\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2335114495-2311945624-3795076225-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\WEPSStaff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2335114495-2311945624-3795076225-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\KRK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2335114495-2311945624-3795076225-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6AED12FB-00C0-48CF-8243-7FC7B3C4BB1A}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{44EBD092-2FA8-4149-B1A3-55B1B455318A}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{F625268F-C5EE-4218-95D7-C23FACE64BFD}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{C45FF3B3-DB20-4D66-A61A-0084E7BE0184}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{DDAAADA7-A91B-4BA4-80AD-AAA0F44F33EF}] => (Allow) LPort=1542
FirewallRules: [{FAA8E2AF-8443-4AFD-A62D-E3A2D3E76325}] => (Allow) LPort=1542
FirewallRules: [{E2439DC0-4AAB-41F7-8AE1-B42B78BE7193}] => (Allow) LPort=53
FirewallRules: [{DC9889D1-18DD-47DC-A785-963BE0ABA347}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (Connectify (Connectify, Inc.) -> )
FirewallRules: [{2388CADD-C497-49A5-89C3-332661DDE377}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (Connectify (Connectify, Inc.) -> )
FirewallRules: [{6310CFAB-F200-4119-9098-AA86A60075EB}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (Connectify (Connectify, Inc.) -> )
FirewallRules: [{5505BFF7-FDA1-4992-B590-C4B9EB85306A}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (Connectify (Connectify, Inc.) -> )
FirewallRules: [{CD679F47-2546-4B18-A587-8A2221B49D29}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (Connectify (Connectify, Inc.) -> )
FirewallRules: [{7500F008-9040-4265-9CA8-F963FE72CD59}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe => No File
FirewallRules: [{CF05AFF8-EC77-489F-BFE1-22DEB1C4270B}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe => No File
FirewallRules: [{2B917B3B-0276-4560-93B6-BA0E810DD074}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{3D48D9F1-2CA5-4251-A1BC-5422AD8D8FD9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{F54FEC62-AB10-4D1B-AAAC-0AACBE07411F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{D97A9913-3245-44E1-A463-A71F974C5347}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{02D97A38-8239-4D4F-B68C-3289AD4300CB}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{7DD781BF-807E-4A64-9AD5-0B6650EB4A5C}] => (Allow) LPort=1542
FirewallRules: [{77D0BA03-098C-44D3-9706-B4D0D2ED66CF}] => (Allow) LPort=67
FirewallRules: [{AE91DD15-1C73-4645-80CD-53D708487616}] => (Allow) LPort=68
FirewallRules: [{8121C1D0-F8B2-437D-B87E-A0CF5DD06C52}] => (Allow) LPort=53
FirewallRules: [{908167E2-FB09-44CB-BB31-750E2374912E}] => (Allow) LPort=53
FirewallRules: [{50A55011-8E19-4478-AF67-12AB801843E8}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\Rtldhcp.exe (Realtek) [File not signed]
FirewallRules: [{6011E67C-AEFC-4DF8-A6A9-250F7EE86F19}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{A1F252D5-6EBB-48C5-9420-C5709EA7CF06}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{9A4B9349-7664-4E14-87F1-245857C89A4C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{033CC557-B388-4A3B-8376-5FEFBA576FA5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{112ED9B1-DA86-406C-AA25-A6F6E5FE4E10}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{70A8F0A9-601B-4E66-9A0C-45357837A9D7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{6210ABC7-971C-46B7-BADD-DB645FE72647}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{55D59022-527D-4517-92B0-768FEDCBD818}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{3145746C-B726-4E70-9157-65A3974F4BA7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{F1857613-C99F-4810-98AD-99E0AA36D603}] => (Allow) LPort=5357
FirewallRules: [{12C9696F-EB4C-43B2-8D60-CA5632E17C6B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{7BD1888A-B056-4BB8-B103-AAA7BEBCCDE3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{9086ADA5-DAAB-4710-9D6D-DC59F6F1F771}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{8B7BB813-9763-4BCA-A1A8-4ADAC70187E5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{4E336E3F-6842-4098-8CB0-4EF887AEC5F4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{8E6BD951-7DA6-43FC-B93D-24EF36B79C15}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{DBFCF58C-7B70-4186-B284-0EA8F985CD21}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{A45FE9B4-A858-44AB-85D6-9BD00C350384}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe (Nero AG -> )
FirewallRules: [TCP Query User{D1FDF0E3-2E3F-45B3-96C7-69B1A61FC902}C:\program files\second copy\seccopy.exe] => (Block) C:\program files\second copy\seccopy.exe (Centered Systems LLP -> Centered Systems)
FirewallRules: [UDP Query User{0AB878AE-9A6A-4AB6-9E40-49BA8F2569B3}C:\program files\second copy\seccopy.exe] => (Block) C:\program files\second copy\seccopy.exe (Centered Systems LLP -> Centered Systems)

==================== Restore Points =========================

29-01-2021 16:49:23 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/15/2021 06:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/15/2021 06:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/15/2021 06:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/15/2021 06:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/15/2021 06:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/15/2021 06:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/15/2021 06:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

Error: (02/15/2021 06:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.


System errors:
=============
Error: (02/15/2021 05:59:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%-1906441657

Error: (02/15/2021 05:58:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 5 time(s).

Error: (02/15/2021 05:58:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (02/15/2021 05:57:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).

Error: (02/15/2021 05:57:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (02/15/2021 05:57:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/15/2021 05:57:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.

Error: (02/15/2021 05:57:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Windows Defender:
================
Date: 2018-07-19 04:19:26.798
Description:
Windows Defender scan has encountered an error and terminated.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.

Date: 2018-07-11 22:26:53.007
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:1.271.751.0
Previous Signature Version:1.269.1075.0
Update Source:User
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Error code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2018-07-11 22:26:52.991
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:1.1.15000.2
Previous Engine Version:1.1.14901.4
Update Source:User
Error Code:0x80070666
Error description:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

==================== Memory info ===========================

BIOS: Dell Inc. A15 02/02/2018
Motherboard: Dell Inc. 0V7MX2
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 23%
Total physical RAM: 12198.38 MB
Available physical RAM: 9381.04 MB
Total Virtual: 24394.91 MB
Available Virtual: 21119.41 MB

==================== Drives ================================

Drive c: (Store7) (Fixed) (Total:200.2 GB) (Free:84.6 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Store10H) (Fixed) (Total:54.06 GB) (Free:29.12 GB) NTFS
Drive e: (PSE 11) (CDROM) (Total:2.7 GB) (Free:0 GB) CDFS
Drive f: (Win10Pro) (Fixed) (Total:200.2 GB) (Free:105.41 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Store8) (Fixed) (Total:200.2 GB) (Free:32.99 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Storage) (Fixed) (Total:2921.71 GB) (Free:780.8 GB) NTFS

\\?\Volume{b84f986e-1684-4eac-8f21-37ed96841842}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 3577 GB) (Disk ID: 493EEDCB)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0

Advertisements

#2
RKinner
Posted 17 February 2021 - 06:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP

Doesn't really look like an infection.

 

I think your problem is:

 

Error: (02/15/2021 06:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.

 

 

This means Windows can't verify file signatures.  As an example if you look in the logs you will see:

 

HKLM\...\Winlogon: [Shell] C:\windows\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Winlogon: [Shell] C:\Windows\SysWOW64\explorer.exe [2972672 2016-08-29] (Microsoft Corporation) [File not signed]

 

 

but later in the logs

C:\windows\explorer.exe => MD5 is legit
C:\windows\SysWOW64\explorer.exe => MD5 is legit

 

So the files have not been tampered with but Windows is unable to verify them.  This verification is done by the Cryptographic Services service looking at the Catalog Database.  The database is probably corrupt.  You may have had a disk sector fail or other hard drive malfunction. 

 

The fix is to repair or rebuild the database.  This is done via the procedures shown here:

 

https://social.techn...-integrity.aspx

 

Note if you decide to rebuild the database a smarter method would be:

 


net stop cryptsvc

ren %systemroot%\system32\catroot2 catroot2.old

net start cryptsvc

This is a quicker method since it does not require you to delete files (which they do not explain how to do)
Do a new FRST scan when done so we can see if it helped.

FYI: To open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

 

Also let's get a Speccy log so we can see if the hard drive is healthy:

 

 

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.




 


