mmcintosh

Members
  • Content Count

    29
  • Joined

  • Last visited

About mmcintosh

  • Rank
    Member
  1. # Run at 4/21/2020 5:54:14 PM # KpRm (Kernel-panik) version 2.8 # Website https://kernel-panik.me/tool/kprm/ # Run by MarKay from C:\Users\MarKay\Downloads # Computer Name: MARKAY # OS: Windows 10 X64 (17134) # Number of passes: 1 - Checked options - ~ Registry Backup ~ Delete Tools ~ Restore System Settings ~ UAC Restore ~ Delete Restore Points ~ Create Restore Point ~ Delete Quarantines - Create Registry Backup - ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up ~ [OK] Hive C:\Users\MarKay\NTUSER.dat backed up [OK] Registry Backup: C:\KPRM\backup\2020-04-21-17-54-13 - Delete Tools - ## AdwCleaner [OK] C:\Users\MarKay\Downloads\adwcleaner_8.0.4.exe deleted [OK] C:\AdwCleaner deleted ## FRST [OK] C:\Users\MarKay\Downloads\Addition.txt deleted [OK] C:\Users\MarKay\Downloads\Fixlog.txt deleted [OK] C:\Users\MarKay\Downloads\FRST.exe deleted [OK] C:\Users\MarKay\Downloads\FRST.txt deleted [OK] C:\Users\MarKay\Downloads\FRST64.exe deleted [OK] C:\FRST deleted - Restore System Settings - [OK] Reset WinSock [OK] FLUSHDNS [OK] Hide Hidden file. [OK] Show Extensions for known file types [OK] Hide protected operating system files - Restore UAC - [OK] Set EnableLUA with default (1) value [OK] Set ConsentPromptBehaviorAdmin with default (5) value [OK] Set ConsentPromptBehaviorUser with default (3) value [OK] Set EnableInstallerDetection with default (0) value [OK] Set EnableSecureUIAPaths with default (1) value [OK] Set EnableUIADesktopToggle with default (0) value [OK] Set EnableVirtualization with default (1) value [OK] Set FilterAdministratorToken with default (0) value [OK] Set PromptOnSecureDesktop with default (1) value [OK] Set ValidateAdminCodeSignatures with default (0) value - Clear Restore Points - No system recovery points were found - Create Restore Point - [X] System Restore Point not created - Display System Restore Point - [X] No System Restore point found -- KPRM finished in 212.90s --
  2. Fix result of Farbar Recovery Scan Tool (x64) Version: 20-04-2020 Ran by MarKay (21-04-2020 16:30:47) Run:1 Running from C:\Users\MarKay\Downloads Loaded Profiles: MarKay (Available Profiles: MarKay) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] Task: {07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {188DB286-66F6-4E53-B82E-FBE8A8E44134} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {52DD92D5-D67F-4DC6-8FBD-4272D1505B2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {5DC68ECD-43E5-4F15-9684-C689FFECE624} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION Task: {670DBF19-0AB9-4296-B664-8A6453B5E4FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {96045AF9-97E8-4B84-B7C9-3A741A5CEF73} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {98C977F1-38A0-4A71-B1D8-7322F4411DD9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {B6954865-E48E-4B03-A345-F47993FA0CCC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {C02762AE-F09B-40E5-A03C-339C4DB90E90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {C57CCABA-0702-41C4-B0A9-9229865368E3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {CFA0FC04-3529-4284-9E96-FB63EC5A2A31} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {DFBE1B10-DD9C-4352-93DB-8485E1E8698A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {E744C069-CE66-4ABA-8F03-1E7E46E6108F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {E7D2D033-B041-4D78-A5CE-999273775454} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {F6139BE1-BE7A-4A9C-B5DB-97482E99199A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION S2 SupportAssistAgent; "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [X] FirewallRules: [{1DEADA99-A448-45F7-AC2F-FA076D234E70}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe No File FirewallRules: [{D7719BEC-D878-4371-9446-6FF0A2067DC3}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File FirewallRules: [{C0E76921-EAF6-4B41-976F-6FF145705CDC}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File EmptyTemp: C:\Windows\Temp\*.* ***************** Processes closed successfully. Restore point was successfully created. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{188DB286-66F6-4E53-B82E-FBE8A8E44134}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{188DB286-66F6-4E53-B82E-FBE8A8E44134}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52DD92D5-D67F-4DC6-8FBD-4272D1505B2D}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52DD92D5-D67F-4DC6-8FBD-4272D1505B2D}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DC68ECD-43E5-4F15-9684-C689FFECE624}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DC68ECD-43E5-4F15-9684-C689FFECE624}" => removed successfully C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{670DBF19-0AB9-4296-B664-8A6453B5E4FC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{670DBF19-0AB9-4296-B664-8A6453B5E4FC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96045AF9-97E8-4B84-B7C9-3A741A5CEF73}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96045AF9-97E8-4B84-B7C9-3A741A5CEF73}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98C977F1-38A0-4A71-B1D8-7322F4411DD9}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98C977F1-38A0-4A71-B1D8-7322F4411DD9}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6954865-E48E-4B03-A345-F47993FA0CCC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6954865-E48E-4B03-A345-F47993FA0CCC}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C02762AE-F09B-40E5-A03C-339C4DB90E90}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C02762AE-F09B-40E5-A03C-339C4DB90E90}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C57CCABA-0702-41C4-B0A9-9229865368E3}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C57CCABA-0702-41C4-B0A9-9229865368E3}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFA0FC04-3529-4284-9E96-FB63EC5A2A31}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFA0FC04-3529-4284-9E96-FB63EC5A2A31}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFBE1B10-DD9C-4352-93DB-8485E1E8698A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFBE1B10-DD9C-4352-93DB-8485E1E8698A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E744C069-CE66-4ABA-8F03-1E7E46E6108F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E744C069-CE66-4ABA-8F03-1E7E46E6108F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7D2D033-B041-4D78-A5CE-999273775454}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7D2D033-B041-4D78-A5CE-999273775454}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyUpload" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6139BE1-BE7A-4A9C-B5DB-97482E99199A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6139BE1-BE7A-4A9C-B5DB-97482E99199A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully HKLM\System\CurrentControlSet\Services\SupportAssistAgent => removed successfully SupportAssistAgent => service removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DEADA99-A448-45F7-AC2F-FA076D234E70}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7719BEC-D878-4371-9446-6FF0A2067DC3}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0E76921-EAF6-4B41-976F-6FF145705CDC}" => removed successfully =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\.ses => moved successfully C:\Windows\Temp\.session64 => moved successfully C:\Windows\Temp\a4fc417f-6d0d-433a-8814-9c156e9a6912_Catalog_Apps.xml => moved successfully C:\Windows\Temp\APPX.32s2wozeta3mitt914e8by6fh.tmp => moved successfully Could not move "C:\Windows\Temp\APPX.3b_6rqixw4b954nd0w7qiy27b.tmp" => Scheduled to move on reboot. C:\Windows\Temp\APPX.436il6nyhidazfwvten77ixeg.tmp => moved successfully Could not move "C:\Windows\Temp\APPX.4whsf8lhrj7f36pnnfa4jbnle.tmp" => Scheduled to move on reboot. C:\Windows\Temp\APPX.63xpm306q5u7ot6bzdodh0gfh.tmp => moved successfully C:\Windows\Temp\APPX.64ggao22foczgu259scmqttuc.tmp => moved successfully C:\Windows\Temp\APPX.682fe8ue7vb0ozqposnwoqoyb.tmp => moved successfully C:\Windows\Temp\APPX.6j94804blpxbgixp8k_4n934b.tmp => moved successfully Could not move "C:\Windows\Temp\APPX.6n4dkf6lhwduo12wqehdce_ic.tmp" => Scheduled to move on reboot. C:\Windows\Temp\APPX.6ohilfoegruqlns324e3h3rbe.tmp => moved successfully C:\Windows\Temp\APPX.7afmvamertmig288cibw27n5b.tmp => moved successfully C:\Windows\Temp\APPX.7cbl56c7sh2bu09iat9f3yqwf.tmp => moved successfully C:\Windows\Temp\APPX.7h9n2fwkls9l53zwyy9mqulsf.tmp => moved successfully C:\Windows\Temp\APPX.8wdfh_ll5o660cmikabkx92o.tmp => moved successfully C:\Windows\Temp\APPX.95b_l72_ukvil51_g9q2nzvtg.tmp => moved successfully C:\Windows\Temp\APPX.95dwqo6hvpemspvu31956surh.tmp => moved successfully C:\Windows\Temp\APPX.ajb503k4weyedqedbk9k2zh6e.tmp => moved successfully C:\Windows\Temp\APPX.aues47qag47lmiaqa0w9bnc7.tmp => moved successfully C:\Windows\Temp\APPX.ayix0u4kfy416czp5lj5b1zih.tmp => moved successfully C:\Windows\Temp\APPX.ba21zhefcv_i672nvji7u4e0c.tmp => moved successfully Could not move "C:\Windows\Temp\APPX.bcgw8yprkivrfslwrsn9a4sjc.tmp" => Scheduled to move on reboot. C:\Windows\Temp\APPX.c3_rp5vwbkhbgcjadxwf6vn1f.tmp => moved successfully C:\Windows\Temp\APPX.cyko10udnwxesezurob2iyo4e.tmp => moved