  • 0

#3
mrsawyer
Posted 20 February 2021 - 08:02 AM

mrsawyer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello, thanks for the info. I temporarily lost access to my Win7 partition, so could not perform the catalog rebuild until an hour ago. I am still getting detections with SuperAntiSpyware, that say: "Trojan.Agent/Gen-injector.Process-2, then references C:\windows\system32\svchost.exe. Then I get a message that I'm about to be logged off. It goes on to say that Windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly. Hope all this helps get to the bottom of this issue!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-02-2021 01
Ran by Adande (administrator) on 5558I7WIN7810PR (Dell Inc. Inspiron 5558) (20-02-2021 08:29:32)
Running from C:\Users\Adande\Desktop
Loaded Profiles: Adande
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" "%1"
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com) C:\Program Files\Ext2Fsd\Ext2Srv.exe
(Centered Systems LLP -> Centered Systems) C:\Program Files\Second Copy\ScVssService64.exe
(Centered Systems LLP -> Centered Systems) C:\Program Files\Second Copy\SecCopy.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Wireless Connectivity Solutions -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Wireless Connectivity Solutions -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel® Wireless Connectivity Solutions -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\Pub\PubMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(June Fabrics Technology Inc. -> ) C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Windows\explorer.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\audiodg.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\conhost.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\csrss.exe <2>
(Microsoft Corporation) [File not signed] C:\Windows\System32\dllhost.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\dwm.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\lsass.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\lsm.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\msdtc.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\msiexec.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\services.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\smss.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\spoolsv.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\sppsvc.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\svchost.exe <17>
(Microsoft Corporation) [File not signed] C:\Windows\System32\taskeng.exe <3>
(Microsoft Corporation) [File not signed] C:\Windows\System32\taskhost.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\wbem\WmiApSrv.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\wbem\WmiPrvSE.exe <3>
(Microsoft Corporation) [File not signed] C:\Windows\System32\wininit.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\winlogon.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\wlanext.exe
(Microsoft Corporation) [File not signed] C:\Windows\System32\WUDFHost.exe <2>
(Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\wbem\WmiPrvSE.exe <2>
(Nero AG -> ) C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Old McDonald's Farm) [File not signed] C:\Program Files (x86)\Autorun Eater\billy.exe
(Old McDonald's Farm) [File not signed] C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
(Paragon Software GmbH -> ) C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
(Paragon Software GmbH -> Paragon Software) C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Paragon HFS for Windows.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1402\DSAPI.exe
(Piriform Ltd -> Piriform Ltd) C:\Users\Adande\Desktop\Speccy.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8712960 2015-10-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [936056 2016-03-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies LTD)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [714160 2015-09-21] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871464 2015-01-14] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Autorun Eater] => C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe [522720 2012-02-17] (Old McDonald's Farm) [File not signed]
HKLM-x32\...\Run: [HFS Activator] => C:\Program Files (x86)\Paragon Software\HFS+ for Windows  10.5\activation\hfsactivator.exe [245456 2015-06-22] (Paragon Software GmbH -> )
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [146800 2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM\...\Winlogon: [Shell] C:\windows\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) [File not signed]
HKLM-x32\...\Winlogon: [Shell] C:\Windows\SysWOW64\explorer.exe [2972672 2016-08-29] (Microsoft Corporation) [File not signed]
HKU\S-1-5-19\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) [File not signed]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) [File not signed]
HKU\S-1-5-20\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) [File not signed]
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) [File not signed]
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\Run: [Second Copy] => C:\Program Files\Second Copy\SecCopy.exe [27902120 2017-03-23] (Centered Systems LLP -> Centered Systems)
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: I - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: J - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: {25dc3282-cbea-11e6-aab9-b46d83f96d2e} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: {75b21e1d-241f-11e6-b93f-b46d83f96d2e} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: {82f66e00-0874-11e6-82e6-b46d83f96d2a} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: {88bb6258-fc12-11e5-9827-34e6ad92e59a} - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\MountPoints2: {8cd3df3f-163b-11e7-93f4-b46d83f96d2e} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\Run: [EasyTether] => C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [73728 2015-11-22] (Polyclef Software -> Mobile Stream)
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: I - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {25dc3282-cbea-11e6-aab9-b46d83f96d2e} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {75b21e1d-241f-11e6-b93f-b46d83f96d2e} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {82f66cf6-0874-11e6-82e6-b46d83f96d2a} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {82f66e00-0874-11e6-82e6-b46d83f96d2a} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {88bb6258-fc12-11e5-9827-34e6ad92e59a} - L:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\MountPoints2: {8cd3df3f-163b-11e7-93f4-b46d83f96d2e} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
HKLM\...\Providers\Internet Print Provider: C:\windows\system32\inetpp.dll [166400 2017-08-11] (Microsoft Corporation) [File not signed]
HKLM\...\Providers\LanMan Print Services: C:\windows\system32\win32spl.dll [757248 2017-08-11] (Microsoft Corporation) [File not signed] [File is in use]
HKLM\...\Windows x64\Print Processors\BJ Print Processor3: C:\Windows\System32\spool\prtprocs\x64\CNBPP3.DLL [83968 2009-07-13] (CANON INC.) [File not signed]
HKLM\...\Windows x64\Print Processors\hpcpp175: C:\Windows\System32\spool\prtprocs\x64\hpcpp175.dll [617712 2014-11-20] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\HPM1210PrintProc: C:\Windows\System32\spool\prtprocs\x64\HPM1210PP.dll [74240 2012-09-29] () [File not signed]
HKLM\...\Windows x64\Print Processors\winprint: C:\Windows\System32\spool\prtprocs\x64\winprint.dll [38912 2019-02-16] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\windows\system32\AdobePDF.dll [51032 2008-04-07] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\BJ Language Monitor: C:\windows\system32\CNBJMON.DLL [504320 2009-06-22] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\BJ Language Monitor2: C:\windows\system32\CNBJMON2.DLL [690176 2009-06-22] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\BJ Language Monitor3_2: C:\windows\system32\CNBLM3_2.DLL [211456 2009-07-13] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\windows\system32\hpinksts7112LM.dll [328704 2013-08-10] (Hewlett-Packard Co.) [File not signed]
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\windows\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8610): C:\windows\system32\HPDiscoPM7112.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\windows\system32\HPMPW081.DLL [73968 2014-11-20] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Print\Monitors\HPM1210LM: C:\windows\system32\HPM1210LM.DLL [409088 2012-09-29] () [File not signed]
HKLM\...\Print\Monitors\HPMLM135: C:\windows\system32\hpmlm135.dll [237296 2014-11-20] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\Local Port: C:\windows\system32\localspl.dll [972288 2019-02-16] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\Microsoft Shared Fax Monitor: C:\windows\system32\FXSMON.DLL [41984 2010-11-20] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\Standard TCP/IP Port: C:\windows\system32\tcpmon.dll [195072 2009-07-13] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\USB Monitor: C:\windows\system32\usbmon.dll [45056 2009-07-13] (Microsoft Corporation) [File not signed]
HKLM\...\Print\Monitors\WSD Port: C:\windows\system32\WSDMon.dll [224768 2009-07-13] (Microsoft Corporation) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe [2018-01-09] (Google Inc -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{AAB894E0-0BE2-4C07-8D86-60FE6E869D62}] -> C:\windows\System32\AntiTheftCredentialProvider.dll [2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{2C7A9643-2876-4A11-9A55-183EC9322074}] -> C:\windows\System32\AntiTheftCredentialProvider.dll [2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
Startup: C:\Users\Adande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2017-04-15]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (June Fabrics Technology Inc. -> )
Startup: C:\Users\Adande\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com [2016-08-25] (Bleeping Computer, LLC. -> Bleeping Computer, LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {16943648-7383-4E3D-8FC0-3E421B568329} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {16E9E41E-495E-4592-AE64-ACA51F689C08} - System32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization => {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} C:\windows\System32\cscui.dll [498688 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {1C027909-8432-4D11-83A1-B1222B124652} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - System32\Tasks\Microsoft\Windows\Task Manager\Interactive => {855fec53-d2e4-4999-9e87-3414e9cf0ff4} C:\windows\system32\wdc.dll [1363456 2017-06-12] (Microsoft Corporation) [File not signed]
Task: {1FF89668-D38B-4E14-B710-D17D77D59DF6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {2470470F-2634-478E-B181-571E98A789BB} - System32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService => {2DEA658F-54C1-4227-AF9B-260AB5FC3543} C:\windows\System32\PlaySndSrv.dll [84992 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {24C4139D-D80B-4EA7-907E-1AC4B3682B2A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {261E80F8-28B9-4A9F-8BBB-80ED8A693E57} - System32\Tasks\HFS+ Activator => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Paragon HFS for Windows.exe [4073152 2017-10-11] (Paragon Software GmbH -> Paragon Software)
Task: {28011108-68DF-4C73-B91B-57427D501BBA} - System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) => {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} C:\windows\system32\msdrm.dll [528384 2013-12-03] (Microsoft Corporation) [File not signed]
Task: {283FD44C-FFCE-4567-96B7-5AFBE44A54DC} - System32\Tasks\BundleApplicationRepairToolLauncherTask => C:\Users\Adande\AppData\Roaming\PCDr\Repair\BundleApplicationRepairTool.exe
Task: {2B3AE1F6-DC46-49CD-A5E8-B2BFB6FE3B81} - System32\Tasks\Microsoft\Windows\Wininet\CacheTask => {0358b920-0ac7-461f-98f4-58e32cd89148} C:\windows\system32\wininet.dll [4859392 2019-12-16] (Microsoft Corporation) [File not signed]
Task: {2D759C27-F7BC-487C-876B-6174D4B9AE4E} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\windows\System32\sdclt.exe [1264640 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {36147DD7-9DB8-425A-A1A6-A396D6689A95} - System32\Tasks\{0D02EB08-5B4D-44FE-BD05-1A7A62F70460} => C:\windows\system32\pcalua.exe -a "F:\Downloads\Oracle Virtual Box 5.2\VirtualBox-5.2.6-120293-Win.exe" -d "F:\Downloads\Oracle Virtual Box 5.2"
Task: {36D75840-4970-42BC-B3FB-0F6347CD180E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\windows\ehome\MCUpdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {377B3796-3A3B-449F-8DAF-D5D6EED207D6} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {39A045F3-21A2-48A4-A282-AEE8C5604E61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6667992 2016-03-11] (Piriform Ltd -> Piriform Ltd)
Task: {3C8BE053-46D0-4822-9040-E55D3620981E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {43526EF9-D201-4DD4-A4B1-12B5ED5C67F7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {4613BD06-41A5-4C9E-A77A-998F5F8E8379} - System32\Tasks\AdobeGCInvoker-1.0-5558I7WIN7810PR-KRK => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {461F33B5-652E-4EBB-B3BC-FA3BA5CC7F2D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip => {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} C:\windows\System32\usbceip.dll [27648 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB} C:\Windows\System32\wpcmig.dll [17408 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {4A9B1A21-523F-4498-A988-119320B296CC} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E} C:\windows\System32\HotStartUserAgent.dll [27136 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - System32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor => {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} C:\windows\system32\MsCtfMonitor.dll [28160 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {4E29A40C-9247-4C64-9D4C-01BD9C3BCAD2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {517A068B-8754-4314-8FB2-D828AA1B672E} - System32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization => {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} C:\windows\System32\cscui.dll [498688 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {563CEE8D-BAF9-4021-8875-389AF7127267} - System32\Tasks\AdobeGCInvoker-1.0-I7WIN7810-Adande => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} C:\Windows\System32\wpcumi.dll [188416 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\windows\system32\defrag.exe [183296 2009-07-13] (Microsoft Corp.) [File not signed]
Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask => {58fb76b9-ac85-4e55-ac04-427593b1d060} C:\windows\system32\dimsjob.dll [40448 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) => {CF2CF428-325B-48D3-8CA8-7633E36E5A32} C:\windows\system32\msdrm.dll [528384 2013-12-03] (Microsoft Corporation) [File not signed]
Task: {70B356DF-1823-492B-9F53-AE5210A0DB5D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61} C:\windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {7281130C-08C7-4A78-82E4-5EC8B0E9393D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\windows\system32\appidcertstorecheck.exe [17920 2020-01-02] (Microsoft Corporation) [File not signed]
Task: {73D09CCD-39D1-4611-914F-3CA45CE83816} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [70656 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {7834390A-6033-404F-A7FB-972FDF58FDD7} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\windows\system32\EOSNotify.exe [492032 2019-12-30] (Microsoft Corporation) [File not signed]
Task: {78EE6B4C-0DB3-4958-8F2E-2371CE094173} - System32\Tasks\Uninstaller_SkipUac_Adande => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5900560 2019-09-10] (IObit Information Technology -> IObit)
Task: {7AE143CE-0CE5-4B27-8B23-BD0940B1A616} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask => {58fb76b9-ac85-4e55-ac04-427593b1d060} C:\windows\system32\dimsjob.dll [40448 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {7BC2A264-7B37-4619-9FE2-7107DF3B98C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-11-26] (Google Inc -> Google Inc.)
Task: {7D16F0D1-26CB-44C0-B256-FDB424383763} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => C:\windows\system32\schtasks.exe [285696 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {7D9ECAE4-2D8F-478D-8254-E4912E17A9C5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {833601B9-34B9-4730-BD6E-97DCE2E3A379} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158768 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {85FEC87B-B8CB-46FA-891E-ADFE98F7F738} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {8A7FD0C3-7A42-4B49-922B-8CA0F3EFF832} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\windows\ehome\ehrec.exe [76800 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {8F63F103-90E0-4001-AC14-3ECBAF9F46A7} - System32\Tasks\HFS+ Updater => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Updater.exe [322240 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
Task: {8FC9A240-D867-4A23-80AB-D47730EA2730} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\windows\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {90D97FE2-EE47-4409-A40B-F1A2944E17B8} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2047744 2017-12-15] (Corel Corporation -> WinZip) [File not signed]
Task: {914F02E2-BF65-44AC-A2DE-B68F5F990DE8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {922B8F09-7E6F-4254-A1A1-4C7AC72866DD} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3f4e4479-b269-4770-9631-48221f82eceb => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2013-11-07] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:3f4e4479-b269-4770-9631-48221f82eceb
Task: {93AD7DB2-DBFD-4CFC-9FAF-1C43E36BF5A2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2016-11-26] (Google Inc -> Google Inc.)
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - System32\Tasks\Microsoft\Windows\WDI\ResolutionHost => {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} C:\windows\System32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
Task: {9725A533-3837-4347-BD19-5CBB04867436} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [190976 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam => {58fb76b9-ac85-4e55-ac04-427593b1d060} C:\windows\system32\dimsjob.dll [40448 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {9CDC236A-625B-4B72-ACE0-EBD6891A0B14} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1} C:\windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {A0F28EFB-F553-42BA-83B7-4459D8413C09} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader => {B210D694-C8DF-490d-9576-9E20CDBC20BD} C:\windows\System32\mscms.dll [623104 2019-11-14] (Microsoft Corporation) [File not signed]
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\windows\system32\appidpolicyconverter.exe [148480 2020-01-02] (Microsoft Corporation) [File not signed]
Task: {A6259F60-F445-4656-88C2-6428450F846E} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} C:\windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\windows\System32\LocationNotifications.exe [90112 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {A6B0C73B-640E-4EC6-9F0D-E9645073849A} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\windows\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {AA862C79-E235-4ABD-AF42-99B46D2433BD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\windows\system32\aitagent.exe [122880 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - System32\Tasks\Microsoft\Windows\Ras\MobilityManager => {c463a0fc-794f-4fdf-9201-01938ceacafa} C:\windows\system32\rasmbmgr.dll [57344 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371} C:\Windows\System32\perftrack.dll [950272 2015-01-08] (Microsoft Corporation) [File not signed]
Task: {B2DCB069-F513-44CC-B3B2-95798B4CAFE9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158768 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - System32\Tasks\Microsoft\Windows\Diagnosis\Scheduled => {c1f85ef8-bcc2-4606-bb39-70c523715eb3} C:\windows\System32\sdiagschd.dll [51200 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\windows\System32\wsqmcons.exe [293888 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {C16080C3-2A23-4CD0-9042-2E88FCAD5DCC} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} C:\windows\System32\AuxiliaryDisplayServices.dll [135680 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {C28708E0-9314-408F-A3DA-AAA566E89769} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {C6C90AF7-F12B-483F-8E61-B2269400E17B} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [6526328 2016-03-01] (Nero AG -> Nero AG)
Task: {C79CF3EE-4B43-4043-BDD1-34E11F3FE418} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\windows\ehome\mcupdate.exe [198656 2017-12-31] (Microsoft Corporation) [File not signed]
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - System32\Tasks\Microsoft\Windows\Registry\RegIdleBackup => {ca767aa8-9157-4604-b64b-40747123d5f2} C:\windows\System32\regidle.dll [14336 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {CABF5195-3BD0-4233-BA6B-20F9FD52B781} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\windows\system32\RAServer.exe [125952 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => {190BA3F6-0205-4f46-B589-95C6822899D2} C:\windows\System32\memdiag.dll [18432 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\windows\system32\wermgr.exe [50688 2019-09-09] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {D11DC53B-E87D-4DD6-B7A9-638D677FC389} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {D73F3B21-590F-45AB-8655-60DDBE18A310} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify2 => C:\windows\system32\EOSNotify.exe [492032 2019-12-30] (Microsoft Corporation) [File not signed]
Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - System32\Tasks\Microsoft\Windows\Maintenance\WinSAT => {A9A33436-678B-4C9C-A211-7CC38785E79D} C:\windows\system32\WinSATAPI.dll [501248 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {E188D55C-4D78-43AC-826D-10CAB77B6473} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\windows\system32\BthUdTask.exe [36864 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {E6905797-FDC8-40DC-808F-B42BBE00ED0F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\windows\ehome\ehPrivJob.exe [295936 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {E8921115-6C75-4347-8014-4627A70BD050} - System32\Tasks\AdobeGCInvoker-1.0-5558I7WIN7810PR-Adande => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - System32\Tasks\Microsoft\Windows\RAC\RacTask => {42060D27-CA53-41f5-96E4-B1E8169308A6} C:\windows\system32\RacEngn.dll [1556992 2010-11-20] (Microsoft Corporation) [File not signed]
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\windows\system32\lpremove.exe [71168 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {F5EDDA8F-BADE-47D6-8FB8-E65E4C72C617} - System32\Tasks\{6084F7A0-D4CC-4E95-9F05-E35E8A9DE6EF} => C:\windows\system32\pcalua.exe -a "F:\Downloads\oracle virtual box\VirtualBox-5.2.12-122591-Win.exe" -d "F:\Downloads\oracle virtual box"
Task: {F8C8EDFC-6EE8-46C9-AFAC-D37514A27287} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\windows\system32\DFDWiz.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => {190BA3F6-0205-4f46-B589-95C6822899D2} C:\windows\System32\memdiag.dll [18432 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem => C:\windows\System32\powercfg.exe [71168 2009-07-13] (Microsoft Corporation) [File not signed]
Task: {FB7B0A7C-A355-443E-8C0A-ED0017FCB637} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1553880 2020-03-12] (Dell Inc. -> Dell Inc.)
Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask => {e7ed314f-2816-4c26-aeb5-54a34d02404c} C:\windows\System32\kernelceip.dll [18432 2009-07-13] (Microsoft Corporation) [File not signed]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 224aa167-1348-4db0-bc74-e788910b9d05.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8d41b48c-bc42-4202-a572-6fbf6c23457f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task a6f8dfdf-a09d-44d3-b6c4-ea114a1a40a1.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224 2017-12-31] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352 2010-11-20] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9 11 C:\windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 01 C:\Windows\system32\NLAapi.dll [70656 2017-12-31] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 02 C:\Windows\system32\napinsp.dll [68096 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [86016 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 04 C:\Windows\system32\pnrpnsp.dll [86016 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [28672 2009-07-13] (Microsoft Corporation) [File not signed]
Winsock: Catalog5-x64 07 C:\Windows\system32\wshbth.dll [47104 2010-11-20] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) [File not signed]
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{10E61C92-6B18-46CB-9C35-B96B54D97029}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1F33E930-0B70-48B9-98C2-0B9E493C5872}: [DhcpNameServer] 192.168.8.254
Tcpip\..\Interfaces\{1F7965C6-DF54-4AAF-94FD-30BD610C1252}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{801DFF61-73C3-4168-93F0-92FEB962A4FE}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8434CB34-C949-4603-8ED5-27D685306BBE}: [DhcpNameServer] 192.168.8.254
Tcpip\..\Interfaces\{9D6A80E8-652B-4EE5-B7B7-7F4ABF315CDC}: [DhcpNameServer] 192.168.117.1
Tcpip\..\Interfaces\{A2885237-983E-47CE-934B-2B0C2539BA9B}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{C53692F6-49D4-4CD7-8333-3FAFF035D79F}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{D07ECE9C-2EE6-4000-8D49-92FAE019CB0E}: [DhcpNameServer] 192.168.8.254
Tcpip\..\Interfaces\{D71C8C67-7367-4711-8AB3-78D955DD4F11}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{E2E72DC8-1B18-4B36-B736-02A2A6FD9A88}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{F2790E3D-D785-4D68-9714-609799ABDEE4}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{FB4D6990-E3B3-42F0-BA4C-D8A9B38352E4}: [DhcpNameServer] 192.168.42.129
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc -> Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2335114495-2311945624-3795076225-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Adande\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-10-02] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default [2020-11-12]
CHR Notifications: Default -> hxxps://voice.google.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-23]
CHR Extension: (Docs) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-23]
CHR Extension: (Google Drive) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-05]
CHR Extension: (YouTube) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-05]
CHR Extension: (Sheets) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-23]
CHR Extension: (ZoneAlarm Web Secure) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\flljooaijgdgaaogmfhakpojmddcjjmj [2020-07-05]
CHR Extension: (Google Docs Offline) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-07-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-29]
CHR Extension: (Gmail) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-27]
CHR Extension: (Chrome Media Router) - C:\Users\Adande\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-05]
CHR HKLM-x32\...\Chrome\Extension: [flljooaijgdgaaogmfhakpojmddcjjmj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R3 AeLookupSvc; C:\windows\System32\aelupsvc.dll [72192 2015-10-29] (Microsoft Corporation) [File not signed]
S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 ALG; C:\windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe [1879744 2017-10-11] (Paragon Software GmbH -> )
S3 AppIDSvc; C:\windows\System32\appidsvc.dll [34816 2020-01-02] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\windows\System32\appinfo.dll [70144 2019-11-05] (Microsoft Corporation) [File not signed]
S4 AppMgmt; C:\windows\System32\appmgmts.dll [193536 2009-07-13] (Microsoft Corporation) [File not signed]
S4 AppMgmt; C:\windows\SysWOW64\appmgmts.dll [149504 2009-07-13] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\windows\System32\Audiosrv.dll [680960 2019-09-11] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\windows\System32\Audiosrv.dll [680960 2019-09-11] (Microsoft Corporation) [File not signed]
S4 AxInstSV; C:\windows\System32\AxInstSV.dll [114688 2019-11-05] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\windows\System32\bfe.dll [705024 2017-12-31] (Microsoft Corporation) [File not signed]
R2 BITS; C:\windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
R3 bthserv; C:\windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation) [File not signed]
S4 CertPropSvc; C:\windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137448 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
R3 COMSysApp; C:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [9728 2009-07-13] (Microsoft Corporation) [File not signed]
R3 COMSysApp; C:\windows\SysWOW64\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [254520 2017-07-27] (Connectify (Connectify, Inc.) -> Connectify)
R2 CryptSvc; C:\windows\system32\cryptsvc.dll [191488 2019-12-10] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\windows\SysWOW64\cryptsvc.dll [146432 2019-12-10] (Microsoft Corporation) [File not signed]
S4 CscService; C:\windows\System32\cscsvc.dll [695808 2018-06-29] (Microsoft Corporation) [File not signed]
S3 CWUpdaterDaemon; C:\Program Files (x86)\CheckPoint\Parental Controls\bin\cwupdater.exe [9729368 2015-08-13] (ContentWatch -> ContentWatch, Inc.)
R2 DcomLaunch; C:\windows\system32\rpcss.dll [517632 2019-11-14] (Microsoft Corporation) [File not signed]
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [244280 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3339824 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [271416 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
S3 defragsvc; C:\windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1402\DSAPI.exe [965104 2020-03-23] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36032 2020-02-12] (Dell Inc -> )
R2 Dhcp; C:\windows\system32\dhcpcore.dll [318976 2019-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\windows\SysWOW64\dhcpcore.dll [256512 2019-07-13] (Microsoft Corporation) [File not signed]
R2 DiagTrack; C:\windows\system32\diagtrack.dll [1391856 2018-08-13] (Microsoft Windows -> Microsoft Corporation) [File not signed]
R2 Dnscache; C:\windows\System32\dnsrslvr.dll [182272 2018-06-08] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EFS; C:\windows\System32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation) [File not signed] [File is in use]
R2 EventSystem; C:\windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Ext2Srv; C:\Program Files\Ext2Fsd\Ext2Srv.exe [42488 2017-11-02] (Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com)
S3 Fax; C:\windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
S3 FDResPub; C:\windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-04-13] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
R2 FontCache; C:\windows\system32\FntCache.dll [1182208 2019-10-14] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\windows\System32\gpsvc.dll [794624 2016-05-12] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2016-09-20] (Nero AG -> Nero AG)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [506536 2017-05-27] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 IEEtwCollectorService; C:\windows\system32\IEEtwCollector.exe [116224 2019-12-16] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\windows\System32\ikeext.dll [863232 2017-12-31] (Microsoft Corporation) [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [156944 2019-08-23] (IObit Information Technology -> IObit)
R2 IPBusEnum; C:\windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation) [File not signed]
S4 iphlpsvc; C:\windows\System32\iphlpsvc.dll [572416 2019-11-05] (Microsoft Corporation) [File not signed]
S3 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1157752 2016-03-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies LTD)
R3 KeyIso; C:\windows\system32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\windows\system32\srvsvc.dll [236032 2020-01-02] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\windows\System32\wkssvc.dll [124416 2018-04-25] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
S4 Mcx2Svc; C:\windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\windows\system32\mpssvc.dll [828928 2018-08-10] (Microsoft Corporation) [File not signed]
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R3 MSDTC; C:\windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation) [File not signed]
S4 MSiSCSI; C:\windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation) [File not signed]
R2 msiserver; C:\windows\system32\msiexec.exe /V [128512 2019-11-05] (Microsoft Corporation) [File not signed]
R2 msiserver; C:\windows\SysWOW64\msiexec.exe /V [73216 2019-11-05] (Microsoft Corporation) [File not signed]
S4 napagent; C:\windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S4 Netlogon; C:\windows\system32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
R3 Netman; C:\windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\windows\System32\nlasvc.dll [303104 2017-12-31] (Microsoft Corporation) [File not signed]
R2 nsi; C:\windows\system32\nsisvc.dll [26112 2017-08-11] (Microsoft Corporation) [File not signed]
S4 p2pimsvc; C:\windows\system32\pnrpsvc.dll [327168 2019-07-13] (Microsoft Corporation) [File not signed]
S4 p2psvc; C:\windows\system32\p2psvc.dll [439296 2017-12-31] (Microsoft Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PcaSvc; C:\windows\System32\pcasvc.dll [187904 2019-06-12] (Microsoft Corporation) [File not signed]
S4 PeerDistSvc; C:\windows\system32\peerdistsvc.dll [1361408 2017-12-31] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\windows\system32\pla.dll [1389056 2017-03-10] (Microsoft Corporation) [File not signed]
S3 pla; C:\windows\SysWOW64\pla.dll [1508352 2017-03-10] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
S3 PNRPAutoReg; C:\windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S4 PNRPsvc; C:\windows\system32\pnrpsvc.dll [327168 2019-07-13] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\windows\System32\ipsecsvc.dll [502272 2016-05-12] (Microsoft Corporation) [File not signed]
R2 Power; C:\windows\system32\umpo.dll [168448 2019-09-18] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\windows\system32\profsvc.dll [210432 2014-12-18] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\windows\system32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\windows\SysWOW64\qwave.dll [210944 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
R2 RealtekCU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S4 RemoteAccess; C:\windows\System32\mprdim.dll [97792 2017-11-02] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\windows\SysWOW64\mprdim.dll [75264 2017-11-02] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\windows\system32\rpcss.dll [517632 2019-11-14] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\windows\system32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\windows\system32\schedsvc.dll [1110528 2019-06-03] (Microsoft Corporation) [File not signed]
S4 SCPolicySvc; C:\windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ScVssService64; C:\Program Files\Second Copy\ScVssService64.exe [76568 2017-03-23] (Centered Systems LLP -> Centered Systems)
S3 SDRSVC; C:\windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\windows\system32\seclogon.dll [30720 2016-02-09] (Microsoft Corporation) [File not signed]
R2 SENS; C:\windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\windows\System32\shsvcs.dll [371712 2019-12-10] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\windows\SysWOW64\shsvcs.dll [328704 2019-12-10] (Microsoft Corporation) [File not signed]
S4 SNMPTRAP; C:\windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (SONY Corporation -> Sony Corporation)
R2 Spooler; C:\windows\System32\spoolsv.exe [559616 2017-12-31] (Microsoft Corporation) [File not signed]
R2 sppsvc; C:\windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) [File not signed]
R3 SSDPSRV; C:\windows\System32\ssdpsrv.dll [193024 2019-07-13] (Microsoft Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (SONY Corporation -> Sony Corporation)
S3 SstpSvc; C:\windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 stisvc; C:\windows\System32\wiaservc.dll [583168 2019-12-10] (Microsoft Corporation) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38360 2020-03-12] (Dell Inc. -> Dell Inc.)
R3 swprv; C:\windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\windows\system32\sysmain.dll [1741312 2017-12-31] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\windows\System32\TabSvc.dll [92160 2017-12-05] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
R2 TermService; C:\windows\System32\termsrv.dll [688128 2019-03-11] (Microsoft Corporation) [File not signed]
R2 Themes; C:\windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\windows\System32\umrdp.dll [214528 2010-11-20] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\windows\System32\upnphost.dll [354816 2019-11-05] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\windows\SysWOW64\upnphost.dll [266752 2019-11-05] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
R3 VaultSvc; C:\windows\system32\lsass.exe [30720 2020-01-02] (Microsoft Corporation) [File not signed]
S3 vds; C:\windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4292984 2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R3 VSS; C:\windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\windows\System32\wcncsvc.dll [366592 2017-12-31] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\windows\SysWOW64\wcncsvc.dll [276992 2017-12-31] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\windows\System32\WcsPlugInService.dll [40960 2019-11-14] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\windows\SysWOW64\WcsPlugInService.dll [33280 2019-11-14] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
S4 WebClient; C:\windows\System32\webclnt.dll [263680 2016-09-08] (Microsoft Corporation) [File not signed]
S4 WebClient; C:\windows\SysWOW64\webclnt.dll [208896 2016-09-08] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\windows\system32\wecsvc.dll [209920 2016-02-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\windows\System32\wercplsupport.dll [86016 2019-09-09] (Microsoft Corporation) [File not signed]
S4 WerSvc; C:\windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WiaRpc; C:\windows\System32\wiarpc.dll [67072 2019-12-10] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed]
S4 WinHttpAutoProxySvc; C:\windows\system32\winhttp.dll [444928 2017-12-31] (Microsoft Corporation) [File not signed]
S4 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351744 2017-12-31] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\windows\system32\wbem\WMIsvc.dll [215040 2016-02-13] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\windows\system32\WsmSvc.dll [2618880 2016-02-13] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\windows\SysWOW64\WsmSvc.dll [2181120 2016-02-13] (Microsoft Corporation) [File not signed]
S3 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] (Corel Corporation -> ) [File not signed]
R2 Wlansvc; C:\windows\System32\wlansvc.dll [887808 2019-06-28] (Microsoft Corporation) [File not signed]
R3 wmiApSrv; C:\windows\system32\wbem\WmiApSrv.exe [198144 2016-02-13] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WPDBusEnum; C:\windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\windows\system32\SearchIndexer.exe [594432 2019-12-10] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\windows\SysWOW64\SearchIndexer.exe [428544 2019-12-10] (Microsoft Corporation) [File not signed]
R3 wuauserv; C:\windows\system32\wuaueng.dll [2651136 2019-12-10] (Microsoft Corporation) [File not signed]
R3 wudfsvc; C:\windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation) [File not signed]
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [42208 2020-03-13] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2018-05-15] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
R2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3011952 2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394ohci; C:\windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]
S3 61883; C:\windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\windows\system32\drivers\afd.sys [496128 2017-04-04] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\windows\system32\drivers\amdk8.sys [64512 2020-01-02] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\windows\system32\drivers\amdppm.sys [60928 2020-01-02] (Microsoft Corporation) [File not signed]
R0 apmwin; C:\windows\System32\DRIVERS\apmwin.sys [38736 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
S3 AppID; C:\windows\system32\drivers\appid.sys [62464 2020-01-02] (Microsoft Windows) [File not signed]
S3 AsyncMac; C:\windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 b06bdrv; C:\windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\windows\System32\DRIVERS\bowser.sys [90112 2018-07-18] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 Bridge; C:\windows\System32\DRIVERS\bridge.sys [95232 2019-02-07] (Microsoft Corporation) [File not signed]
S3 BridgeMP; C:\windows\System32\DRIVERS\bridge.sys [95232 2019-02-07] (Microsoft Corporation) [File not signed]
S3 BrSerIb; C:\windows\System32\DRIVERS\BrSerIb.sys [95344 2012-09-10] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 Brserid; C:\windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSIb; C:\windows\System32\DRIVERS\BrUsbSIb.sys [21872 2012-09-10] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BthEnum; C:\windows\system32\drivers\BthEnum.sys [41984 2019-07-29] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\windows\System32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 BthMtpEnum; C:\windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R3 BthPan; C:\windows\System32\DRIVERS\bthpan.sys [119296 2017-07-05] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\windows\System32\Drivers\BTHport.sys [556032 2019-07-29] (Microsoft Corporation) [File not signed]
R3 BTHUSB; C:\windows\System32\Drivers\BTHUSB.sys [80384 2019-07-29] (Microsoft Corporation) [File not signed]
R3 btmaux; C:\windows\System32\DRIVERS\btmaux.sys [158696 2017-05-12] (Intel® Wireless Connectivity Solutions -> Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\System32\DRIVERS\btmhsf.sys [1560552 2017-05-12] (Intel® Wireless Connectivity Solutions -> Motorola Solutions, Inc.)
R4 cdfs; C:\windows\System32\DRIVERS\cdfs.sys [92672 2019-02-10] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed]
R1 cfywlan1; C:\windows\System32\DRIVERS\cfywlan1.sys [36736 2016-11-19] (Connectify (Connectify, Inc.) -> Connectify)
S3 circlass; C:\windows\system32\drivers\circlass.sys [45568 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cnnctfy3; C:\windows\System32\DRIVERS\cnnctfy3.sys [43872 2016-11-19] (Connectify (Connectify, Inc.) -> Connectify)
R3 CompositeBus; C:\windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed]
R1 CSC; C:\windows\System32\drivers\csc.sys [516096 2018-06-29] (Microsoft Corporation) [File not signed]
S2 csvol; C:\windows\System32\DRIVERS\csvol.sys [37200 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
R3 DDDriver; C:\windows\System32\drivers\DDDriver64Dcsa.sys [41608 2018-05-08] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\windows\System32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R1 DfsC; C:\windows\System32\Drivers\dfsc.sys [115200 2018-04-25] (Microsoft Corporation) [File not signed]
R1 discache; C:\windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 dmvsc; C:\windows\system32\drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\windows\system32\drivers\drmkaud.sys [5632 2015-12-08] (Microsoft Corporation) [File not signed]
R3 easytether; C:\windows\System32\DRIVERS\easytthr.sys [22728 2015-11-22] (Polyclef Software -> Mobile Stream)
S3 ebdrv; C:\windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\windows\system32\drivers\errdev.sys [9728 2018-02-10] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195584 2019-02-10] (Microsoft Corporation) [File not signed]
R2 Ext2Fsd; C:\windows\system32\Drivers\Ext2Fsd.sys [826360 2017-11-02] (Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com)
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [205312 2019-02-10] (Microsoft Corporation) [File not signed]
S3 fdc; C:\windows\system32\drivers\fdc.sys [29696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\windows\system32\drivers\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R0 gpt_loader; C:\windows\System32\DRIVERS\gpt_loader.sys [70480 2017-10-11] (Paragon Software GmbH -> )
S3 hcw85cir; C:\windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\windows\system32\drivers\HdAudio.sys [350208 2019-08-26] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Hfsplus; C:\windows\System32\DRIVERS\hfsplus.sys [208208 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
R3 HfsplusRec; C:\windows\System32\DRIVERS\hfsplusrec.sys [25936 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
S3 HidBatt; C:\windows\system32\drivers\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\windows\system32\drivers\hidbth.sys [100864 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\windows\system32\drivers\hidir.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidUsb; C:\windows\system32\drivers\hidusb.sys [30208 2019-03-04] (Microsoft Corporation) [File not signed]
R0 hotcore3; C:\windows\System32\DRIVERS\hotcore3.sys [33968 2015-11-10] (Paragon Software GmbH -> Paragon Software Group)
S3 HTCAND64; C:\windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation) [File not signed]
S3 htcnprot; C:\windows\System32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows ® Win 7 DDK provider)
R3 HTTP; C:\windows\System32\drivers\HTTP.sys [754176 2019-12-10] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
S3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-07-17] (Check Point Software Technologies Ltd. -> Check Point Software Technologies LTD)
R3 intelppm; C:\windows\system32\drivers\intelppm.sys [62464 2020-01-02] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2016-03-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies LTD)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [25992 2019-07-30] (IObit CO., LTD -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [19280 2019-07-30] (IObit CO., LTD -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegistryFilter.sys [31648 2019-07-30] (IObit CO., LTD -> IObit)
S3 kbdhid; C:\windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed]
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [528576 2018-05-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\windows\System32\DRIVERS\klflt.sys [219328 2018-05-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\windows\System32\DRIVERS\klhk.sys [1192136 2018-05-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [1102528 2018-05-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\windows\System32\DRIVERS\klwtp.sys [177344 2018-05-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 ksthunk; C:\windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\windows\system32\drivers\luafv.sys [114688 2019-03-28] (Microsoft Corporation) [File not signed]
S3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [77496 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [130592 2021-02-15] (Malwarebytes Inc -> Malwarebytes)
S3 Modem; C:\windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\windows\system32\drivers\monitor.sys [30208 2019-09-09] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation) [File not signed]
R0 mounthlp; C:\windows\System32\DRIVERS\mounthlp.sys [55120 2017-10-11] (Paragon Software GmbH -> Paragon Software Group)
R3 mpsdrv; C:\windows\System32\drivers\mpsdrv.sys [77312 2018-08-10] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\windows\system32\drivers\mrxdav.sys [142336 2016-09-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\windows\System32\DRIVERS\mrxsmb.sys [161280 2020-01-02] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\windows\System32\DRIVERS\mrxsmb10.sys [291328 2020-01-02] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\windows\System32\DRIVERS\mrxsmb20.sys [129536 2020-01-02] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2019-02-03] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\windows\system32\drivers\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\windows\System32\DRIVERS\nwifi.sys [324608 2017-09-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\windows\System32\DRIVERS\ndistapi.sys [24064 2018-12-07] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [58368 2018-12-07] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\windows\System32\DRIVERS\netbios.sys [45056 2017-12-31] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\windows\System32\DRIVERS\netbt.sys [262656 2019-02-21] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44544 2020-01-02] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\windows\System32\drivers\nsiproxy.sys [26112 2017-08-11] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\windows\system32\drivers\parport.sys [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\windows\System32\drivers\peauth.sys [663552 2019-06-12] (Microsoft Corporation) [File not signed]
R3 pneteth; C:\windows\System32\DRIVERS\pneteth.sys [15360 2011-11-24] (June Fabrics Technology Inc.) [File not signed]
R3 PptpMiniport; C:\windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\windows\system32\drivers\processr.sys [60928 2020-01-02] (Microsoft Corporation) [File not signed]
R1 Psched; C:\windows\System32\DRIVERS\pacer.sys [131584 2017-12-31] (Microsoft Corporation) [File not signed]
R0 PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation -> Corel Corporation)
S3 QWAVEdrv; C:\windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\windows\System32\DRIVERS\rdbss.sys [317440 2019-09-09] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\windows\System32\drivers\rdpdr.sys [165888 2010-11-20] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-16] (Microsoft Corporation) [File not signed]
R3 RFCOMM; C:\windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-13] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RTL8168; C:\windows\System32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Realtek) [File not signed]
S3 RTLU3E8023-W7-64; C:\windows\System32\DRIVERS\rtu30x64w7.sys [124632 2015-02-10] (Realtek Semiconductor Corp -> Realtek)
S3 s3cap; C:\windows\system32\drivers\vms3cap.sys [6656 2010-11-20] (Microsoft Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 scfilter; C:\windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\windows\System32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S1 Serial; C:\windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 sermouse; C:\windows\system32\drivers\sermouse.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\windows\system32\drivers\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\windows\System32\DRIVERS\srv.sys [464384 2020-01-02] (Microsoft Corporation) [File not signed]
R3 srv2; C:\windows\System32\DRIVERS\srv2.sys [406016 2020-01-02] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\windows\System32\DRIVERS\srvnet.sys [169984 2020-01-02] (Microsoft Corporation) [File not signed]
S3 ssudmdm; C:\windows\System32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 StillCam; C:\windows\system32\drivers\serscan.sys [12288 2019-12-10] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\windows\System32\drivers\tcpipreg.sys [46080 2016-07-07] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\windows\System32\drivers\tdtcp.sys [23552 2012-02-16] (Microsoft Corporation) [File not signed]
R1 tdx; C:\windows\System32\DRIVERS\tdx.sys [117248 2017-07-29] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\windows\System32\DRIVERS\tssecsrv.sys [40448 2017-08-13] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\windows\System32\drivers\tsusbflt.sys [56832 2013-10-01] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\windows\System32\DRIVERS\udfs.sys [328192 2019-02-10] (Microsoft Corporation) [File not signed]
R1 UimBus; C:\windows\System32\DRIVERS\UimBus.sys [102576 2015-11-10] (Paragon Software GmbH -> )
R1 Uim_DEVIM; C:\windows\System32\DRIVERS\uim_devim.sys [25904 2015-11-10] (Paragon Software GmbH -> )
R1 Uim_IM; C:\windows\System32\DRIVERS\uim_im.sys [701360 2015-11-10] (Paragon Software GmbH -> )
R3 umbus; C:\windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\windows\system32\drivers\umpass.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\windows\System32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\windows\System32\DRIVERS\usbccgp.sys [99840 2018-05-02] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\windows\system32\drivers\usbehci.sys [56320 2018-05-02] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\windows\System32\DRIVERS\usbhub.sys [344064 2018-05-02] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\windows\system32\drivers\usbohci.sys [25600 2018-05-02] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\windows\system32\drivers\usbscan.sys [42496 2019-12-10] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\windows\System32\DRIVERS\USBSTOR.SYS [91648 2016-02-03] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\windows\system32\drivers\usbuhci.sys [30720 2018-05-02] (Microsoft Corporation) [File not signed]
R3 usbvideo; C:\windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) [File not signed]
S3 usb_rndisx; C:\windows\System32\DRIVERS\usb8023x.sys [19968 2013-02-11] (Microsoft Corporation) [File not signed]
R3 VBoxNetAdp; C:\windows\System32\DRIVERS\VBoxNetAdp6.sys [213080 2018-05-09] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\windows\System32\DRIVERS\VBoxNetLwf.sys [222864 2018-05-09] (Oracle Corporation -> Oracle Corporation)
S3 vga; C:\windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [21760 2010-11-20] (Microsoft Corporation) [File not signed]
R3 vrvd5; C:\windows\System32\DRIVERS\vrvd5.sys [13344 2017-02-03] (Rsupport Co., Ltd. -> Rsupport Corporation)
R1 Vsdatant; C:\windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-15] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R3 vwifibus; C:\windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\windows\system32\drivers\wacompen.sys [27776 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\windows\System32\DRIVERS\wanarp.sys [88576 2018-12-07] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\windows\System32\DRIVERS\wanarp.sys [88576 2018-12-07] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\windows\system32\drivers\wmiacpi.sys [14336 2018-02-10] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\windows\system32\drivers\ws2ifsl.sys [22016 2019-08-19] (Microsoft Corporation) [File not signed]
R3 WSDPrintDevice; C:\windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WSDScan; C:\windows\system32\drivers\WSDScan.sys [25088 2019-12-10] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]
U3 AppleHFS; no ImagePath
R3 cpuz135; \??\C:\Users\Adande\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X] <==== ATTENTION
S3 RtlWlanu; system32\DRIVERS\rtwlanu.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2036-01-01 01:29 - 2036-01-01 01:29 - 000000000 ____D C:\Users\Adande\AppData\Local\Centered Systems
2036-01-01 01:29 - 2036-01-01 01:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Copy 9
2036-01-01 01:29 - 2036-01-01 01:29 - 000000000 ____D C:\Program Files\Second Copy
2036-01-01 01:29 - 2015-12-02 19:24 - 000807000 _____ (Xceed Software Inc (450) 442-2626 [email protected] www.xceed.com) C:\windows\system32\XceedZipX64.dll
2021-02-20 08:29 - 2021-02-20 08:31 - 000101629 _____ C:\Users\Adande\Desktop\FRST.txt
2021-02-20 08:29 - 2021-02-20 08:29 - 000000000 ____D C:\Users\Adande\Desktop\FRST-OlderVersion
2021-02-20 08:26 - 2013-01-18 01:54 - 005529368 _____ (Piriform Ltd) C:\Users\Adande\Desktop\Speccy.exe
2021-02-20 08:25 - 2021-02-20 08:25 - 000000000 ____D C:\Users\Adande\Desktop\2.20.21
2021-02-15 16:25 - 2021-02-15 18:07 - 000000000 ____D C:\Users\Adande\Desktop\2.15.21
2021-02-15 16:16 - 2021-02-20 08:24 - 000000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-02-15 16:08 - 2021-02-15 16:08 - 000000512 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task a6f8dfdf-a09d-44d3-b6c4-ea114a1a40a1.job
2021-02-15 16:08 - 2021-02-15 16:08 - 000000512 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8d41b48c-bc42-4202-a572-6fbf6c23457f.job
2021-02-15 16:08 - 2021-02-15 16:08 - 000000512 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 224aa167-1348-4db0-bc74-e788910b9d05.job
2021-02-15 15:52 - 2021-02-15 15:52 - 000000000 ____D C:\Users\Administrator\Desktop\2.15.21
2021-02-15 15:23 - 2021-02-15 15:23 - 000077496 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2021-02-15 15:23 - 2021-02-15 15:23 - 000001966 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-15 15:23 - 2021-02-15 15:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
2021-02-15 15:22 - 2021-02-15 16:06 - 000248992 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2021-02-15 15:22 - 2021-02-15 15:22 - 000130592 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2021-02-15 15:21 - 2021-02-15 15:21 - 000153312 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2021-01-29 14:17 - 2021-01-29 14:17 - 000000000 ____D C:\ProgramData\MB2Migration
2021-01-29 14:09 - 2021-01-29 14:09 - 000000040 ____H C:\6553593D7DE6
2021-01-29 14:08 - 2021-02-15 15:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-29 14:08 - 2021-01-29 14:08 - 000000000 ____D C:\Program Files\Malwarebytes
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-02-20 08:29 - 2020-11-17 03:43 - 000000000 ____D C:\FRST
2021-02-20 08:29 - 2020-11-17 03:11 - 002301440 _____ (Farbar) C:\Users\Adande\Desktop\FRST64.exe
2021-02-20 08:24 - 2020-01-29 03:11 - 000000000 ____D C:\Users\Adande\AppData\Local\HTC MediaHub
2021-02-20 08:24 - 2016-03-28 10:34 - 000000000 __SHD C:\Users\Adande\IntelGraphicsProfiles
2021-02-20 08:23 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2021-02-20 08:22 - 2017-10-12 09:59 - 000065536 _____ C:\windows\system32\Ikeext.etl
2021-02-20 08:22 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2021-02-20 08:16 - 2009-07-14 00:08 - 000032528 _____ C:\windows\Tasks\SCHEDLGU.TXT
2021-02-20 07:27 - 2009-07-13 23:45 - 000044960 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-02-20 07:27 - 2009-07-13 23:45 - 000044960 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-02-20 07:24 - 2009-07-14 00:13 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2021-02-20 07:24 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2021-02-20 06:14 - 2018-08-08 14:10 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-02-20 06:02 - 2009-07-14 00:32 - 000032768 _____ C:\windows\system32\config\BCD-Template
2021-02-15 16:14 - 2020-11-16 09:51 - 001324178 _____ C:\windows\ntbtlog.txt
2021-02-15 15:30 - 2016-04-01 15:40 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-15 15:30 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-02-15 15:29 - 2016-04-01 15:38 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-15 15:26 - 2017-07-19 09:22 - 000000000 ____D C:\ProgramData\ProductData
2021-02-15 15:24 - 2020-11-17 03:11 - 002297856 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2021-02-15 15:22 - 2017-07-19 09:12 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2021-02-15 15:21 - 2020-11-13 01:18 - 000000000 ____D C:\Users\Administrator\AppData\Local\HTC MediaHub
2021-01-29 16:08 - 2016-06-01 18:38 - 000000000 ____D C:\Users\Adande\AppData\Local\CrashDumps
2021-01-29 14:09 - 2017-07-19 09:14 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2021-01-29 14:05 - 2016-03-29 19:35 - 000000000 ____D C:\sware
 