successfully C:\Windows\Temp\APPX.e_s80uqe9vrue9c5_c2anc53g.tmp => moved successfully C:\Windows\Temp\APPX.g0wtkch_pe__ny0ydmu_u0i5g.tmp => moved successfully C:\Windows\Temp\APPX.gb7vbwm6g6zbfe6jl5pe0oboh.tmp => moved successfully C:\Windows\Temp\APPX.gcx6ms54ufx5i849h99w4hx7e.tmp => moved successfully C:\Windows\Temp\APPX.giyte9mtbv7yi_7rsgpd7oxs.tmp => moved successfully C:\Windows\Temp\APPX.i9c0mtgwebaxcuipzm0e2warc.tmp => moved successfully C:\Windows\Temp\APPX.iuibt4bmlbp5i8ezuoaer06be.tmp => moved successfully C:\Windows\Temp\APPX.iyxxfbk7w8d_uwlkqb33ehdgb.tmp => moved successfully C:\Windows\Temp\APPX.k1a5h7mz6xj7bb1uetxjn1r7f.tmp => moved successfully C:\Windows\Temp\APPX.l59c8vxcmv2_y5ufrhz0f9klf.tmp => moved successfully C:\Windows\Temp\APPX.mnjoavdhszlwrjeoan_gl0zqg.tmp => moved successfully C:\Windows\Temp\APPX.p2de9gxc5afy7im75540hn3_h.tmp => moved successfully C:\Windows\Temp\APPX.p7s6wxttw4ya0dorc64eygfq.tmp => moved successfully C:\Windows\Temp\APPX.r78rur4onwamortf3wr8_zg9c.tmp => moved successfully C:\Windows\Temp\APPX.rpaa9kc87jejzk6__4vz3cnb.tmp => moved successfully C:\Windows\Temp\APPX.rqqnsdq1t7u5acitdngzytl8e.tmp => moved successfully C:\Windows\Temp\APPX.spn_g29d2x3tgmwk2d0ebh3t.tmp => moved successfully C:\Windows\Temp\APPX.txg288m96m4g8sedploz222ig.tmp => moved successfully C:\Windows\Temp\APPX.u6mbkrx3axztfvvqyc369d4ce.tmp => moved successfully C:\Windows\Temp\APPX.vchyidvky7eimklob3nloc6j.tmp => moved successfully C:\Windows\Temp\APPX.zkjx3o89h8kcxvincpthh7s8.tmp => moved successfully C:\Windows\Temp\aria-debug-11832.log => moved successfully C:\Windows\Temp\aria-debug-12912.log => moved successfully C:\Windows\Temp\aria-debug-13532.log => moved successfully C:\Windows\Temp\aria-debug-15320.log => moved successfully C:\Windows\Temp\aria-debug-15420.log => moved successfully C:\Windows\Temp\aria-debug-17752.log => moved successfully C:\Windows\Temp\aria-debug-18028.log => moved successfully C:\Windows\Temp\aria-debug-5804.log => moved successfully C:\Windows\Temp\aria-debug-9268.log => moved successfully C:\Windows\Temp\chrome_installer.log => moved successfully C:\Windows\Temp\DMI4F3D.tmp => moved successfully C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully C:\Windows\Temp\HighPerformancePlan.log => moved successfully C:\Windows\Temp\ipconfig.out => moved successfully C:\Windows\Temp\MARKAY-20190207-1321.log => moved successfully C:\Windows\Temp\MARKAY-20190207-1321a.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1439.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1439a.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1729.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1737.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1737a.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1746.log => moved successfully C:\Windows\Temp\MARKAY-20190210-1755.log => moved successfully C:\Windows\Temp\MARKAY-20190429-0648.log => moved successfully C:\Windows\Temp\MARKAY-20190429-0653.log => moved successfully C:\Windows\Temp\MARKAY-20190429-0653a.log => moved successfully C:\Windows\Temp\MARKAY-20190512-2048.log => moved successfully C:\Windows\Temp\MARKAY-20190607-1620.log => moved successfully C:\Windows\Temp\MARKAY-20190607-1620a.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1728.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1741.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1741a.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1818.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1819.log => moved successfully C:\Windows\Temp\MARKAY-20190619-1820.log => moved successfully C:\Windows\Temp\MARKAY-20190619-2226.log => moved successfully C:\Windows\Temp\MARKAY-20190620-0004.log => moved successfully C:\Windows\Temp\MARKAY-20190626-2105.log => moved successfully C:\Windows\Temp\MARKAY-20190626-2105a.log => moved successfully C:\Windows\Temp\MARKAY-20190626-2106.log => moved successfully C:\Windows\Temp\MARKAY-20200406-0815.log => moved successfully C:\Windows\Temp\MARKAY-20200406-0830.log => moved successfully C:\Windows\Temp\MARKAY-20200406-1319.log => moved successfully C:\Windows\Temp\MARKAY-20200406-1319a.log => moved successfully C:\Windows\Temp\MARKAY-20200406-1320.log => moved successfully C:\Windows\Temp\MARKAY-20200407-0317.log => moved successfully C:\Windows\Temp\MARKAY-20200407-0400.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1637.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1637a.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1638.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1707.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1708.log => moved successfully C:\Windows\Temp\MARKAY-20200409-1708a.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1138.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1147.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1159.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1200.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1201.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1414.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1430.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1454.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1511.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1519.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1529.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1536.log => moved successfully C:\Windows\Temp\MARKAY-20200421-1625.log => moved successfully Could not move "C:\Windows\Temp\MARKAY-20200421-1630.log" => Scheduled to move on reboot. C:\Windows\Temp\mat-debug-12440.log => moved successfully C:\Windows\Temp\mat-debug-14380.log => moved successfully C:\Windows\Temp\mat-debug-14844.log => moved successfully C:\Windows\Temp\mat-debug-16016.log => moved successfully C:\Windows\Temp\mat-debug-16688.log => moved successfully C:\Windows\Temp\mat-debug-16764.log => moved successfully C:\Windows\Temp\mat-debug-17244.log => moved successfully C:\Windows\Temp\mat-debug-2268.log => moved successfully C:\Windows\Temp\mat-debug-3912.log => moved successfully C:\Windows\Temp\mat-debug-7984.log => moved successfully C:\Windows\Temp\mbamiservice.log => moved successfully C:\Windows\Temp\mb_errors972.log => moved successfully C:\Windows\Temp\MpCmdRun.log => moved successfully C:\Windows\Temp\MpSigStub.log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(2019021017295834DC).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211159421F58).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(2020042115114510B4).log => moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211529281044).log => moved successfully Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211630558B4).log" => Scheduled to move on reboot. C:\Windows\Temp\PowerPlan.log => moved successfully C:\Windows\Temp\sed2BE8.tmp => moved successfully C:\Windows\Temp\sed594A.tmp => moved successfully C:\Windows\Temp\sed6934.tmp => moved successfully C:\Windows\Temp\sed7E94.tmp => moved successfully C:\Windows\Temp\sedA4CA.tmp => moved successfully C:\Windows\Temp\Silverlight0.log => moved successfully C:\Windows\Temp\SilverlightMSI.log => moved successfully C:\Windows\Temp\TS_D8CA.tmp => moved successfully C:\Windows\Temp\TS_DF33.tmp => moved successfully C:\Windows\Temp\TS_E711.tmp => moved successfully C:\Windows\Temp\TS_E7ED.tmp => moved successfully C:\Windows\Temp\TS_FBA5.tmp => moved successfully C:\Windows\Temp\UsoStoreFile.xml => moved successfully C:\Windows\Temp\{F7ED8E0D-04F6-4080-AA29-4C202436E61F} - OProcSessId.dat => moved successfully ========= End -> "C:\Windows\Temp\*.*" ======== =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 79088601 B Java, Flash, Steam htmlcache => 5003 B Windows/system/drivers => 2375105 B Edge => 1537603 B Chrome => 399750329 B Firefox => 356817602 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 1864219825 B systemprofile32 => 1864219825 B LocalService => 1864224083 B NetworkService => 2225379667 B MarKay => 2469097248 B RecycleBin => 3064734671 B EmptyTemp: => 13.2 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-04-2020 17:31:03) C:\Windows\Temp\APPX.3b_6rqixw4b954nd0w7qiy27b.tmp => Is moved successfully C:\Windows\Temp\APPX.4whsf8lhrj7f36pnnfa4jbnle.tmp => Is moved successfully C:\Windows\Temp\APPX.6n4dkf6lhwduo12wqehdce_ic.tmp => Is moved successfully C:\Windows\Temp\APPX.bcgw8yprkivrfslwrsn9a4sjc.tmp => Is moved successfully C:\Windows\Temp\MARKAY-20200421-1630.log => Is moved successfully C:\Windows\Temp\officeclicktorun.exe_streamserver(202004211630558B4).log => Is moved successfully ==== End of Fixlog 17:31:03 ====