==================== Files in the root of some directories ========
 
2017-05-20 03:53 - 2017-09-25 00:35 - 000000132 _____ () C:\Users\Adande\AppData\Roaming\Adobe GIF Format CS5 Prefs
2016-06-01 18:32 - 2019-07-23 14:13 - 000000132 _____ () C:\Users\Adande\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-10-21 12:13 - 2018-01-25 16:59 - 000005632 _____ () C:\Users\Adande\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-03-25 15:33 - 2018-03-25 15:33 - 000000001 _____ () C:\Users\Adande\AppData\Local\llftool.4.40.agreement
2018-10-01 09:30 - 2020-11-16 09:31 - 000000312 _____ () C:\Users\Adande\AppData\Local\oobelibMkey.log
2017-05-15 16:46 - 2017-05-15 16:46 - 000007604 _____ () C:\Users\Adande\AppData\Local\Resmon.ResmonCfg
2017-10-20 13:32 - 2017-10-20 13:32 - 000000000 _____ () C:\Users\Adande\AppData\Local\{44743CC4-BCED-4EFC-B430-68CC340FB53C}
2017-06-16 21:52 - 2017-06-16 21:52 - 000000000 _____ () C:\Users\Adande\AppData\Local\{FCD400A9-3305-4B91-8D94-94AEE7B457A1}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\SysWOW64\wininit.exe => MD5 is legit
C:\windows\explorer.exe => MD5 is legit
C:\windows\SysWOW64\explorer.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\SysWOW64\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\SysWOW64\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\SysWOW64\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\dnsapi.dll => MD5 is legit
C:\windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\windows\system32\dllhost.exe => MD5 is legit
C:\windows\SysWOW64\dllhost.exe => MD5 is legit
 
LastRegBack: 2021-02-20 06:44
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2021 01
Ran by Adande (20-02-2021 08:35:07)
Running from C:\Users\Adande\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-03-26 06:03:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Adande (S-1-5-21-2335114495-2311945624-3795076225-1000 - Administrator - Enabled) => C:\Users\Adande
Administrator (S-1-5-21-2335114495-2311945624-3795076225-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2335114495-2311945624-3795076225-501 - Limited - Enabled) => C:\Users\Guest
KRK (S-1-5-21-2335114495-2311945624-3795076225-1007 - Administrator - Enabled) => C:\Users\KRK
WEPSStaff (S-1-5-21-2335114495-2311945624-3795076225-1006 - Administrator - Enabled) => C:\Users\WEPSStaff
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {0683CCA9-024E-F5E0-0687-81040471DC5A}
AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {BDE22D4D-2474-FA6E-3C37-BA767FF696E7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Extreme Security Firewall (Enabled) {3EB84D8C-4821-F4B8-2DD8-2831FAA29B21}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.1.0 - IObit)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.5.1 - Angry IP Scanner)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autorun Eater v2.6 (HKLM-x32\...\Autorun Eater_is1) (Version: 2.6 - Old McDonald's Farm)
Camtasia Studio 6 (HKLM-x32\...\{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}) (Version: 6.0.0 - TechSmith Corporation)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - Canon Inc.)
CanoScan LiDE 70 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411) (Version:  - )
CanoScan LiDE 90 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connectify 2017 (HKLM\...\Connectify) (Version: 2017.4.5.38776 - Connectify)
Dell SupportAssist (HKLM\...\{17F0E5C2-638A-4645-A341-03E9C2FDCFF4}) (Version: 3.4.5.366 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.48.1 - Synaptics Incorporated)
DLwin (HKLM-x32\...\{74DBD42A-7B84-4D58-AAEC-33DBE0F46594}) (Version: 8.0 - Attorneys' Computer Network, Inc.)
EasyTether (HKLM\...\{1B7DB4DD-B70D-4FE4-B909-E3D2AC7A17DD}) (Version: 1.3.3 - Mobile Stream) Hidden
EasyTether (HKLM-x32\...\{6f3b40d5-c81b-469b-a7a2-b560f8561a8c}) (Version: 1.3.3 - Mobile Stream)
EasyTether ADB USB driver (HKLM\...\{767071E2-19B8-45D0-B283-776A6403C9BC}) (Version: 1.0.6 - Mobile Stream)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Ext2Fsd 0.69 (HKLM\...\Ext2Fsd_is1) (Version: 0.69 - Matt Wu)
ezCheckPrinting (HKLM-x32\...\{03C3E414-A9A9-42F9-A691-667A19B318DE}) (Version: 6.0.51 - Halfpricesoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.88.3 - HTC)
iMapBuilder Interactive HTML5 Map Builder v12.2 (Free Trial Ver (HKLM-x32\...\imaphtml5_webunion_is1) (Version:  - WebUnion Media Ltd.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM\...\{00000070-0190-4FD1-8F3D-148929CC1385}) (Version: 19.70.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b22b6ab3-9e4d-4017-97c9-8dc328f41396}) (Version: 20.120.1 - Intel Corporation)
IObit Uninstaller 9 (HKLM-x32\...\IObitUninstall) (Version: 9.0.2.40 - IObit)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
K-Lite Codec Pack 9.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Leawo DVD Creator version  5.2.0.0 (HKLM-x32\...\{29312768-5795-483C-805A-7D01B8FC7C0E}_is1) (Version: 5.2.0.0 - Leawo Software Co., Ltd.)
LibreOffice 5.2 Help Pack (English (United States)) (HKLM-x32\...\{869A3022-8FC9-4F19-92EF-06F0E29F6F7E}) (Version: 5.2.2.2 - The Document Foundation)
LibreOffice 5.2.2.2 (HKLM-x32\...\{69751441-D5E0-4668-893F-CB797B082D09}) (Version: 5.2.2.2 - The Document Foundation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.1.1000 - Maxthon International Limited)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6568.0 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.12527.21594 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 11 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero WaveEditor (HKLM-x32\...\{D0656D0B-9712-45BD-9243-21FEBF5B05E5}) (Version: 14.0.00600 - Nero AG)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21594 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12527.21594 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12527.21594 - Microsoft Corporation) Hidden
OpenMG Secure Module 5.0.00 (HKLM-x32\...\{8ED3A392-28F1-4375-97AC-BF275B5855F9}) (Version: 5.0.00.11280 - Sony Corporation) Hidden
OpenMG Secure Module 5.0.00 (HKLM-x32\...\InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}) (Version: 5.0.00.11280 - Sony Corporation)
Oracle VM VirtualBox 5.2.12 (HKLM\...\{128AD467-F107-4FED-A283-F355E74DE103}) (Version: 5.2.12 - Oracle Corporation)
Paragon Hard Disk Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon HFS+ for Windows (HKLM-x32\...\{429D6E81-8E1E-42E6-8AB9-025DD9157F9B}) (Version: 11.3.158 - Paragon Software GmbH)
Paragon HFS+ for Windows™ 10.5 (HKLM-x32\...\{456534C0-51E7-11DF-B336-005056C00008}) (Version: 1.00 - Paragon Software)
PdaNet+ for Android 4.19 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0010 - Nero AG) Hidden
PrimeCheck (HKLM-x32\...\{F7466545-6CC2-4BD9-8137-E5678B63A602}) (Version: 1.5.7 - Primedia Products, Inc.)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.006 - Dell Inc.)
QuickVPN Client (HKLM-x32\...\{5C8AE145-C9F7-4883-9750-7ECD2B41CCCA}) (Version: 1.4.2.1 - Cisco  Small Business)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39060 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11073 - Realtek Semiconductor Corp.)
Realtek USB Gigabit Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.16.203.2015 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
Recover Keys (HKLM\...\Recover Keys_is1) (Version: 8.0.3.113 - Recover Keys)
R-Studio 5.2 (HKLM-x32\...\R-Studio 5.2NSIS) (Version: 5.2.130709 - R-Tools Technology Inc.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SeaTools for Windows 1.4.0.5 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.5 - Seagate Technology)
Second Copy 9 (HKLM\...\Second Copy 9_is1) (Version: 9.0.0.1 - Centered Systems)
Sling (HKLM-x32\...\{33B2A40C-B8BF-4E5A-8213-1EEB309B0DD0}) (Version: 4.8.154 - Echostar)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Speedtest by Ookla (HKLM\...\{CFF1450F-71E9-4286-82AE-99E6D797CAD3}) (Version: 1.1.23.001 - Ookla)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com)
Topaz Studio (HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\{91375d14-8821-4839-b815-5ceb5f198498}) (Version: 1.0.5 - Topaz Labs, LLC)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
Visual BCD (HKLM-x32\...\{436D50FF-8FA1-4FDD-A9C9-48B52A990F57}) (Version: 0.9.3.1 - BoYans)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WebViewer DVR 1.0.0.128 (HKLM-x32\...\WebViewer DVR) (Version: 1.0.0.128 - Samsung Techwin Co., Ltd.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dell Inc (DellRbtn) HIDClass  (05/04/2015 1.4.2) (HKLM\...\70CCEEBCDF8A7D01F9CCA083F90CBABE40EAC5EB) (Version: 05/04/2015 1.4.2 - Dell Inc)
Windows Driver Package - Intel net  (01/28/2016 18.33.0.2) (HKLM\...\3C9E4BB008C9C91057A9A267D8912215F3AA297D) (Version: 01/28/2016 18.33.0.2 - Intel)
Windows Driver Package - Intel net  (01/28/2016 18.33.0.2) (HKLM\...\D48DC34EF799C5632AED32E93C4676F873F7542B) (Version: 01/28/2016 18.33.0.2 - Intel)
Windows Driver Package - Intel net  (02/25/2016 18.40.0.9) (HKLM\...\2FD99C6C777BFC1E1635BCE7CDF6E2D84E9D2C45) (Version: 02/25/2016 18.40.0.9 - Intel)
Windows Driver Package - Intel net  (04/30/2015 15.12.0.9) (HKLM\...\902E98F36093A8CAEF99BAC759CF0B845129E207) (Version: 04/30/2015 15.12.0.9 - Intel)
Windows Driver Package - Intel net  (04/30/2015 15.18.0.1) (HKLM\...\A5A8069731A4D4C3B9754F06127ADC3BBCEA8EBA) (Version: 04/30/2015 15.18.0.1 - Intel)
WinZip 22.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24119}) (Version: 22.0.12706 - Corel Corporation)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 3.0.9.0 - HTC)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
ZoneAlarm Antivirus (HKLM-x32\...\{B7A757CA-7545-4EB4-9EF2-FA4D8CE6D2F7}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Extreme Security (HKLM-x32\...\ZoneAlarm Extreme Security) (Version: 15.3.060.17669 - Check Point)
ZoneAlarm Find My Laptop (HKLM-x32\...\{0B7DC6E7-A65D-4CF0-B348-E90C5AB59578}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{B136506E-D077-4943-9F0D-B22494BAC3BA}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Parental Controls (HKLM\...\{9D0D6B72-4C5C-498D-9A8A-DA53341E8BC1}) (Version: 7.2.6.1 - ContentWatch) Hidden
ZoneAlarm Security (HKLM-x32\...\{21085985-346F-4750-B57C-270359D3BB83}) (Version: 15.3.060.17669 - Check Point Software Technologies Ltd.) Hidden
Zoom (HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-15] (Corel Corporation -> WinZip Computing, S.L.)
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-15] (Corel Corporation -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\system32\igfxDTCM.dll [2016-11-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-12-15] (Corel Corporation -> WinZip Computing, S.L.)
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zlavscan.dll [2018-05-18] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [107864 2008-07-10] (TechSmith Corporation -> TechSmith Corporation)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
==================== Loaded Modules (Whitelisted) =============
 