  3. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2020 Ran by MarKay (21-04-2020 15:43:09) Running from C:\Users\MarKay\Downloads Windows 10 Home Version 1803 17134.1246 (X64) (2018-05-24 23:14:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3528668509-3968989764-3154782742-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3528668509-3968989764-3154782742-503 - Limited - Disabled) Guest (S-1-5-21-3528668509-3968989764-3154782742-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3528668509-3968989764-3154782742-1003 - Limited - Enabled) MarKay (S-1-5-21-3528668509-3968989764-3154782742-1001 - Administrator - Enabled) => C:\Users\MarKay WDAGUtilityAccount (S-1-5-21-3528668509-3968989764-3154782742-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Connect 9 Add-in (HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,974,231 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe) Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.64 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{D8AE5F9D-647C-49B4-A666-1C20B44EC0E1}) (Version: 2.1.3.0 - Dell Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 95.4.441 - Dropbox, Inc.) Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.201 - Dell Inc.) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.113 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard) HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Chipset Device Software (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.) Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.12624.20466 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Teams) (Version: 1.3.00.362 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 72.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.2 (x64 en-US)) (Version: 72.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 72.0.2.7321 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20466 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12624.20442 - Microsoft Corporation) Hidden Office Mix (HKLM-x32\...\{9c7fb62c-70e4-4bd0-b9f1-d84aa18ff93d}) (Version: 0.1.5720.0 - Microsoft Corporation) Office Mix 32-bit (HKLM-x32\...\{E3702071-B77B-4441-9833-26B9D5BA9300}) (Version: 0.1.5720.0 - Microsoft) Hidden PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology) QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.25 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus) Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.3.0.362 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation) VitalSource Bookshelf (HKLM-x32\...\{f4449697-7673-4d11-b23b-67f894203dc3}) (Version: 6.06.0023 - Ingram Content Group) WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation) Packages: ========= Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-04-07] (Amazon.com) Can You Escape -> C:\Program Files\WindowsApps\Trapped.CanYouEscape_1.1.0.0_x86__bhn6e84ggqs1p [2015-12-27] (Trapped) Candy Zuma -> C:\Program Files\WindowsApps\39904zuelaScott.CandyZuma_1.0.0.0_x86__65bxs6ztfacmp [2015-12-27] (zuelaScott) Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2016-05-30] (Dell Inc) Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-17] (Flipboard) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64__v10z8vjag6ke6 [2020-04-21] (HP Inc.) Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.5.0_neutral__fphbd361v8tya [2020-04-07] (Hulu.) Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-08-18] (AMZN Mobile LLC) Magic Jigsaw Puzzles -> C:\Program Files\WindowsApps\XIMADINC.MagicPuzzles_4.1.3.0_x64__np8fj6akx2czy [2020-04-21] (ZiMAD) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-06] (Microsoft Corporation) [MS Ad] Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation) Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-12] (Microsoft Corporation) MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-18] (Microsoft Corporation) [MS Ad] MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-18] (Microsoft Corporation) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.26.12334.0_x64__8wekyb3d8bbwe [2018-08-25] (Microsoft Corporation) [MS Ad] MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-06] (Microsoft Corporation) [MS Ad] MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-18] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-07] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-21] (Netflix, Inc.) Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2020-04-07] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\MarKay\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\MarKay\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19317.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\MarKay\Dropbox [2015-08-20 13:25] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2014-06-04] (SoftThinks -> ) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2014-06-04] (SoftThinks -> ) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-06] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-21] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-04-21] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2014-12-11 18:40 - 2014-12-11 18:40 - 040622592 ____R () [File not signed] C:\Program Files (x86)\Fitbit Connect\libcef.dll 2014-11-10 20:11 - 2014-11-10 20:11 - 009994752 ____R (The ICU Project) [File not signed] C:\Program Files (x86)\Fitbit Connect\icudt.dll 2015-09-04 17:34 - 2015-09-04 17:34 - 001374208 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll 2015-09-04 17:42 - 2015-09-04 17:42 - 001367040 ____R (winsparkle.org) [File not signed] C:\Program Files (x86)\Fitbit Connect\WinSparkle.