2018-09-20 23:50 - 2012-08-08 20:56 - 000863232 _____ ( Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\P2PLib.dll
2018-09-20 23:50 - 2012-11-06 08:47 - 000114688 _____ () [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\EnumDevLib.dll
2017-04-10 17:13 - 2012-09-29 12:25 - 000409088 _____ () [File not signed] C:\windows\System32\HPM1210LM.DLL
2017-03-03 12:00 - 2011-08-25 11:56 - 001844736 _____ () [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\EF320504.dll
2017-04-10 17:13 - 2012-09-29 12:53 - 001038336 _____ () [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\HPM1210GC.dll
2017-04-10 17:13 - 2012-09-29 12:26 - 003120128 _____ () [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\hpm1210su.dll
2017-04-10 17:13 - 2012-09-29 12:25 - 000074240 _____ () [File not signed] C:\windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2009-07-13 20:18 - 2009-07-13 20:41 - 000240640 _____ (Brother Industries LTD.) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\bruui23a.dll
2012-09-10 09:02 - 2012-09-10 09:02 - 000109568 _____ (Brother Industries, Ltd.) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\BRLGMB1A_0409.DLL
2012-09-10 09:02 - 2012-09-10 09:02 - 001502208 _____ (Brother Industries, Ltd.) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\BRUIMB1A.DLL
2009-07-13 20:20 - 2009-07-13 20:40 - 000211456 _____ (CANON INC.) [File not signed] C:\windows\System32\CNBLM3_2.DLL
2019-06-25 01:14 - 2009-07-13 20:40 - 000083968 _____ (CANON INC.) [File not signed] C:\windows\system32\spool\PRTPROCS\x64\CNBPP3.DLL
2016-03-25 06:38 - 2016-03-25 06:38 - 001733632 _____ (Check Point Software Technologies LTD) [File not signed] C:\Program Files (x86)\CheckPoint\AKL\ISWRCS.dll
2021-02-20 08:26 - 2021-02-20 08:26 - 001133568 _____ (CPUID) [File not signed] C:\Users\Adande\AppData\Local\Temp\speccycpuid.dll
2013-08-10 10:12 - 2013-08-10 10:12 - 000328704 _____ (Hewlett-Packard Co.) [File not signed] C:\windows\System32\hpinksts7112LM.dll
2013-08-10 10:26 - 2013-08-10 10:26 - 003644928 _____ (Hewlett-Packard Co.) [File not signed] C:\windows\system32\HPScanTRDrv_OJ8610.dll
2014-11-17 09:43 - 2014-11-17 09:43 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2014-11-17 09:43 - 2014-11-17 09:43 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2017-08-11 11:09 - 2016-10-04 09:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2016-03-26 11:16 - 2014-08-25 11:49 - 000074240 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2009-07-13 19:35 - 2009-06-10 16:14 - 000196608 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
2018-03-26 12:07 - 2018-03-26 12:07 - 000126976 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2018-05-11 16:00 - 2018-04-10 11:35 - 001735168 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\windows\system32\comsvcs.dll
2017-09-22 07:56 - 2017-08-11 01:35 - 000757248 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\windows\System32\win32spl.dll
2020-03-22 23:00 - 2019-12-16 19:18 - 000416256 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\SysWOW64\Dxtmsft.dll
2020-03-22 23:00 - 2019-12-16 19:09 - 000279040 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\SysWOW64\Dxtrans.dll
2018-05-15 01:18 - 2018-05-15 01:18 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\AntiTheft\dbghelp.dll
2018-05-15 01:18 - 2018-05-15 01:18 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2016-04-01 08:10 - 2015-09-01 13:14 - 000503296 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
2020-03-22 23:00 - 2019-12-16 18:37 - 000805376 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Internet Explorer\ieproxy.dll
2009-07-13 18:56 - 2009-07-13 20:41 - 000087552 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Windows Sidebar\sbdrop.dll
2009-07-13 19:24 - 2009-07-13 20:40 - 000026112 _____ (Microsoft Corporation) [File not signed] C:\Windows\ehome\ehSSO.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000053248 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\acppage.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000780800 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\Actioncenter.dll
2009-07-13 18:53 - 2009-07-13 20:40 - 000267776 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ACTIVEDS.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000961024 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\actxprxy.dll
2009-07-13 18:53 - 2009-07-13 20:40 - 000239104 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\adsldp.dll
2009-07-13 18:53 - 2009-07-13 20:40 - 000236544 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\adsldpc.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000880640 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ADVAPI32.dll
2016-04-03 13:59 - 2015-10-29 12:50 - 000072192 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\aelupsvc.dll
2019-12-02 16:48 - 2019-09-09 19:09 - 000257024 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\AEPIC.dll
2009-07-13 18:55 - 2009-07-13 20:40 - 000053248 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\AltTab.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000010752 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003584 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000002560 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000005632 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003072 ____H (Microsoft Corporation) [File not signed] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000009728 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000005632 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000004096 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003072 ____H (Microsoft Corporation) [File not signed] C:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-04-03 13:59 - 2015-10-29 12:50 - 000342016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\apphelp.dll
2009-07-13 18:32 - 2009-07-13 20:40 - 000033792 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\APPHLPDM.DLL
2019-12-02 16:48 - 2019-11-05 16:19 - 000070144 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\appinfo.dll
2017-04-15 11:28 - 2017-03-07 11:30 - 000085504 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\asycfilt.dll
2009-07-13 19:34 - 2009-07-13 20:40 - 000090624 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\ATL.DLL
2019-12-02 16:48 - 2019-09-11 22:44 - 000438784 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\audioeng.dll
2019-12-02 16:48 - 2019-09-11 22:44 - 000295936 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\audioses.dll
2019-12-02 16:48 - 2019-09-11 22:44 - 000680960 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\audiosrv.dll
2019-12-02 16:48 - 2019-11-05 16:19 - 001942016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\authui.dll
2009-07-13 18:50 - 2009-07-13 20:40 - 000177664 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\AUTHZ.dll
2009-07-13 19:22 - 2009-07-13 20:40 - 000018432 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\AVRT.dll
2016-04-01 08:17 - 2015-07-14 22:19 - 000052736 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\basesrv.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000749568 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\BatMeter.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000123904 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\bcrypt.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000705024 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\bfe.dll
2009-07-13 18:46 - 2009-07-13 20:40 - 000056832 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\bitsigd.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000024576 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\bitsperf.dll
2016-04-01 08:09 - 2012-07-04 17:13 - 000059392 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\browcli.dll
2016-04-01 08:09 - 2012-07-04 17:13 - 000136704 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\browser.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000721408 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\bthprops.cpl
2009-07-13 19:06 - 2009-07-13 20:40 - 000083968 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\bthserv.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000094720 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\Cabinet.dll
2009-07-13 19:00 - 2009-07-13 20:40 - 000472576 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\catsrv.dll
2009-07-13 18:59 - 2009-07-13 20:40 - 000056320 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\catsrvps.dll
2020-03-22 22:59 - 2020-01-02 22:33 - 000463872 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\certcli.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001975296 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CertEnroll.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000207872 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CFGMGR32.dll
2009-07-13 19:00 - 2009-07-13 20:40 - 000607744 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CLBCatQ.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000314368 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CLUSAPI.DLL
2009-06-22 20:19 - 2009-06-22 20:19 - 000504320 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\CNBJMON.DLL
2009-06-22 20:23 - 2009-06-22 20:23 - 000690176 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\CNBJMON2.DLL
2009-07-13 18:59 - 2009-07-13 20:40 - 000255488 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\Com\comadmin.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000594432 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\COMDLG32.dll
2009-07-13 18:59 - 2009-07-13 20:26 - 001297408 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\COMRES.DLL
2020-03-22 22:59 - 2020-01-02 22:33 - 000022016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\credssp.dll
2016-04-03 13:58 - 2013-10-03 21:25 - 000197120 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\credui.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 001484800 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CRYPT32.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000043520 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CRYPTBASE.dll
2019-06-16 16:42 - 2019-04-04 19:34 - 000064000 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\cryptdll.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000141824 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\CRYPTNET.dll
2019-07-23 10:14 - 2019-06-12 10:07 - 000081920 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CRYPTSP.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000191488 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\cryptsvc.dll
2019-12-02 16:48 - 2019-11-05 16:20 - 001068544 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CRYPTUI.dll
2018-08-20 21:18 - 2018-06-29 10:55 - 000045568 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\cscapi.dll
2018-08-20 21:18 - 2018-06-29 10:55 - 000030208 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\CSCDLL.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000498688 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\cscui.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000044032 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\CSRSRV.dll
2016-04-03 13:59 - 2013-11-22 17:48 - 003928064 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d2d1.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000194560 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d3d10_1.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000333312 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d3d10_1core.dll
2019-02-03 10:55 - 2018-10-06 08:05 - 002565120 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\D3D10Warp.dll
2016-04-01 11:52 - 2016-04-01 11:52 - 001887232 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d3d11.dll
2009-07-13 18:41 - 2009-07-13 20:40 - 000012288 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d3d8thk.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 002067456 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\d3d9.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 003391488 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dbgeng.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001087488 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\dbghelp.dll
2020-03-22 23:00 - 2019-11-14 21:21 - 000014336 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DCIMAN32.dll
2009-07-13 18:41 - 2009-07-13 20:40 - 000569344 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DDRAW.dll
2009-07-13 18:26 - 2009-07-13 20:40 - 000093184 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DEVOBJ.dll
2009-07-13 18:26 - 2009-07-13 20:40 - 000058368 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\DEVRTL.dll
2009-07-13 18:53 - 2009-07-13 20:40 - 000062976 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dfscli.dll
2019-08-14 19:54 - 2019-07-13 03:31 - 000318976 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\dhcpcore.dll
2019-08-14 19:54 - 2019-07-13 03:31 - 000226304 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\dhcpcore6.dll
2019-08-14 19:53 - 2019-07-13 03:31 - 000086528 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\dhcpcsvc.DLL
2019-08-14 19:54 - 2019-07-13 03:31 - 000054784 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\dhcpcsvc6.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 001340416 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\diagperf.dll
2009-07-13 18:53 - 2009-07-13 20:40 - 000040448 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dimsjob.dll
2018-07-11 21:24 - 2018-06-08 11:19 - 000357888 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\DNSAPI.dll
2009-07-13 19:12 - 2009-07-13 20:40 - 000008192 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\dnsext.dll
2018-07-11 21:24 - 2018-06-08 11:19 - 000182272 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\dnsrslvr.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000162816 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\dps.dll
2009-07-13 19:21 - 2009-07-13 20:41 - 000299520 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\drivers\UMDF\WpdFs.dll
2009-07-13 19:18 - 2009-07-13 20:40 - 000540672 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DSOUND.dll
2009-07-13 18:50 - 2009-07-13 20:40 - 000032768 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\dsrole.dll
2009-07-13 19:08 - 2009-07-13 20:40 - 000036352 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dtsh.dll
2009-07-13 18:41 - 2009-07-13 20:40 - 000976896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DUI70.dll
2009-07-13 18:39 - 2009-07-13 20:40 - 000260608 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DUser.dll
2016-04-03 13:57 - 2015-07-09 12:58 - 000082944 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dwmapi.dll
2016-04-03 13:57 - 2015-07-09 12:58 - 001632256 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dwmcore.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000128512 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dwmredir.dll
2019-12-02 16:48 - 2019-10-14 18:58 - 001650176 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\DWrite.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000363008 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dxgi.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000459776 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\dxp.dll
2009-07-13 19:12 - 2009-07-13 20:40 - 000263680 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\eappcfg.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000303616 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\eapphost.dll
2009-07-13 19:12 - 2009-07-13 20:40 - 000064512 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\eappprxy.dll
2009-07-13 19:12 - 2009-07-13 20:40 - 000111104 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\eapsvc.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000144896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\EhStorAPI.dll
2009-07-13 19:00 - 2009-07-13 20:40 - 000203264 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\EhStorShell.dll
2009-07-13 19:00 - 2009-07-13 20:40 - 000402944 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\es.dll
2016-04-03 13:57 - 2011-03-11 01:33 - 002565632 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ESENT.dll
2009-07-13 18:49 - 2009-07-13 20:40 - 000039424 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\esentprf.dll
2019-06-16 16:42 - 2019-05-24 19:03 - 001867776 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\EXPLORERFRAME.dll
2019-12-02 16:48 - 2019-09-09 21:24 - 000355328 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\FaultRep.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000016384 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\fdphost.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000051200 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\fdPnp.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000074240 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\fdproxy.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000093696 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\fdssdp.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000101376 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\fdwcn.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000028160 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\fdWNet.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000132096 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\fdwsd.dll
2018-09-11 16:37 - 2018-08-10 10:54 - 000749568 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\FirewallAPI.dll
2009-07-13 18:23 - 2009-07-13 20:40 - 000019456 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\FLTLIB.DLL
2019-12-02 16:48 - 2019-10-14 18:58 - 001182208 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\fntcache.dll
2016-05-22 15:06 - 2016-02-13 05:33 - 000256512 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\framedynos.dll
2009-07-13 18:35 - 2009-07-13 20:40 - 000194560 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\FunDisc.dll
2009-07-13 18:21 - 2009-07-13 20:40 - 000020480 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\FVECERTS.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000324096 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\fwpuclnt.dll
2017-02-15 00:07 - 2016-05-12 12:14 - 000075776 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\FwRemoteSvr.DLL
2010-11-20 22:25 - 2010-11-20 22:25 - 000623104 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\FXSAPI.dll
2010-11-20 22:25 - 2010-11-20 22:25 - 000041984 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\FXSMON.DLL
2009-07-13 19:36 - 2009-07-13 20:27 - 000925184 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\FXSRESM.DLL
2009-07-13 19:35 - 2009-07-13 20:40 - 000863744 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\fxsst.dll
2016-04-03 14:01 - 2012-12-07 08:15 - 002746368 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\gameux.dll
2020-03-22 23:00 - 2019-11-27 22:28 - 000405504 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\GDI32.dll
2009-07-13 18:42 - 2009-07-13 20:40 - 000165376 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\GLU32.dll
2017-02-15 00:07 - 2016-05-12 12:14 - 000096256 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\GPAPI.dll
2017-02-15 00:07 - 2016-05-12 12:14 - 000794624 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\gpsvc.dll
2009-07-13 18:56 - 2009-07-13 20:40 - 000031232 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\hcproviders.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000332288 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\hgcpl.dll
2009-07-13 19:06 - 2009-07-13 20:41 - 000030208 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\HID.DLL
2009-07-13 19:08 - 2009-07-13 20:41 - 000424448 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\hnetcfg.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000027136 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\HotStartUserAgent.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000045056 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\HTTPAPI.dll
2017-09-22 07:56 - 2017-08-14 12:35 - 000022528 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ICAAPI.dll
2020-03-22 23:00 - 2019-11-14 21:21 - 000250880 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\icm32.dll
2009-07-13 18:37 - 2009-07-13 20:41 - 000014336 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\IconCodecService.dll
2009-07-13 18:26 - 2009-07-13 20:41 - 000037376 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\IdnDL.dll
2020-03-22 23:00 - 2019-12-16 19:14 - 015445504 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\ieframe.dll
2020-03-22 23:00 - 2019-12-16 20:06 - 002910720 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\iertutil.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000863232 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ikeext.dll
2016-04-01 08:09 - 2013-10-18 21:18 - 000081408 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\imagehlp.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000503296 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\imapi2.dll
2009-07-13 18:38 - 2009-07-13 20:41 - 000167424 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\IMM32.DLL
2018-06-25 14:44 - 2018-05-11 16:19 - 000977408 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\inetcomm.dll
2017-09-22 07:56 - 2017-08-11 01:34 - 000166400 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\inetpp.dll
2018-06-25 14:44 - 2018-05-11 16:19 - 000084480 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\inetres.dll
2009-07-13 18:35 - 2009-07-13 20:41 - 000101888 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ipbusenum.dll
2009-07-13 18:35 - 2009-07-13 20:41 - 000012800 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\IPBusEnumProxy.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000145920 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\IPHLPAPI.DLL
2017-02-15 00:07 - 2016-05-12 12:14 - 000502272 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ipsecsvc.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000733184 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\kerberos.DLL
2020-03-22 23:00 - 2020-01-02 22:33 - 001162752 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\kernel32.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000408576 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\KERNELBASE.dll
2016-04-01 08:13 - 2015-12-08 14:07 - 000005120 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ksuser.dll
2009-07-13 18:19 - 2009-07-13 20:41 - 000023040 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ktmw32.dll
2009-07-13 19:07 - 2009-07-13 20:41 - 000071168 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\l2gpstore.dll
2009-07-13 18:55 - 2009-07-13 20:41 - 000029696 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\LINKINFO.dll
2009-07-13 19:09 - 2009-07-13 20:41 - 000023552 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\lmhsvc.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000140800 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\loadperf.dll
2019-03-17 09:09 - 2019-02-16 01:02 - 000972288 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\localspl.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000186880 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\LOGONCLI.DLL
2020-03-22 23:00 - 2019-11-14 21:21 - 000041472 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\LPK.dll
2016-04-01 08:09 - 2015-11-13 18:09 - 000091648 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\mapi32.dll
2019-07-23 10:14 - 2019-06-12 10:07 - 004120576 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MF.dll
2016-04-01 08:11 - 2011-03-11 01:34 - 001395712 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MFC42.DLL
2009-07-13 18:59 - 2009-07-13 20:41 - 000033792 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MfcSubs.dll
2019-07-23 10:14 - 2019-06-12 10:07 - 000433152 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MFPlat.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000257024 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MFReadWrite.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000022528 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\mgmtapi.dll
2009-07-13 19:18 - 2009-07-13 20:41 - 000020480 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\midimap.dll
2009-07-13 18:55 - 2009-07-13 20:41 - 000226816 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\MLANG.dll
2009-07-13 19:18 - 2009-07-13 20:41 - 000284160 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\MMDevAPI.DLL
2009-07-13 19:10 - 2009-07-13 20:41 - 000080896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MPR.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000221184 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\MPRAPI.dll
2018-09-11 16:37 - 2018-08-10 10:54 - 000828928 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\mpssvc.dll
2009-07-13 19:18 - 2009-07-13 20:41 - 000083456 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSACM32.dll
2009-07-13 19:18 - 2009-07-13 20:38 - 000025600 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msacm32.drv
2010-11-20 22:24 - 2010-11-20 22:24 - 000046592 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSASN1.dll
2020-03-22 23:00 - 2019-11-14 21:21 - 000623104 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\mscms.dll
2019-09-11 09:31 - 2019-08-28 21:50 - 001078784 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSCTF.dll
2009-07-13 18:39 - 2009-07-13 20:41 - 000028160 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MsCtfMonitor.dll
2009-07-13 18:39 - 2009-07-13 20:41 - 000114176 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msctfui.dll
2009-07-13 18:22 - 2009-07-13 20:41 - 000451584 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msdelta.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000124928 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\MSDTCLOG.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000745472 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSDTCPRX.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 001509888 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\MSDTCTM.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000302080 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msdtcuiu.DLL
2009-07-13 18:59 - 2009-07-13 20:29 - 000021504 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\msdtcVSp1res.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000799744 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MsftEdit.dll
2019-12-02 16:48 - 2019-11-05 16:20 - 003247616 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msi.dll
2016-04-03 13:55 - 2013-10-29 21:32 - 000335360 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msieftp.dll
2009-07-13 18:48 - 2009-07-13 20:41 - 000019968 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msiltcfg.dll
2019-12-02 16:48 - 2019-11-05 16:20 - 000008192 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSIMG32.dll
2009-07-13 18:39 - 2009-07-13 20:41 - 000041984 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msimtf.dll
2016-04-01 11:57 - 2016-04-01 11:57 - 000247808 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msls31.dll
2009-07-13 18:58 - 2009-07-13 20:41 - 000112640 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSOERT2.dll
2009-07-13 18:21 - 2009-07-13 20:41 - 000046592 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\mspatcha.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000075264 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msscntrs.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000099840 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\mssprxy.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000778240 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\mssvp.dll
2009-07-13 18:39 - 2009-07-13 20:41 - 000235520 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MSUTB.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000316928 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msv1_0.DLL
2009-07-13 18:18 - 2009-07-13 20:41 - 000078336 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msvcirt.dll
2016-04-01 08:11 - 2011-12-16 03:46 - 000634880 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\msvcrt.dll
2017-02-15 00:07 - 2016-05-11 12:02 - 000327168 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\mswsock.dll
2019-05-02 11:05 - 2019-03-11 16:41 - 001894912 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\msxml3.dll
2019-08-14 19:54 - 2019-07-13 03:32 - 002009600 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\msxml6.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000372736 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\MTXCLU.DLL
2017-02-15 00:07 - 2016-03-16 13:50 - 000156672 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\mtxoci.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000068096 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\napinsp.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001326080 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\NaturalLanguage6.dll
2016-05-22 15:06 - 2016-02-13 05:37 - 000059392 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NCObjAPI.DLL
2020-03-22 23:00 - 2020-01-02 22:33 - 000312320 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\ncrypt.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000223232 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ncsi.dll
2016-04-01 08:09 - 2012-07-04 17:16 - 000073216 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\NETAPI32.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000519680 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\netcfgx.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000188928 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\netjoin.dll
2009-07-13 19:08 - 2009-07-13 20:41 - 000360448 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\netman.dll
2009-07-13 19:12 - 2009-07-13 20:41 - 000459776 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\netprofm.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 002652160 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\netshell.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000029184 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\netutils.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001672704 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NetworkExplorer.dll
2009-07-13 19:08 - 2009-07-13 20:41 - 000053248 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NetworkItemFactory.dll
2009-07-13 18:26 - 2009-07-13 20:41 - 000313856 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\newdev.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000070656 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NLAapi.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000303104 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\nlasvc.dll
2009-07-13 19:31 - 2009-07-13 20:41 - 006270976 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\NLSData0009.dll
2009-07-13 19:33 - 2009-07-13 20:31 - 002628608 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\NLSLexicons0009.dll
2009-07-13 18:26 - 2009-07-13 20:31 - 000002560 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\normaliz.DLL
2009-07-13 19:12 - 2009-07-13 20:41 - 000031744 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\npmproxy.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000015360 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\nrpsrv.DLL
2017-09-22 07:56 - 2017-08-11 01:35 - 000013312 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NSI.dll
2017-09-22 07:56 - 2017-08-11 01:35 - 000026112 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\nsisvc.dll
2009-07-13 18:54 - 2009-07-13 20:41 - 000152064 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\NTDSAPI.dll
2009-07-13 18:50 - 2009-07-13 20:41 - 000162304 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ntmarta.dll
2016-04-03 13:56 - 2012-01-04 05:44 - 000509952 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ntshrui.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000720896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ODBC32.dll
2009-07-13 19:28 - 2009-07-13 20:31 - 000229376 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\odbcint.dll
2020-03-22 23:00 - 2019-11-14 21:22 - 002072576 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\ole32.dll
2016-04-01 11:32 - 2011-08-27 00:37 - 000331776 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\OLEACC.dll
2020-03-22 23:00 - 2019-11-14 21:22 - 000878080 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\OLEAUT32.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000128000 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\oledlg.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000235520 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\OneX.DLL
2009-07-13 18:42 - 2009-07-13 20:41 - 001039872 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\OPENGL32.dll
2019-07-23 10:14 - 2019-06-12 10:07 - 000187904 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\pcasvc.dll
2009-07-13 18:19 - 2009-07-13 20:41 - 000036864 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\pcwum.dll
2017-05-17 00:54 - 2017-03-10 11:32 - 000300544 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\pdh.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000044544 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\Perfctrs.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000035328 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\perfdisk.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000023040 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\perfnet.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000029696 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\perfos.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000038400 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\perfproc.dll
2016-04-03 13:56 - 2015-01-08 22:14 - 000950272 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\perftrack.dll
2009-07-13 19:17 - 2009-07-13 20:41 - 000018944 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\perfts.dll
2009-07-13 19:18 - 2009-07-13 20:41 - 000084992 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\PlaySndSrv.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 001808384 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\pnidui.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000012288 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\pnpts.dll
2009-07-13 19:11 - 2009-07-13 20:41 - 000086016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\pnrpnsp.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000758272 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\PortableDeviceApi.dll
2009-07-13 19:21 - 2009-07-13 20:41 - 000125952 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\portabledeviceclassextension.dll
2009-07-13 19:21 - 2009-07-13 20:41 - 000077824 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\portabledeviceconnectapi.dll
2009-07-13 19:21 - 2009-07-13 20:41 - 000219648 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\PortableDeviceTypes.dll
2009-07-13 19:21 - 2009-07-13 20:41 - 000169472 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\PortableDeviceWiaCompat.dll
2016-04-03 13:56 - 2015-01-08 22:14 - 000029696 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\powertracker.dll
2009-07-13 18:27 - 2009-07-13 20:41 - 000167424 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\POWRPROF.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000048128 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\PrintIsolationProxy.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000416256 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\prnfldr.dll
2009-07-13 18:20 - 2009-07-13 20:41 - 000044032 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\profapi.dll
2016-04-01 08:09 - 2014-12-18 22:06 - 000210432 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\profsvc.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 001212416 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\PROPSYS.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000187904 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\provsvc.dll
2009-07-13 18:47 - 2009-07-13 20:41 - 000307200 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\PROVTHRD.dll
2009-07-13 18:26 - 2009-07-13 20:41 - 000009216 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\psapi.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000266240 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\QAgent.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000849920 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\qmgr.dll
2009-07-13 18:46 - 2009-07-13 20:41 - 000044544 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\qmgrprxy.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000107520 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\QUtil.dll
2009-07-13 18:32 - 2009-07-13 20:41 - 000097792 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\radardt.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000016384 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\rasadhlp.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000384512 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\RASAPI32.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000017408 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\rasctrs.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000860672 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\RASDLG.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000100352 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\rasman.dll
2009-07-13 18:34 - 2009-07-13 20:41 - 000086016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RESUTILS.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000633344 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RICHED20.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000010752 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RICHED32.DLL
2009-07-13 18:21 - 2009-07-13 20:41 - 000067072 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\rpcepmap.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 001211392 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RPCRT4.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RpcRtRemote.dll
2020-03-22 23:00 - 2019-11-14 21:22 - 000517632 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\rpcss.dll
2009-07-13 18:35 - 2009-07-13 20:41 - 000188416 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\RstrtMgr.DLL
2010-11-20 22:23 - 2010-11-20 22:23 - 000052224 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\rtutils.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000067584 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\samcli.dll
2017-04-15 11:28 - 2017-02-09 11:32 - 000106496 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SAMLIB.dll
2018-04-10 13:51 - 2018-01-12 11:40 - 000407040 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SCESRV.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000089088 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\scext.dll
2020-03-22 22:59 - 2020-01-02 22:33 - 000345600 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\schannel.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000024064 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SCHEDCLI.DLL
2019-06-16 16:41 - 2019-06-03 18:11 - 001110528 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\schedsvc.dll
2018-04-10 13:51 - 2018-03-06 13:07 - 000229376 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\scksp.dll
2019-02-03 10:56 - 2018-10-26 22:42 - 000230400 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\scrobj.dll
2019-02-03 10:56 - 2018-10-26 22:42 - 000202752 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\scrrun.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000867840 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SearchFolder.dll
2016-04-03 14:00 - 2015-05-25 13:19 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\sechost.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000028160 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\secur32.dll
2009-07-13 18:50 - 2009-07-13 20:32 - 000005120 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\security.dll
2009-07-13 18:34 - 2009-07-13 20:41 - 000064512 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\sens.dll
2009-07-13 18:34 - 2009-07-13 20:41 - 000015872 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SensApi.dll
2009-07-13 19:00 - 2009-07-13 20:41 - 000174592 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\SensorsApi.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001900544 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SETUPAPI.dll
2009-07-13 18:25 - 2009-07-13 20:33 - 000003072 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\sfc.dll
2009-07-13 18:26 - 2009-07-13 20:41 - 000045056 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\sfc_os.DLL
2010-11-20 22:23 - 2010-11-20 22:23 - 000135168 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\shacct.dll
2017-09-22 07:56 - 2017-08-19 10:28 - 000197120 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\shdocvw.dll
2019-06-16 16:42 - 2019-05-24 19:04 - 014185984 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SHELL32.dll
2009-07-13 18:55 - 2009-07-13 20:41 - 000010240 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\shfolder.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000448512 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SHLWAPI.dll
2020-03-22 23:00 - 2019-12-10 03:32 - 000371712 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\shsvcs.dll
2009-07-13 18:51 - 2009-07-13 20:41 - 000030720 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\slc.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SndVolSSO.DLL
2009-07-13 19:10 - 2009-07-13 20:41 - 000027648 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\snmpapi.dll
2009-07-13 18:26 - 2009-07-13 20:41 - 000097792 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SPFILEQ.dll
2009-07-13 18:26 - 2009-07-13 20:41 - 000105472 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\SPINF.dll
2009-07-13 19:35 - 2010-11-20 22:23 - 000623104 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\FXSAPI.DLL
2009-07-13 20:19 - 2010-11-20 22:23 - 006566400 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\FXSRES.DLL
2009-07-13 19:35 - 2010-11-20 22:23 - 000434688 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\FXSTIFF.dll
2009-07-13 19:36 - 2010-11-20 22:23 - 000160256 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\FXSUI.DLL
2009-07-13 19:36 - 2010-11-20 22:23 - 000156672 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\FXSWZRD.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000847872 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\PS5UI.DLL
2009-07-13 20:18 - 2013-08-10 15:14 - 000884224 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\spool\DRIVERS\x64\3\unidrvui.dll
2019-03-17 09:09 - 2019-02-16 01:02 - 000038912 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\spool\PRTPROCS\x64\winprint.dll
2009-07-13 19:39 - 2009-07-13 20:41 - 000057856 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\SPOOLSS.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000145920 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SPPC.DLL
2010-11-20 22:25 - 2010-11-20 22:25 - 000340992 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\srchadmin.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000128000 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\srvcli.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000236032 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\srvsvc.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000013312 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SSCORE.DLL
2019-08-14 19:54 - 2019-07-13 03:32 - 000051200 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\SSDPAPI.dll
2019-08-14 19:54 - 2019-07-13 03:32 - 000193024 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\ssdpsrv.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000135680 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SSPICLI.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000257024 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\stobject.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000486912 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\StructuredQuery.dll
2009-07-13 18:37 - 2009-07-13 20:41 - 000524288 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\swprv.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000582656 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\sxs.dll
2019-05-02 11:05 - 2019-03-20 21:10 - 000032768 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\sxssrv.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 002262528 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\SyncCenter.dll
2016-04-01 08:11 - 2012-09-25 17:46 - 000095744 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SYNCENG.dll
2009-07-13 19:22 - 2009-07-13 20:41 - 000073728 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\Syncreg.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000200192 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\syncui.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 001741312 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\sysmain.dll
2009-07-13 18:52 - 2009-07-13 20:41 - 000023040 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\SYSNTFY.dll
2009-07-13 19:41 - 2009-07-13 20:41 - 000248832 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\TAPI32.dll
2009-07-13 19:40 - 2009-07-13 20:41 - 000011264 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\tapiperf.dll
2019-06-16 16:41 - 2019-06-03 18:11 - 000474112 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\taskcomp.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001197056 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\taskschd.dll
2016-04-03 13:58 - 2016-02-05 13:56 - 000020480 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\tbs.dll
2009-07-13 19:39 - 2009-07-13 20:41 - 000038912 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\tcpmib.dll
2009-07-13 19:39 - 2009-07-13 20:41 - 000195072 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\tcpmon.dll
2016-04-03 13:59 - 2015-07-22 19:02 - 000879104 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\tdh.dll
2019-05-02 11:05 - 2019-03-11 16:41 - 000688128 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\termsrv.dll
2009-07-13 18:54 - 2009-07-13 20:41 - 000044544 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\themeservice.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000112640 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\thumbcache.dll
2016-04-03 13:55 - 2011-12-30 01:26 - 000515584 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\timedate.cpl
2020-03-22 22:59 - 2019-12-10 03:32 - 002319360 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\tquery.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000119808 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\trkwks.dll
2009-07-13 18:46 - 2009-07-13 20:41 - 000017408 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\tschannel.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000172544 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\twext.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000119296 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\txflog.dll
2016-04-01 08:10 - 2015-02-02 22:31 - 000215552 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\UBPM.dll
2009-07-13 18:37 - 2009-07-13 20:41 - 000328704 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\uDWM.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 003860992 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\UIRibbon.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000059904 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\umb.dll
2016-04-01 08:11 - 2011-05-24 06:42 - 000404480 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\umpnpmgr.dll
2019-12-02 16:48 - 2019-09-18 23:27 - 000168448 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\umpo.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000264192 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\upnp.dll
2020-03-22 23:00 - 2019-12-16 18:52 - 001566720 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\urlmon.dll
2009-07-13 19:39 - 2009-07-13 20:41 - 000045056 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\usbmon.dll
2009-07-13 19:06 - 2009-07-13 20:41 - 000013312 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\usbperf.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 001010688 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\USER32.dll
2019-12-02 16:48 - 2019-11-05 16:20 - 000110592 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\USERENV.dll
2019-12-02 16:48 - 2019-11-05 16:20 - 000806400 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\USP10.dll
2009-07-13 19:17 - 2009-07-13 20:41 - 000034816 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\UTILDLL.dll
2009-07-13 18:54 - 2009-07-13 20:41 - 000025088 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\UXINIT.dll
2009-07-13 18:37 - 2009-07-13 20:41 - 000038912 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\uxsms.dll
2009-07-13 18:55 - 2009-07-13 20:41 - 000332288 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\UxTheme.dll
2009-07-13 18:57 - 2009-07-13 20:41 - 000029184 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\VERSION.dll
2009-07-13 18:25 - 2009-07-13 20:41 - 000021504 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\VirtDisk.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000061952 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\vss_ps.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 001753088 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\VSSAPI.DLL
2009-07-13 18:36 - 2009-07-13 20:41 - 000076800 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\VssTrace.DLL
2010-11-20 22:23 - 2010-11-20 22:23 - 002058240 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\cimwin32.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000159232 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\dsprov.dll
2016-05-22 15:05 - 2016-02-13 05:34 - 000401920 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\esscli.dll
2016-05-22 15:05 - 2016-02-13 05:32 - 000854016 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\FastProx.dll
2009-07-13 18:47 - 2009-07-13 20:41 - 000044544 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\krnlprov.dll
2016-05-22 15:06 - 2016-02-13 05:31 - 000077312 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\ncprov.dll
2016-05-22 15:05 - 2016-02-13 05:32 - 000352256 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\repdrvfs.dll
2016-05-22 15:05 - 2016-02-13 05:22 - 001145856 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wbemcore.dll
2009-07-13 18:47 - 2009-07-13 20:41 - 000266752 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wbemdisp.dll
2016-05-22 15:05 - 2016-02-13 05:32 - 000464896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wbemess.dll
2016-05-22 15:06 - 2016-02-13 05:37 - 000035840 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wbemprox.dll
2016-05-22 15:05 - 2016-02-13 05:37 - 000062976 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wbemsvc.dll
2016-05-22 15:06 - 2016-02-13 05:33 - 000130048 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wmiaprpl.dll
2016-05-22 15:05 - 2016-02-13 05:36 - 000193024 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wmidcprv.dll
2009-07-13 18:31 - 2009-07-13 20:41 - 000136192 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\wbem\WmiPerfClass.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000228864 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wmiprov.dll
2016-05-22 15:05 - 2016-02-13 05:31 - 000752128 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wmiprvsd.dll
2016-05-22 15:05 - 2016-02-13 05:30 - 000215040 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wbem\wmisvc.dll
2016-05-22 15:06 - 2016-02-13 05:33 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbem\wmiutils.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000529408 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbemcomn.dll
2016-05-22 15:05 - 2016-02-13 05:33 - 000452608 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wbemcomn2.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000120320 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wcnapi.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000366592 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wcncsvc.dll
2016-04-03 13:56 - 2015-01-08 22:14 - 000091136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wdi.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000036352 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wdiasqmmodule.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000217088 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wdmaud.drv
2009-07-13 18:28 - 2009-07-13 20:41 - 000271360 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\WDSCORE.dll
2017-02-15 00:05 - 2016-03-09 14:00 - 000396800 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\webio.dll
2018-06-25 14:44 - 2018-05-14 22:44 - 001159680 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\webservices.dll
2019-12-02 16:48 - 2019-09-09 21:24 - 000486912 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wer.dll
2019-12-02 16:48 - 2019-09-09 21:24 - 001281536 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\werconcpl.dll
2019-12-02 16:48 - 2019-09-09 21:24 - 000086016 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wercplsupport.dll
2009-07-13 18:46 - 2009-07-13 20:41 - 000428032 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wevtapi.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 001646080 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wevtsvc.dll
2018-09-11 16:37 - 2018-08-10 10:55 - 000022528 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wfapigp.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000583168 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wiaservc.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000014848 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wiatrace.dll
2009-07-13 18:30 - 2009-07-13 20:41 - 000016384 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WINBRAND.dll
2018-09-11 16:37 - 2018-08-29 20:10 - 001424896 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WindowsCodecs.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000245248 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WindowsCodecsExt.dll
2018-01-05 10:02 - 2017-12-31 21:18 - 000444928 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\WINHTTP.dll
2020-03-22 23:00 - 2019-12-16 19:04 - 004859392 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WININET.dll
2009-07-13 19:18 - 2009-07-13 20:41 - 000217600 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WINMM.dll
2017-09-22 07:56 - 2017-08-11 01:35 - 000025600 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\WINNSI.DLL
2009-07-13 18:53 - 2009-07-13 20:41 - 000028672 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\winrnr.dll
2018-04-10 13:51 - 2018-02-21 22:28 - 000217600 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\WinSCard.dll
2019-03-17 09:09 - 2019-02-16 01:02 - 000443904 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\winspool.drv
2020-03-22 23:00 - 2020-01-02 22:33 - 000215552 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\winsrv.DLL
2016-04-01 08:14 - 2014-07-16 21:07 - 000235520 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WINSTA.dll
2020-03-22 22:59 - 2019-12-10 03:32 - 000229376 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WINTRUST.dll
2009-07-13 19:06 - 2009-07-13 20:41 - 000020480 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WINUSB.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 000071680 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wkscli.dll
2018-07-11 21:24 - 2018-04-25 11:02 - 000124416 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wkssvc.dll
2019-07-23 10:14 - 2019-06-28 00:24 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wlanapi.dll
2019-07-23 10:14 - 2019-06-28 00:24 - 000118784 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wlanhlp.dll
2019-07-23 10:14 - 2019-06-28 00:24 - 000414208 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\WLANMSM.DLL
2019-07-23 10:14 - 2019-06-28 00:24 - 000448512 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\WLANSEC.dll
2019-07-23 10:14 - 2019-06-28 00:24 - 000887808 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wlansvc.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000414208 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wlanui.dll
2009-07-13 19:07 - 2009-07-13 20:41 - 000010752 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wlanutil.dll
2017-09-22 07:56 - 2017-08-11 01:35 - 000313856 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WLDAP32.dll
2009-07-13 19:07 - 2009-07-13 20:41 - 000108544 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wlgpclnt.dll
2009-07-13 18:52 - 2009-07-13 20:41 - 000010752 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wls0wndh.dll
2009-07-13 19:23 - 2009-07-13 20:41 - 000297984 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\WMASF.DLL
2009-07-13 18:52 - 2009-07-13 20:41 - 000014848 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WMsgAPI.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 003027968 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\wmvcore.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000243712 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\wow64.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000013312 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\wow64cpu.dll
2020-03-22 23:00 - 2020-01-02 22:33 - 000361984 _____ (Microsoft Corporation) [File not signed] C:\windows\SYSTEM32\wow64win.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000117248 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wpdbusenum.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000115200 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wpdshserviceobj.dll
2017-02-15 00:07 - 2016-05-11 12:02 - 000296448 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WS2_32.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000063488 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WSCAPI.dll
2009-07-13 18:48 - 2009-07-13 20:41 - 000146432 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wscinterop.dll
2009-07-13 18:48 - 2009-07-13 20:41 - 000022528 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wscisvif.dll
2009-07-13 18:48 - 2009-07-13 20:41 - 000097280 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wscsvc.dll
2009-07-13 18:48 - 2009-07-13 20:38 - 001162240 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wscui.cpl
2010-11-20 22:24 - 2010-11-20 22:24 - 000577536 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\wsdapi.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000026112 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WSDCHNGR.DLL
2009-07-13 19:39 - 2009-07-13 20:41 - 000224768 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\WSDMon.dll
2009-07-13 19:39 - 2009-07-13 20:41 - 000069632 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\WSDPrintProxy.dll
2009-07-13 19:35 - 2009-07-13 20:41 - 000067072 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WSDScanProxy.dll
2009-07-13 19:35 - 2009-07-13 20:41 - 000262144 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WSDScDrv.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wshbth.dll
2009-07-13 18:21 - 2009-07-13 20:41 - 000013824 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wship6.dll
2009-07-13 18:21 - 2009-07-13 20:41 - 000013312 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wshtcpip.dll
2018-04-10 13:51 - 2018-03-06 13:07 - 000067072 _____ (Microsoft Corporation) [File not signed] C:\windows\System32\wsnmp32.dll
2009-07-13 19:10 - 2009-07-13 20:41 - 000018432 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WSOCK32.dll
2009-07-13 19:17 - 2009-07-13 20:41 - 000054272 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\WTSAPI32.dll
2020-03-22 22:59 - 2019-12-10 03:16 - 000709120 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\wuapi.dll
2020-03-22 22:59 - 2019-12-10 03:17 - 002651136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng.dll
2016-04-03 14:09 - 2012-07-25 22:08 - 000194048 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\WUDFPlatform.dll
2016-04-03 14:09 - 2012-07-25 22:08 - 000084992 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wudfsvc.dll
2016-04-03 14:09 - 2012-07-25 22:08 - 000744448 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\WUDFx.dll
2009-07-13 19:12 - 2009-07-13 20:41 - 000368640 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wwanapi.dll
2009-07-13 19:12 - 2009-07-13 20:41 - 000036352 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\wwapi.dll
2019-08-14 19:54 - 2019-07-13 03:32 - 000198656 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\XmlLite.dll
2009-07-13 18:59 - 2009-07-13 20:41 - 000059392 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\XOLEHLP.dll
2018-07-11 21:24 - 2018-06-08 11:21 - 000369664 _____ (Microsoft Corporation) [File not signed] C:\windows\system32\zipfldr.dll
2020-03-22 23:00 - 2020-01-02 22:37 - 000644096 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\ADVAPI32.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000010752 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003584 ____H (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000002560 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000005632 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003072 ____H (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000009728 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000004096 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
2016-04-01 11:54 - 2016-04-01 11:54 - 000003072 ____H (Microsoft Corporation) [File not signed] C:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
2009-07-13 19:14 - 2009-07-13 20:14 - 000070144 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\ATL.DLL
2020-03-22 23:00 - 2020-01-02 22:38 - 000082944 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\bcrypt.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000073216 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\Cabinet.dll
2016-04-01 08:11 - 2011-05-24 05:39 - 000145920 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\CFGMGR32.dll
2009-07-13 18:44 - 2009-07-13 20:15 - 000522240 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\CLBCatQ.DLL
2010-11-20 22:23 - 2010-11-20 22:23 - 000485888 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\COMDLG32.dll
2020-03-22 22:59 - 2019-12-10 03:38 - 001177088 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\CRYPT32.dll
2020-03-22 23:00 - 2020-01-02 22:02 - 000036352 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\CRYPTBASE.dll
2020-03-22 23:00 - 2019-11-14 21:29 - 000010240 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\DCIMAN32.dll
2009-07-13 18:27 - 2009-07-13 20:15 - 000531968 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\DDRAW.dll
2009-07-13 18:28 - 2009-07-13 20:15 - 000030208 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\ddrawex.dll
2016-04-01 08:11 - 2011-05-24 05:40 - 000064512 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\DEVOBJ.dll
2019-08-14 19:54 - 2019-07-13 03:33 - 000043520 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\dhcpcsvc6.DLL
2009-07-13 18:22 - 2009-07-13 20:15 - 000041984 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\fdPnp.dll
2018-09-11 16:37 - 2018-08-10 10:40 - 000463360 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\FirewallAPI.dll
2009-07-13 18:22 - 2009-07-13 20:15 - 000167424 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\FunDisc.dll
2020-03-22 23:00 - 2019-11-27 22:29 - 000313344 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\GDI32.dll
2020-03-22 23:00 - 2019-12-16 18:56 - 013838336 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\ieframe.dll
2020-03-22 23:00 - 2019-12-16 19:33 - 002304000 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\iertutil.dll
2016-04-01 08:09 - 2013-10-18 20:36 - 000159232 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\imagehlp.dll
2020-03-22 23:00 - 2019-12-16 19:03 - 004112384 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\jscript9.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 001114112 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\kernel32.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 000275968 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\KERNELBASE.dll
2020-03-22 23:00 - 2019-11-14 21:29 - 000025600 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\LPK.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000034304 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\MSASN1.dll
2019-09-11 09:31 - 2019-08-28 21:52 - 000836608 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\MSCTF.dll
2009-07-13 18:12 - 2009-07-13 20:15 - 000305152 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\msdelta.dll
2020-03-22 23:00 - 2019-12-16 19:52 - 020290048 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\mshtml.dll
2019-12-02 16:48 - 2019-11-05 16:25 - 002368000 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\msi.dll
2016-04-01 08:11 - 2011-12-16 02:52 - 000690688 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\msvcrt.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000406528 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\netcfgx.dll
2009-07-13 18:15 - 2009-07-13 20:09 - 000002048 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\normaliz.DLL
2017-09-22 07:56 - 2017-08-11 01:19 - 000008704 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\NSI.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000573440 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\odbc32.dll
2009-07-13 19:11 - 2009-07-13 20:09 - 000229376 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\odbcint.dll
2020-03-22 23:00 - 2019-11-14 21:29 - 001425920 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\ole32.dll
2020-03-22 23:00 - 2019-11-14 21:29 - 000583680 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\OLEAUT32.dll
2009-07-13 18:16 - 2009-07-13 20:16 - 000145408 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\powrprof.dll
2009-07-13 18:12 - 2009-07-13 20:16 - 000031744 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\profapi.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000988160 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\propsys.dll
2009-07-13 18:15 - 2009-07-13 20:16 - 000006144 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\PSAPI.DLL
2009-07-13 18:29 - 2009-07-13 20:16 - 000021504 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\qmgrprxy.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 000666112 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\RPCRT4.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 000254464 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\schannel.dll
2019-02-03 10:56 - 2018-10-26 22:27 - 000173568 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\scrobj.dll
2016-04-03 14:00 - 2015-05-25 13:01 - 000092160 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\sechost.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 001667584 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\SETUPAPI.dll
2009-07-13 18:15 - 2009-07-13 20:10 - 000002560 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\sfc.dll
2019-06-16 16:42 - 2019-05-24 18:59 - 012880384 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\SHELL32.dll
2010-11-20 22:23 - 2010-11-20 22:23 - 000350208 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\SHLWAPI.dll
2009-07-13 18:35 - 2009-07-13 20:16 - 000027136 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\slc.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 000096768 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\SspiCli.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 000505856 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\taskschd.dll
2016-04-03 13:58 - 2016-02-05 12:33 - 000015360 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\tbs.dll
2020-03-22 23:00 - 2019-12-16 18:39 - 001331712 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\urlmon.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 000834048 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\USER32.dll
2019-12-02 16:48 - 2019-11-05 16:25 - 000083968 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\USERENV.dll
2019-12-02 16:48 - 2019-11-05 16:25 - 000628224 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\USP10.dll
2016-05-22 15:05 - 2016-02-13 05:41 - 000669184 _____ (Microsoft Corporation) [File not signed] C:\windows\sysWOW64\wbem\FastProx.dll
2009-07-13 18:19 - 2009-07-13 20:16 - 000090112 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\wbem\WmiPerfClass.dll
2009-07-13 18:19 - 2009-07-13 20:16 - 000050176 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\wbem\WmiPerfInst.dll
2020-03-22 23:00 - 2020-01-02 22:38 - 000172032 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWOW64\wdigest.dll
2017-02-15 00:05 - 2016-03-09 13:40 - 000316416 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\webio.dll
2018-01-05 10:02 - 2017-12-31 21:00 - 000351744 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\WINHTTP.dll
2020-03-22 23:00 - 2019-12-16 18:43 - 004387840 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\Wininet.dll
2020-03-22 22:59 - 2019-12-10 03:38 - 000179712 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\WINTRUST.dll
2019-07-23 10:14 - 2019-06-28 00:23 - 000080896 _____ (Microsoft Corporation) [File not signed] C:\windows\SysWow64\wlanapi.dll
2017-09-22 07:56 - 2017-08-11 01:19 - 000271360 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\WLDAP32.dll
2017-02-15 00:07 - 2016-05-11 10:19 - 000206336 _____ (Microsoft Corporation) [File not signed] C:\windows\syswow64\WS2_32.dll
2020-03-22 22:59 - 2019-12-10 03:23 - 000573440 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\wuapi.dll
2020-03-22 22:59 - 2019-12-10 03:22 - 000030208 _____ (Microsoft Corporation) [File not signed] C:\Windows\SysWOW64\wups.dll
2016-04-01 08:11 - 2015-04-24 13:17 - 000633856 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\Comctl32.dll
2019-07-23 10:14 - 2019-06-04 13:57 - 002031616 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_e372d88f30fbb845\comctl32.dll
2020-03-22 23:00 - 2019-12-10 03:32 - 002180096 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_1459e0f08b91b367\gdiplus.dll
2016-10-21 13:13 - 2016-10-21 13:13 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL
2016-04-01 08:11 - 2015-04-24 12:56 - 000530432 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32.dll
2019-07-23 10:14 - 2019-06-04 14:07 - 001681920 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
2020-03-22 23:00 - 2019-12-10 03:38 - 001636864 _____ (Microsoft Corporation) [File not signed] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
2019-02-03 10:55 - 2018-08-13 16:49 - 001391856 _____ (Microsoft Windows -> Microsoft Corporation) [File not signed] c:\windows\system32\diagtrack.dll
2017-08-10 15:41 - 2017-08-10 15:41 - 000476672 _____ (Paragon Software) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\lsl_client.dll
2018-09-20 23:50 - 2012-11-06 13:31 - 000623616 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlLib.dll
2018-09-20 23:50 - 2012-09-13 08:25 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\IpLib.dll
2018-09-20 23:50 - 2012-05-07 13:23 - 000040960 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlICS.dll
2018-09-20 23:50 - 2012-10-12 09:25 - 000266240 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlIhvOid.dll
2018-09-20 23:50 - 2012-06-22 15:01 - 000044544 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlQRCode.dll
2019-11-22 10:02 - 2019-11-22 10:02 - 001899008 _____ (SQLite Development Team) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\sqlite3.dll
2015-09-25 16:34 - 2015-09-28 13:08 - 000255488 _____ (Sysprogs OU) [File not signed] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll
2017-06-01 10:40 - 2017-06-01 10:40 - 001209856 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\LIBEAY32.dll
2018-09-20 23:50 - 2009-07-23 16:32 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\LIBEAY32.dll
2016-06-10 09:30 - 2016-06-10 09:30 - 000990208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\platforms\qwindows.dll
2017-03-01 17:45 - 2017-03-01 17:45 - 004626432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Qt5Core.dll
2016-06-10 09:20 - 2016-06-10 09:20 - 004854784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Qt5Gui.dll
2016-06-10 09:26 - 2016-06-10 09:26 - 004439552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Qt5Widgets.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Version 11) (Whitelisted) ==========
 