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\MarKay\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\sharepoint.com -> hxxps://bgh2-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2016-08-06 11:57 - 000000840 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Dell\DW WLAN Card;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files\WIDCOMM\Bluetooth Software\;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04212020152936053\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MarKay\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bluelava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_rgb.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "DropboxOEM" HKLM\...\StartupApproved\Run32: => "Fitbit Connect" HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{8B198B7B-1246-4DEB-B430-E22F3BA91808}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{BE63A214-A38F-49EF-962B-8DC252741B87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{67E6E94B-1B1C-468E-AC00-EBA4FEBA5B94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C1CCA4CA-38AD-4032-8245-AA87850FFD59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BB7B22F0-DC90-44F1-9910-AB40ADE7CFE9}] => (Allow) C:\Users\MarKay\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File FirewallRules: [{0859531E-CFF4-45ED-8661-6561A5478117}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{4EC2E505-BF36-4A2D-90FC-AB30241489B9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{515336D3-F288-4254-BB1A-0E8127256310}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{7DB312CC-7465-4F82-9465-820D01F900C8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{8757F25E-CF60-455A-AFE4-B5516C3A0430}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (DELL Inc.) [File not signed] FirewallRules: [{1DEADA99-A448-45F7-AC2F-FA076D234E70}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe No File FirewallRules: [{FBAC24DD-8F57-45C4-86F9-1902367C635C}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe (Wyse Technology Inc -> ) FirewallRules: [{4577A218-32FF-45CE-9EB8-EFB025D1E82C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6A435999-EFE6-4651-A4DA-5B2AA5A83FED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{66A2F905-5780-43DA-BD47-01C5430E82F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6B9D5662-B91B-433B-A0DC-E9E523A28ED2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{6653B0C2-BBE3-40D2-907F-89EA42F2A37A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A524109E-9ECD-44E9-A1A3-2AA16D7792C9}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{6C3B52F9-19FA-46BA-8A3B-F3F393E0035A}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{509903D2-4870-4C2A-BA74-60E00E8376A1}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.) FirewallRules: [{D7719BEC-D878-4371-9446-6FF0A2067DC3}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File FirewallRules: [{C0E76921-EAF6-4B41-976F-6FF145705CDC}] => (Allow) C:\Users\MarKay\AppData\Local\Temp\7zS76B9\HPDiagnosticCoreUI.exe No File FirewallRules: [{3C92B7C7-D913-4A3B-B142-25042FFD7A2B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1B213995-8E5D-4E50-BF65-75C54C2F248F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9492DA1E-C21E-4C80-8221-34AC9D2D4E3E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C30FA0D1-CC35-4AFE-9B76-EE5AAD2830F3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{50190491-00B9-4944-8078-B46853ACD5A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F4A11410-CE29-4124-9814-6CBC55A79516}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{DEE2F906-0FB9-4164-BCC2-27B06FACA2B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= Check "VSS" service ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (04/21/2020 03:26:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 93390 Error: (04/21/2020 03:26:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 93390 Error: (04/21/2020 03:26:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/21/2020 03:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 16015 Error: (04/21/2020 03:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 16015 Error: (04/21/2020 03:25:03 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/21/2