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-2335114495-2311945624-3795076225-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000 -> {4775DB66-41FA-4B0B-ABC3-8AAB10549BE2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2335114495-2311945624-3795076225-501 -> {4775DB66-41FA-4B0B-ABC3-8AAB10549BE2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2019-06-20] (IObit Information Technology -> IObit)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {81F70B76-B644-491E-99DF-A9CE1F989EEF} hxxp://71.204.118.161:8080/SetupWebviewer.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2018-02-10] (Microsoft Corporation) [File not signed]
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2018-02-10] (Microsoft Corporation) [File not signed]
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll [2018-12-04] (Microsoft Corporation) [File not signed]
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\SysWOW64\itss.dll [2018-12-04] (Microsoft Corporation) [File not signed]
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\system32\inetcomm.dll [2018-05-11] (Microsoft Corporation) [File not signed]
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\SysWOW64\inetcomm.dll [2018-05-10] (Microsoft Corporation) [File not signed]
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll [2018-12-04] (Microsoft Corporation) [File not signed]
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\SysWOW64\itss.dll [2018-12-04] (Microsoft Corporation) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2018-02-10] (Microsoft Corporation) [File not signed]
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2018-02-10] (Microsoft Corporation) [File not signed]
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2019-12-16] (Microsoft Corporation) [File not signed]
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
IE trusted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2335114495-2311945624-3795076225-501\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\windows\system32\drivers\etc\hosts
 
2016-04-20 16:09 - 2016-04-20 16:11 - 000000442 _____ C:\windows\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%systemroot%\System32\WindowsPowerShell\v1.0\;%systemroot%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPTᬷ媜盰Ѽ;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-2335114495-2311945624-3795076225-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Adande\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2335114495-2311945624-3795076225-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\WEPSStaff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2335114495-2311945624-3795076225-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\KRK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2335114495-2311945624-3795076225-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2335114495-2311945624-3795076225-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6AED12FB-00C0-48CF-8243-7FC7B3C4BB1A}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{44EBD092-2FA8-4149-B1A3-55B1B455318A}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{F625268F-C5EE-4218-95D7-C23FACE64BFD}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{C45FF3B3-DB20-4D66-A61A-0084E7BE0184}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{DDAAADA7-A91B-4BA4-80AD-AAA0F44F33EF}] => (Allow) LPort=1542
FirewallRules: [{FAA8E2AF-8443-4AFD-A62D-E3A2D3E76325}] => (Allow) LPort=1542
FirewallRules: [{E2439DC0-4AAB-41F7-8AE1-B42B78BE7193}] => (Allow) LPort=53
FirewallRules: [{DC9889D1-18DD-47DC-A785-963BE0ABA347}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (Connectify (Connectify, Inc.) -> )
FirewallRules: [{2388CADD-C497-49A5-89C3-332661DDE377}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (Connectify (Connectify, Inc.) -> )
FirewallRules: [{6310CFAB-F200-4119-9098-AA86A60075EB}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (Connectify (Connectify, Inc.) -> )
FirewallRules: [{5505BFF7-FDA1-4992-B590-C4B9EB85306A}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (Connectify (Connectify, Inc.) -> )
FirewallRules: [{CD679F47-2546-4B18-A587-8A2221B49D29}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (Connectify (Connectify, Inc.) -> )
FirewallRules: [{7500F008-9040-4265-9CA8-F963FE72CD59}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe => No File
FirewallRules: [{CF05AFF8-EC77-489F-BFE1-22DEB1C4270B}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe => No File
FirewallRules: [{2B917B3B-0276-4560-93B6-BA0E810DD074}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{3D48D9F1-2CA5-4251-A1BC-5422AD8D8FD9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{F54FEC62-AB10-4D1B-AAAC-0AACBE07411F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{D97A9913-3245-44E1-A463-A71F974C5347}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{02D97A38-8239-4D4F-B68C-3289AD4300CB}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{7DD781BF-807E-4A64-9AD5-0B6650EB4A5C}] => (Allow) LPort=1542
FirewallRules: [{77D0BA03-098C-44D3-9706-B4D0D2ED66CF}] => (Allow) LPort=67
FirewallRules: [{AE91DD15-1C73-4645-80CD-53D708487616}] => (Allow) LPort=68
FirewallRules: [{8121C1D0-F8B2-437D-B87E-A0CF5DD06C52}] => (Allow) LPort=53
FirewallRules: [{908167E2-FB09-44CB-BB31-750E2374912E}] => (Allow) LPort=53
FirewallRules: [{50A55011-8E19-4478-AF67-12AB801843E8}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\Rtldhcp.exe (Realtek) [File not signed]
FirewallRules: [{6011E67C-AEFC-4DF8-A6A9-250F7EE86F19}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{A1F252D5-6EBB-48C5-9420-C5709EA7CF06}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{9A4B9349-7664-4E14-87F1-245857C89A4C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{033CC557-B388-4A3B-8376-5FEFBA576FA5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{112ED9B1-DA86-406C-AA25-A6F6E5FE4E10}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{70A8F0A9-601B-4E66-9A0C-45357837A9D7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{6210ABC7-971C-46B7-BADD-DB645FE72647}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{55D59022-527D-4517-92B0-768FEDCBD818}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{3145746C-B726-4E70-9157-65A3974F4BA7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{F1857613-C99F-4810-98AD-99E0AA36D603}] => (Allow) LPort=5357
FirewallRules: [{12C9696F-EB4C-43B2-8D60-CA5632E17C6B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{7BD1888A-B056-4BB8-B103-AAA7BEBCCDE3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{9086ADA5-DAAB-4710-9D6D-DC59F6F1F771}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{8B7BB813-9763-4BCA-A1A8-4ADAC70187E5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{4E336E3F-6842-4098-8CB0-4EF887AEC5F4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{8E6BD951-7DA6-43FC-B93D-24EF36B79C15}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{DBFCF58C-7B70-4186-B284-0EA8F985CD21}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{A45FE9B4-A858-44AB-85D6-9BD00C350384}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe (Nero AG -> )
FirewallRules: [TCP Query User{D1FDF0E3-2E3F-45B3-96C7-69B1A61FC902}C:\program files\second copy\seccopy.exe] => (Block) C:\program files\second copy\seccopy.exe (Centered Systems LLP -> Centered Systems)
FirewallRules: [UDP Query User{0AB878AE-9A6A-4AB6-9E40-49BA8F2569B3}C:\program files\second copy\seccopy.exe] => (Block) C:\program files\second copy\seccopy.exe (Centered Systems LLP -> Centered Systems)
 
==================== Restore Points =========================
 
20-02-2021 07:49:49 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/20/2021 08:36:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Error: (02/20/2021 08:36:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Error: (02/20/2021 08:36:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Error: (02/20/2021 08:36:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Error: (02/20/2021 08:36:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Error: (02/20/2021 08:36:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Error: (02/20/2021 08:36:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Error: (02/20/2021 08:36:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
 
System errors:
=============
Error: (02/20/2021 08:30:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 9 time(s).
 
Error: (02/20/2021 08:30:01 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.
 
Error: (02/20/2021 08:27:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 8 time(s).
 
Error: (02/20/2021 08:27:18 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.
 
Error: (02/20/2021 08:27:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error: 
%%-1906441657
 
Error: (02/20/2021 08:26:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 7 time(s).
 
Error: (02/20/2021 08:26:06 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147217025.
 
Error: (02/20/2021 08:25:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 6 time(s).
 
 
Windows Defender:
==================Γ==Event[0]:
 
Date: 2020-03-22 20:28:47.720
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2020-03-22 20:28:46.501
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2020-03-22 20:28:45.311
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2020-03-22 20:28:43.991
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2020-03-22 20:17:37.874
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_sonicwall-vpnplugin-appx_31bf3856ad364e35_6.3.9600.16408_none_b7740c49e0650820\MobileConnectVpnPluginApp.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2020-03-22 20:17:37.874
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_sonicwall-vpnplugin-appx_31bf3856ad364e35_6.3.9600.16408_none_b7740c49e0650820\MobileConnectVpnPluginApp.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2020-03-22 20:17:37.874
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_sonicwall-vpnplugin-appx_31bf3856ad364e35_6.3.9600.16408_none_b7740c49e0650820\MobileConnectVpnPluginApp.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2020-03-22 20:17:37.859
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_sonicwall-vpnplugin-appx_31bf3856ad364e35_6.3.9600.16408_none_b7740c49e0650820\MobileConnectVpnPluginApp.exe because the set of per-page image hashes could not be found on the system.
 
Date: 2020-03-22 20:17:37.812
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_sonicwall-vpnplugin-appx_31bf3856ad364e35_6.3.9600.16408_none_b7740c49e0650820\MobileConnectVpnPluginAppBg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2020-03-22 20:06:23.195
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.3.9600.17415_none_04bcc3084936a7f6\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
Event[10]:
 
Date: 2020-03-22 20:06:22.039
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.3.9600.17415_none_04bcc3084936a7f6\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
Event[11]:
 
Date: 2020-03-22 20:06:20.866
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.3.9600.17415_none_04bcc3084936a7f6\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
E v e n t [ 0 ] : 
 
     L o g   N a m e :   M i c r o s o f t - W i n d o w s - W i n d o w s   D e f e n d e r / O p e r a t i o n a l 
 
     S o u r c e :   M i c r o s o f t - W i n d o w s - W i n d o w s   D e f e n d e r 
 
     D a t e :   2 0 1 8 - 0 7 - 1 9 T 0 4 : 1 9 : 2 6 . 7 9 8 
 
     E v e n t   I D :   1 0 0 5 
 
     T a s k :   N / A 
 
     L e v e l :   E r r o r 
 
     O p c o d e :   I n f o 
 
     K e y w o r d :   N / A 
 
     U s e r :   S - 1 - 5 - 1 8 
 
     U s e r   N a m e :   N T   A U T H O R I T Y \ S Y S T E M 
 
     C o m p u t e r :   5 5 5 8 i 7 W i n 7 8 1 0 P r o 
 
     D e s c r i p t i o n :   
 
 W i n d o w s   D e f e n d e r   s c a n   h a s   e n c o u n t e r e d   a n   e r r o r   a n d   t e r m i n a t e d . 
 
    S c a n   I D : { 3 B A D 5 F 4 F - C 8 4 8 - 4 1 B 6 - 8 4 0 D - B 1 9 B 7 7 F D 4 6 5 3 } 
 
    S c a n   T y p e : A n t i S p y w a r e 
 
    S c a n   P a r a m e t e r s : Q u i c k   S c a n 
 
    U s e r : N T   A U T H O R I T Y \ N E T W O R K   S E R V I C E 
 
    E r r o r   C o d e : 0 x 8 0 5 0 8 0 0 d 
 
    E r r o r   d e s c r i p t i o n : S o m e   h i s t o r y   i t e m s   c o u l d   n o t   b e   d i s p l a y e d .   P l e a s e   w a i t   a   f e w   m i n u t e s   a n d   t r y   a g a i n .   I f   t h a t   d o e s n ' t   w o r k ,   c l e a r   t h e   h i s t o r y   a n d   t h e n   t r y   a g a i n .   
 
 
 
 E v e n t [ 1 ] : 
 
     L o g   N a m e :   M i c r o s o f t - W i n d o w s - W i n d o w s   D e f e n d e r / O p e r a t i o n a l 
 
     S o u r c e :   M i c r o s o f t - W i n d o w s - W i n d o w s   D e f e n d e r 
 
     D a t e :   2 0 1 8 - 0 7 - 1 1 T 2 2 : 2 6 : 5 3 . 0 0 7 
 
     E v e n t   I D :   2 0 0 1 
 
     T a s k :   N / A 
 
     L e v e l :   E r r o r 
 
     O p c o d e :   I n f o 
 
     K e y w o r d :   N / A 
 
     U s e r :   S - 1 - 5 - 1 8 
 
     U s e r   N a m e :   N T   A U T H O R I T Y \ S Y S T E M 
 
     C o m p u t e r :   5 5 5 8 i 7 W i n 7 8 1 0 P r o 
 
     D e s c r i p t i o n :   
 
 W i n d o w s   D e f e n d e r   h a s   e n c o u n t e r e d   a n   e r r o r   t r y i n g   t o   u p d a t e   s i g n a t u r e s . 
 
    N e w   S i g n a t u r e   V e r s i o n : 1 . 2 7 1 . 7 5 1 . 0 
 
    P r e v i o u s   S i g n a t u r e   V e r s i o n : 1 . 2 6 9 . 1 0 7 5 . 0 
 
    U p d a t e   S o u r c e : U s e r 
 
    S i g n a t u r e   T y p e : A n t i S p y w a r e 
 
    U p d a t e   T y p e : D e l t a 
 
    U s e r : N T   A U T H O R I T Y \ S Y S T E M 
 
    C u r r e n t   E n g i n e   V e r s i o n : 1 . 1 . 1 5 0 0 0 . 2 
 
    P r e v i o u s   E n g i n e   V e r s i o n : 1 . 1 . 1 4 9 0 1 . 4 
 
    E r r o r   c o d e : 0 x 8 0 0 7 0 6 6 6 
 
    E r r o r   d e s c r i p t i o n : A n o t h e r   v e r s i o n   o f   t h i s   p r o d u c t   i s   a l r e a d y   i n s t a l l e d .   I n s t a l l a t i o n   o f   t h i s   v e r s i o n   c a n n o t   c o n t i n u e .   T o   c o n f i g u r e   o r   r e m o v e   t h e   e x i s t i n g   v e r s i o n   o f   t h i s   p r o d u c t ,   u s e   A d d / R e m o v e   P r o g r a m s   o n   t h e   C o n t r o l   P a n e l .   
 
 
 
 E v e n t [ 2 ] : 
 
     L o g   N a m e :   M i c r o s o f t - W i n d o w s - W i n d o w s   D e f e n d e r / O p e r a t i o n a l 
 
     S o u r c e :   M i c r o s o f t - W i n d o w s - W i n d o w s   D e f e n d e r 
 
     D a t e :   2 0 1 8 - 0 7 - 1 1 T 2 2 : 2 6 : 5 2 . 9 9 1 
 
     E v e n t   I D :   2 0 0 3 
 
     T a s k :   N / A 
 
     L e v e l :   E r r o r 
 
     O p c o d e :   I n f o 
 
     K e y w o r d :   N / A 
 
     U s e r :   S - 1 - 5 - 1 8 
 
     U s e r   N a m e :   N T   A U T H O R I T Y \ S Y S T E M 
 
     C o m p u t e r :   5 5 5 8 i 7 W i n 7 8 1 0 P r o 
 
     D e s c r i p t i o n :   
 
 W i n d o w s   D e f e n d e r   h a s   e n c o u n t e r e d   a n   e r r o r   t r y i n g   t o   u p d a t e   t h e   e n g i n e . 
 
    N e w   E n g i n e   V e r s i o n : 1 . 1 . 1 5 0 0 0 . 2 
 
    P r e v i o u s   E n g i n e   V e r s i o n : 1 . 1 . 1 4 9 0 1 . 4 
 
    U p d a t e   S o u r c e : U s e r 
 
    U s e r : N T   A U T H O R I T Y \ S Y S T E M 
 
    E r r o r   C o d e : 0 x 8 0 0 7 0 6 6 6 
 
    E r r o r   d e s c r i p t i o n : A n o t h e r   v e r s i o n   o f   t h i s   p r o d u c t   i s   a l r e a d y   i n s t a l l e d .   I n s t a l l a t i o n   o f   t h i s   v e r s i o n   c a n n o t   c o n t i n u e .   T o   c o n f i g u r e   o r   r e m o v e   t h e   e x i s t i n g   v e r s i o n   o f   t h i s   p r o d u c t ,   u s e   A d d / R e m o v e   P r o g r a m s   o n   t h e   C o n t r o l   P a n e l .   
 
 
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A15 02/02/2018
Motherboard: Dell Inc. 0V7MX2
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 12198.38 MB
Available physical RAM: 8850.26 MB
Total Virtual: 24394.91 MB
Available Virtual: 20846.09 MB
 
==================== Drives ================================
 
Drive c: (Store7) (Fixed) (Total:200.2 GB) (Free:84.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Store10H) (Fixed) (Total:54.06 GB) (Free:28.8 GB) NTFS
Drive e: (PSE 11) (CDROM) (Total:2.7 GB) (Free:0 GB) CDFS
Drive f: (Win10Pro) (Fixed) (Total:200.2 GB) (Free:106.71 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Store8) (Fixed) (Total:200.2 GB) (Free:33.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (Storage) (Fixed) (Total:2921.71 GB) (Free:781.03 GB) NTFS
Drive u: () (Removable) (Total:14.82 GB) (Free:0.03 GB) FAT32
 
\\?\Volume{b84f986e-1684-4eac-8f21-37ed96841842}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.11 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 14.8 GB) (Disk ID: 896626E1)
Partition 1: (Not Active) - (Size=14.8 GB) - (Type=0C)
 
==================== End of Addition.txt =======================

 

Attached Files


  • 0

#4
RKinner
Posted 20 February 2021 - 08:31 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP

Didn't help.  Speccy is not that happy with your hard drive:

 

C4 Reallocation Event Count    100 (100) Data 0000000026
                  ...
C6 Uncorrectable Sector Count    100 (100) Data 0000000004

 

When you see a reallocation event  that means a sector on the hard drive is no longer usable and the drive has switched to using a spare sector.  Data that was stored in the sector may be lost in the process.

Uncorrectable Sectors indicate failed sectors which have not been replaced.

 

I think you need to do a disk check:

 


1. Double-click Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on  Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application.

 

Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

I don't think much of SuperAntiSpyware but just in case the blind chicken found a corn let;s

 

Multiple replies are OK.  Best to post a log as you get it.

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:
 

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

 


Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Please create and attach a new speccy log as before.  I want to see if the hard drive has gotten any worse.


  • 0

#5
mrsawyer
Posted 20 February 2021 - 09:52 PM

mrsawyer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hello Again,

 

I'd run the sfc command a couple of weeks ago, with no errors found. I ran it again tonight and received the message: "Windows resource protection did not find any integrity violations"

I missed the results of the chkdsk, so I had to rerun it. The results were clean, as displayed below.

 

Volume label is Store7.
 
Stage 1: Examining basic file system structure ...
                                                                                                                                                                  319232 file records processed.                                                
File verification completed.
                                                                                                                                                                  1611 large file records processed.
                                                                                                                                                                  0 bad file records processed.
 
Stage 2: Examining file name linkage ...
                                                                                                                                                                  1170 reparse records processed.
                                                                                                                                                                  415974 index entries processed.                                               
Index verification completed.
                                                                                                                                                                  0 unindexed files scanned.
                                                                                                                                                                  0 unindexed files recovered to lost and found.
                                                                                                                                                                  1170 reparse records processed.
 
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                                                                                                  48372 data files processed.
CHKDSK is verifying Usn Journal...
                                                                                                                                                                  35638528 USN bytes processed.                                                 
Usn Journal verification completed.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 209919999 KB total disk space.
 118404588 KB in 265846 files.
    167320 KB in 48373 indexes.
         0 KB in bad sectors.
    371219 KB in use by the system.
      8192 KB occupied by the log file.
  90976872 KB available on disk.
 
      4096 bytes in each allocation unit.
  52479999 total allocation units on disk.
  22744218 allocation units available on disk.
 
I also copied the Windows 7 partition from my SSD to a backup file, deleted the partition, and restored it to the SSD.
 
I reran my "blind chicken" which found the same corn again. A different process stopped that required a shutdown.
 
I'm still working on the Event viewer stuff you asked me run.
Thanks for your help, and good night for now.
mrsawyer

  • 0

#6
mrsawyer
Posted 28 February 2021 - 03:22 AM

mrsawyer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hello,

Interesting that VEW has Windows 2008 at the top, but here are the System and Application logs.

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 28/02/2021 3:38:22 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/02/2019 8:01:33 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SCH-I545AYM (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 02/02/2019 8:01:33 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.
 
Log: 'System' Date/Time: 02/02/2019 7:00:54 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SCH-I545AYM (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 02/02/2019 7:00:53 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.
 
Log: 'System' Date/Time: 02/02/2019 6:17:43 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SCH-I545AYM (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 02/02/2019 6:17:43 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/02/2021 8:37:04 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 37 time(s).
 
Log: 'System' Date/Time: 28/02/2021 8:37:04 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
 
Log: 'System' Date/Time: 28/02/2021 8:36:45 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 36 time(s).
 
Log: 'System' Date/Time: 28/02/2021 8:36:45 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
 
Log: 'System' Date/Time: 28/02/2021 8:34:34 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 35 time(s).
 
Log: 'System' Date/Time: 28/02/2021 8:34:34 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
 
Log: 'System' Date/Time: 28/02/2021 8:34:16 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 34 time(s).
 
Log: 'System' Date/Time: 28/02/2021 8:34:16 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
 
Log: 'System' Date/Time: 28/02/2021 8:17:53 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 33 time(s).
 
Log: 'System' Date/Time: 28/02/2021 8:17:53 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
 
Log: 'System' Date/Time: 28/02/2021 7:54:54 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 32 time(s).
 
Log: 'System' Date/Time: 28/02/2021 7:54:54 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
 
Log: 'System' Date/Time: 28/02/2021 7:53:59 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 31 time(s).
 
Log: 'System' Date/Time: 28/02/2021 7:53:59 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
 
Log: 'System' Date/Time: 28/02/2021 7:53:53 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 30 time(s).
 
Log: 'System' Date/Time: 28/02/2021 7:53:53 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
 
Log: 'System' Date/Time: 28/02/2021 7:53:50 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 29 time(s).
 
Log: 'System' Date/Time: 28/02/2021 7:53:50 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
 
Log: 'System' Date/Time: 28/02/2021 7:53:31 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 28 time(s).
 
Log: 'System' Date/Time: 28/02/2021 7:53:31 AM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-2147217025.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/02/2021 7:13:47 AM
Type: Warning Category: 0
Event: 3 Source: BTHUSB
A command sent to the adapter has timed out. The adapter did not respond.
 
Log: 'System' Date/Time: 28/02/2021 6:52:51 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 28/02/2021 6:52:50 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\PARAGONBLOCKDEVICE\0000.
 
Log: 'System' Date/Time: 28/02/2021 6:46:53 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name updates.superantispyware.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 28/02/2021 6:46:22 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name cm1.zonealarm.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 28/02/2021 6:00:35 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 28/02/2021 6:00:34 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\PARAGONBLOCKDEVICE\0000.
 
Log: 'System' Date/Time: 21/02/2021 12:49:21 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name cm1.zonealarm.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 20/02/2021 10:04:21 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 20/02/2021 10:04:19 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\PARAGONBLOCKDEVICE\0000.
 
Log: 'System' Date/Time: 20/02/2021 8:48:21 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 20/02/2021 8:48:21 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 20/02/2021 8:33:12 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 20/02/2021 1:22:38 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 20/02/2021 1:22:36 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\PARAGONBLOCKDEVICE\0000.
 
Log: 'System' Date/Time: 20/02/2021 1:20:33 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name crl.microsoft.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 20/02/2021 1:16:24 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name hs2.zonelabs.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 20/02/2021 12:19:34 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 20/02/2021 12:19:32 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device Root\PARAGONBLOCKDEVICE\0000.
 
Log: 'System' Date/Time: 20/02/2021 12:16:56 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name sdk-file.ksn.kaspersky-labs.com timed out after none of the configured DNS servers responded.
 
=========================================================================================================================
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 28/02/2021 3:47:22 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/02/2021 8:45:41 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:45:41 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:45:41 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:45:41 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:45:41 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:45:41 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:45:38 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:45:38 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:18 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:18 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:18 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:18 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:18 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:18 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:18 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:18 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:18 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:18 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:16 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
Log: 'Application' Date/Time: 28/02/2021 8:37:16 AM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/02/2021 7:50:15 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:50:13 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:48:53 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:48:50 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:46:18 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:46:08 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:46:04 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:45:00 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:44:54 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:44:51 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:44:23 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:44:20 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:43:50 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:43:47 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:43:43 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:43:40 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:43:36 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:26:35 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:17:22 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 
 
 
Log: 'Application' Date/Time: 28/02/2021 7:17:18 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. 

  • 0

#7
mrsawyer
Posted 28 February 2021 - 03:23 AM

mrsawyer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 95.89 0 K 24 K 0
procexp64.exe 1.05 35,340 K 58,824 K 7092 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 0.47 0 K 0 K n/a Hardware Interrupts and DPCs
svchost.exe 0.35 5,596 K 12,932 K 972 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 0.30 14,560 K 30,232 K 1080 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SynTPEnh.exe 0.26 8,536 K 16,712 K 4580 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
RtWLan.exe 0.25 10,412 K 17,596 K 5256 RtWLan Realtek Semiconductor Corp. (No signature was present in the subject) Realtek Semiconductor Corp.
UninstallMonitor.exe 0.22 27,872 K 29,896 K 6736 UninstallerMonitor IObit (Verified) IObit Information Technology
ZAPrivacyService.exe 0.17 24,416 K 23,072 K 3000 ZAPrivacyService Check Point Software Technologies, Ltd. (Verified) Check Point Software Technologies Ltd.
explorer.exe 0.14 70,516 K 103,760 K 1936 Windows Explorer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
dwm.exe 0.12 34,020 K 31,636 K 4292 Desktop Window Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
oldmcdonald.exe 0.12 10,208 K 3,528 K 5888 Old McDonald Old McDonald's Farm (No signature was present in the subject) Old McDonald's Farm
System 0.11 304 K 7,832 K 4
csrss.exe 0.09 3,720 K 32,228 K 748 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
chrome.exe 0.09 297,964 K 327,176 K 1208 Google Chrome Google Inc. (Verified) Google Inc
billy.exe 0.08 8,092 K 2,952 K 6096 Billy The Goat Old McDonald's Farm (No signature was present in the subject) Old McDonald's Farm
chrome.exe 0.06 106,496 K 165,060 K 6612 Google Chrome Google Inc. (Verified) Google Inc
vsmon.exe 0.05 236,248 K 354,828 K 1660 ZoneAlarm Check Point Software Technologies Ltd. (Verified) Check Point Software Technologies Ltd.
svchost.exe 0.03 8,340 K 14,804 K 4684 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
DSAPI.exe 0.02 99,480 K 119,196 K 2476 PC-Doctor Dell SupportAssist API PC-Doctor, Inc. (Verified) PC-Doctor, Inc.
ThreatEmulation.exe 0.02 62,488 K 44,972 K 6020 ThreatEmulation Check Point Software Technologies, Ltd. (Verified) Check Point Software Technologies Ltd.
svchost.exe 0.01 23,788 K 20,404 K 1600 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SupportAssistAgent.exe 0.01 573,620 K 106,776 K 6228 Service Dell Inc. (Verified) Dell Inc.
SecCopy.exe 0.01 11,000 K 23,664 K 4828 SecCopy Centered Systems (Verified) Centered Systems LLP
iusb3mon.exe 0.01 2,656 K 6,932 K 5868 iusb3mon Intel Corporation (Verified) Intel Corporation - Software and Firmware Products
chrome.exe < 0.01 71,588 K 91,488 K 9100 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 26,576 K 25,408 K 648 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
OfficeClickToRun.exe < 0.01 24,468 K 43,428 K 1416 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
chrome.exe < 0.01 86,156 K 124,504 K 6508 Google Chrome Google Inc. (Verified) Google Inc
Paragon HFS for Windows.exe < 0.01 8,000 K 1,740 K 5680 Graphic user interface for Paragon HFS for Windows mounter Paragon Software (Verified) Paragon Software GmbH
ServiceShell.exe < 0.01 41,864 K 55,488 K 2104 ServiceShell (Verified) Dell Inc
svchost.exe < 0.01 31,984 K 45,560 K 1120 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
adb.exe < 0.01 2,692 K 6,600 K 5456 (Verified) Nero AG
WavesSvc64.exe < 0.01 2,396 K 6,388 K 5036 Waves MaxxAudio Service Application Waves Audio Ltd. (Verified) Waves Inc
HSMServiceEntry.exe < 0.01 3,760 K 8,708 K 2372 NService Application Nero AG (Verified) Nero AG
SASCore64.exe < 0.01 1,636 K 4,292 K 1876 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com
EvtEng.exe < 0.01 5,812 K 14,440 K 2244 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation
csrss.exe < 0.01 3,052 K 5,984 K 676 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
spoolsv.exe < 0.01 20,788 K 32,780 K 1284 Spooler SubSystem App Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe < 0.01 6,836 K 11,760 K 600 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
zatray.exe < 0.01 48,240 K 5,424 K 5964 ZoneAlarm Check Point Software Technologies Ltd. (Verified) Check Point Software Technologies Ltd.
ICM-Service-NET.exe < 0.01 30,360 K 40,744 K 2880 ZoneAlarm ICM Service NET Check Point Software Technologies Ltd. (Verified) Check Point Software Technologies Ltd.
svchost.exe < 0.01 7,968 K 16,008 K 2788 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
apmwinsrv.exe < 0.01 1,996 K 6,356 K 1976 (Verified) Paragon Software GmbH
dllhost.exe < 0.01 4,444 K 11,604 K 4480 COM Surrogate Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe < 0.01 190,536 K 201,236 K 1040 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe < 0.01 21,100 K 30,912 K 3196 WMI Provider Host Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
PhotoshopElementsFileAgent.exe < 0.01 3,516 K 2,048 K 5088 Adobe Photoshop Elements 11.0 (component) Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
ZeroConfigService.exe 6,072 K 16,220 K 3060 Intel® PROSet/Wireless Zero Configure Service Intel® Corporation (Verified) Intel Corporation
WUDFHost.exe 2,180 K 6,412 K 4840 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WUDFHost.exe 23,040 K 28,268 K 5184 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe 4,228 K 9,600 K 7948 WMI Provider Host Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wlanext.exe 6,764 K 17,972 K 1748 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 3,336 K 8,188 K 840 Windows Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wininit.exe 1,680 K 4,904 K 724 Windows Start-Up Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WavesSysSvc64.exe 2,804 K 6,716 K 2848 WavesSysSvc Service Application Waves Audio Ltd. (Verified) Waves Inc
unsecapp.exe 1,792 K 5,984 K 2508 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
taskhost.exe 11,648 K 12,168 K 5108 Host Process for Windows Tasks Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
taskeng.exe 2,432 K 7,160 K 5488 Task Scheduler Engine Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SynTPHelper.exe 1,364 K 3,792 K 5580 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 10,872 K 15,204 K 1432 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 3,116 K 8,184 K 1244 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 4,312 K 7,960 K 2212 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 2,060 K 6,148 K 4796 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,352 K 4,128 K 2604 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 2,224 K 6,264 K 4540 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,400 K 4,216 K 2520 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ss_conn_service.exe 1,856 K 5,004 K 2760 MSS CS Connectivity Service DEVGURU Co., LTD. (Verified) Samsung Electronics CO., LTD.
smss.exe 576 K 1,380 K 428 Windows Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
services.exe 7,316 K 11,936 K 792 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ScVssService64.exe 1,584 K 4,264 K 2724 ScVssService64 Centered Systems (Verified) Centered Systems LLP
ScanToPCActivationApp.exe 4,264 K 13,468 K 5188 ScanToPCActivationApp Hewlett-Packard Development Company, LP (Verified) Hewlett Packard
RtlService.exe 2,320 K 5,000 K 2624 Realtek RtlService Application Realtek Semiconductor Corp. (No signature was present in the subject) Realtek Semiconductor Corp.
RtkNGUI64.exe 14,056 K 12,212 K 1264 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 2,040 K 5,828 K 1364 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RegSrvc.exe 2,428 K 8,132 K 2688 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation
RAVBg64.exe 14,864 K 12,520 K 1496 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 14,328 K 11,668 K 1504 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 16,256 K 13,816 K 1576 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 4,560 K 9,320 K 8136 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 32,508 K 30,148 K 4252 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
PdaNetPC.exe 15,656 K 33,960 K 5304 (Verified) June Fabrics Technology Inc.
PassThruSvr.exe 1,464 K 3,856 K 2544 PassThruSvr Application (No signature was present in the subject)
obexsrv.exe 4,160 K 8,804 K 5572 Bluetooth OBEX Service Motorola Solutions, Inc. (Verified) Intel® Wireless Connectivity Solutions
notepad.exe 1,964 K 7,116 K 5512 Notepad Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
NASvc.exe 3,248 K 7,736 K 6652 NeroUpdate Nero AG (Verified) Nero AG
msdtc.exe 3,748 K 8,536 K 4900 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
mediasrv.exe 11,496 K 12,184 K 2404 Bluetooth Media Service Motorola Solutions, Inc. (Verified) Intel® Wireless Connectivity Solutions
lsm.exe 3,064 K 5,172 K 824 Local Session Manager Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
lsass.exe 5,008 K 13,588 K 808
LMS.exe 4,740 K 11,532 K 6152 Intel® Local Management Service Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
jhi_service.exe 2,076 K 5,484 K 4692 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
igfxTray.exe 3,808 K 9,612 K 1036 (Verified) Intel® pGFX
igfxHK.exe 2,780 K 8,408 K 1332 igfxHK Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 3,984 K 10,992 K 460 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 2,308 K 8,168 K 1324 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
ibtsiva.exe 1,496 K 4,896 K 2392 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel® Wireless Connectivity Solutions
Ext2Srv.exe 1,132 K 3,920 K 2284 Ext2Fsd Service Management www.ext2fsd.com (Verified) Beijing NormalSoft technology Co.,Ltd.
devmonsrv.exe 4,608 K 9,256 K 4136 Bluetooth Device Monitor Motorola Solutions, Inc. (Verified) Intel® Wireless Connectivity Solutions
DDVRulesProcessor.exe 17,244 K 12,496 K 4376 Dell Data Vault Rules Processor Dell Inc. (Verified) Dell Technologies Inc.
DDVDataCollector.exe 20,792 K 21,184 K 692 Dell Data Vault Data Collector Service Dell Inc. (Verified) Dell Technologies Inc.
DDVCollectorSvcApi.exe 1,708 K 5,796 K 6728 Dell Data Vault Data Collector Service API Dell Inc. (Verified) Dell Technologies Inc.
conhost.exe 1,092 K 3,240 K 1756 Console Window Host Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
chrome.exe 76,936 K 101,264 K 7700 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 98,032 K 107,220 K 8168 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 79,552 K 107,940 K 6844 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,544 K 6,332 K 5612 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,740 K 6,992 K 4568 Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 20,248 K 21,516 K 6520 Windows Audio Device Graph Isolation Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
Antitheft.exe 5,896 K 10,728 K 3248 ZoneAlarm Anti-theft Service Check Point Software Technologies Ltd. (Verified) Check Point Software Technologies Ltd.
AkSA.exe 3,280 K 1,180 K 3976 ZoneAlarm AntiKeylogger Check Point Software Technologies LTD (Verified) Check Point Software Technologies Ltd.

  • 0

#8
mrsawyer
Posted 28 February 2021 - 03:25 AM

mrsawyer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

The junk file you had me create ----

 

 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       428 N/A                                         
csrss.exe                      676 N/A                                         
wininit.exe                    724 N/A                                         
csrss.exe                      748 N/A                                         
services.exe                   792 N/A                                         
lsass.exe                      808 EFS, KeyIso, SamSs, VaultSvc                
lsm.exe                        824 N/A                                         
winlogon.exe                   840 N/A                                         
svchost.exe                    972 DcomLaunch, PlugPlay, Power                 
svchost.exe                    600 RpcEptMapper, RpcSs                         
svchost.exe                    648 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc   
svchost.exe                   1040 AudioEndpointBuilder, IPBusEnum, Netman,    
                                   PcaSvc, SysMain, TrkWks, UxSms, Wlansvc,    
                                   wudfsvc                                     
svchost.exe                   1080 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, SstpSvc, WdiServiceHost                
svchost.exe                   1120 AeLookupSvc, Appinfo, BITS, Browser,        
                                   EapHost, IKEEXT, LanmanServer, MMCSS,       
                                   ProfSvc, RasMan, Schedule, SENS,            
                                   ShellHWDetection, Themes, Winmgmt, wuauserv 
svchost.exe                   1244 gpsvc                                       
igfxCUIService.exe            1324 igfxCUIService2.0.0.0                       
RtkAudioService64.exe         1364 RtkAudioService                             
RAVBg64.exe                   1496 N/A                                         
RAVBg64.exe                   1504 N/A                                         
svchost.exe                   1600 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc, TapiSrv, TermService                
vsmon.exe                     1660 vsmon                                       
wlanext.exe                   1748 N/A                                         
conhost.exe                   1756 N/A                                         
spoolsv.exe                   1284 Spooler                                     
svchost.exe                   1432 BFE, DPS, MpsSvc                            
SASCore64.exe                 1876 !SASCORE                                    
apmwinsrv.exe                 1976 apmwinsrv                                   
OfficeClickToRun.exe          1416 ClickToRunSvc                               
ServiceShell.exe              2104 DellClientManagementService                 
svchost.exe                   2212 DiagTrack                                   
EvtEng.exe                    2244 EvtEng                                      
Ext2Srv.exe                   2284 Ext2Srv                                     
HSMServiceEntry.exe           2372 HTCMonitorService                           
ibtsiva.exe                   2392 iBtSiva                                     
svchost.exe                   2520 Net Driver HPZ12                            
PassThruSvr.exe               2544 PassThru Service                            
svchost.exe                   2604 Pml Driver HPZ12                            
RtlService.exe                2624 RealtekCU                                   
RegSrvc.exe                   2688 RegSrvc                                     
ScVssService64.exe            2724 ScVssService64                              
ss_conn_service.exe           2760 ss_conn_service                             
svchost.exe                   2788 stisvc                                      
WavesSysSvc64.exe             2848 WavesSysSvc                                 
ICM-Service-NET.exe           2880 ZA NET ICM Service                          
ZAPrivacyService.exe          3000 ZAPrivacyService                            
ZeroConfigService.exe         3060 ZeroConfigService                           
unsecapp.exe                  2508 N/A                                         
WmiPrvSE.exe                  3196 N/A                                         
dllhost.exe                   4480 COMSysApp                                   
svchost.exe                   4540 bthserv                                     
svchost.exe                   4796 PolicyAgent                                 
WUDFHost.exe                  4840 N/A                                         
msdtc.exe                     4900 MSDTC                                       
taskhost.exe                  5108 N/A                                         
PresentationFontCache.exe     4252 FontCache3.0.0.0                            
dwm.exe                       4292 N/A                                         
explorer.exe                  1936 N/A                                         
igfxEM.exe                     460 N/A                                         
RtkNGUI64.exe                 1264 N/A                                         
igfxHK.exe                    1332 N/A                                         
igfxTray.exe                  1036 N/A                                         
RAVBg64.exe                   1576 N/A                                         
AkSA.exe                      3976 N/A                                         
WavesSvc64.exe                5036 N/A                                         
SynTPEnh.exe                  4580 N/A                                         
SecCopy.exe                   4828 N/A                                         
ScanToPCActivationApp.exe     5188 N/A                                         
RtWLan.exe                    5256 N/A                                         
PdaNetPC.exe                  5304 N/A                                         
taskeng.exe                   5488 N/A                                         
SynTPHelper.exe               5580 N/A                                         
Paragon HFS for Windows.e     5680 N/A                                         
iusb3mon.exe                  5868 N/A                                         
oldmcdonald.exe               5888 N/A                                         
zatray.exe                    5964 N/A                                         
ThreatEmulation.exe           6020 N/A                                         
billy.exe                     6096 N/A                                         
adb.exe                       5456 N/A                                         
PhotoshopElementsFileAgen     5088 AdobeActiveFileMonitor11.0                  
svchost.exe                   4684 SSDPSRV, wcncsvc                            
devmonsrv.exe                 4136 Bluetooth Device Monitor                    
mediasrv.exe                  2404 Bluetooth Media Service                     
obexsrv.exe                   5572 Bluetooth OBEX Service                      
DDVRulesProcessor.exe         4376 DDVRulesProcessor                           
DSAPI.exe                     2476 Dell Hardware Support                       
jhi_service.exe               4692 jhi_service                                 
LMS.exe                       6152 LMS                                         
SupportAssistAgent.exe        6228 SupportAssistAgent                          
UninstallMonitor.exe          6736 N/A                                         
notepad.exe                   5512 N/A                                         
Antitheft.exe                 3248 ZoneAlarm AntiTheft                         
NASvc.exe                     6652 NAUpdate                                    
DDVDataCollector.exe           692 DDVDataCollector                            
DDVCollectorSvcApi.exe        6728 DDVCollectorSvcApi                          
WUDFHost.exe                  5184 N/A                                         
chrome.exe                    6612 N/A                                         
chrome.exe                    5612 N/A                                         
chrome.exe                    4568 N/A                                         
chrome.exe                    8168 N/A                                         
chrome.exe                    6508 N/A                                         
chrome.exe                    1208 N/A                                         
chrome.exe                    7700 N/A                                         
chrome.exe                    6844 N/A                                         
chrome.exe                    9100 N/A                                         
WmiPrvSE.exe                  7948 N/A                                         
WmiPrvSE.exe                  8372 N/A                                         
audiodg.exe                   6720 N/A                                         
cmd.exe                       4752 N/A                                         
conhost.exe                   7232 N/A                                         
HPNetworkCommunicatorCom.     1336 N/A                                         
tasklist.exe                  8792 N/A                                         

  • 0

#9
mrsawyer
Posted 28 February 2021 - 03:29 AM

mrsawyer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Here is the attached Speccy log and screenshots of the detections and the Windows error that comes up just after the detections are displayed.

Attached Files


  • 0

#10
RKinner
Posted 28 February 2021 - 10:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP

If svchost is infected (or even if it isn't but the anti-virus thinks it is) and is removed that will stop DCOM Server Launch and cause a reboot.  Let's let FRST check svchost.  First open FRST then put

svchost.exe

in the FRST search box.  Hit Search Files.  You will get one file.  Please post.

 

This will show us all of the copies of svchost available on your PC.  Normally there are several.

 

We can also let FRST submit the file to virus total and let other anti-viruses check it:

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   238bytes   354 downloads

Run FRST and press Fix
A fix log will be generated please post that

 

You can also try Windows Defender Offline:

 

See the instructions at the bottom of

https://support.micr...80-ff533f183d6c

 

 

 


 


  • 0

Advertisements

#11
mrsawyer
Posted 02 March 2021 - 12:53 AM

mrsawyer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

I copied the SVCHOST scan here before running the scan to generate the Fixlog. So, when the Fixlog was created, SVCHOST.exe was no longer in the search field and there was no Search log on the desktop. I hope this was the correct procedure. If not, please let me know.

 

As for the Windows Defender Offline scan, I'll be running that very soon. I am reminded that I booted to my Windows 10 partition and ran the "Blind Squirrel" of antivirus software, as well as MalwareBytes and ZoneAlarm to scan my Windows 7 partition. None of them found anything to report. Only when booting from my Windows 7 partition was anything detected, and it is always SVCHOST that is flagged (as in the photo I sent you earlier). I recall that ZoneAlarm found nothing, even when booting from the Win7 partition. Stay tuned for my Defender virus scan results...

 

Here is the Search log...

Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Adande (01-03-2021 23:31:31)
Running from C:\Users\Adande\Desktop
Boot Mode: Normal
 
================== Search Files: "svchost.exe" =============
 
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 18:19][2009-07-13 20:14] 000020992 _____ (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866 [File not signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 18:31][2009-07-13 20:39] 000027136 _____ (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D [File not signed]
 
C:\Windows\SysWOW64\svchost.exe
[2009-07-13 18:19][2009-07-13 20:14] 000020992 _____ (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866 [File not signed]
 
C:\Windows\System32\svchost.exe
[2009-07-13 18:31][2009-07-13 20:39] 000027136 _____ (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D [File not signed]
 
 
====== End of Search ======
 
Here is the Fixlog ... 
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Adande (01-03-2021 23:58:07) Run:1
Running from C:\Users\Adande\Desktop
Loaded Profiles: Adande
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
File: c:\Windows\System32\svchost.exe
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
 
 
 
*****************
 
 
========================= File: c:\Windows\System32\svchost.exe ========================
 
c:\Windows\System32\svchost.exe
File not signed
MD5: C78655BC80301D76ED4FEF1C1EA40A7D
Creation and modification date: 2009-07-13 18:31 - 2009-07-13 20:39
Size: 000027136
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: svchost.exe
Original Name: svchost.exe
Product: Microsoft® Windows® Operating System
Description: Host Process for Windows Services
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Version: 6.1.7600.16385
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End of File: ======
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 23:58:26 ====

Edited by mrsawyer, 02 March 2021 - 12:57 AM.

  • 0

#12
RKinner
Posted 02 March 2021 - 05:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP

svchost.exe checks out as OK.  The fixlist submitted the file to virustotal and it came back clean.  As you can see from the search results the file at C:\Windows\System32 has the same MD5 as the one at:

C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
so it has not been modified since it was installed.  
 
What doesn't look right is that it says the file is not signed.  I don't have a Win 7 handy but it seems like such an important file would normally be signed.
 
I expect the "blind chicken" has a very simple minded algorithm and just checks whether a file is signed or not and declares it infected if not signed.  The antiviruses may be doing the same thing.  Trying to remove svchost.exe is going to require a reboot since the file is much in demand.
 
The signing is the problem and it's caused by:
 
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -583.
 
 
See if you can follow Sleepy Dude's advice to run Windows Repair all in one:
 
 
This appeared to clear up the error.

  • 0

#13
mrsawyer
Posted 04 March 2021 - 05:30 AM

mrsawyer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi,

 

I ran the Windows All in one repair in safe mode as recommended. And reran it as advised. I was not sure if I should worry about the final step in the post, that being to run the Windows Upgrade Readiness Tool. I downloaded it and tried to run it, but it would not start, with an error code of 0xc8000247 - installer encountered an error.

 

My problem remains. Where do I go from here?

 

:upset: Thanks,

mrsawyer


  • 0

#14
RKinner
Posted 04 March 2021 - 06:09 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP

Can you do an in-place upgrade?

 

https://www.pcworld....stallation.html


  • 0

#15
mrsawyer
Posted 04 March 2021 - 06:49 AM

mrsawyer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi, 

 

Sure, in-place upgrade should be no problem.

However, I went back to an earlier post to try to rebuild the catroot2. I noticed that after the first command to stop the cryptsvc, I receive an error saying that the "request to pause, continue, or stop is not valid for this service." I don't recall seeing this when I tried initially, but may have overlooked it due to fatigue.

 

Should we persue this, or just go ahead with the in-place upgrade?

Thanks,

mrsawyer


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware, Windows 7, MultiBoot

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP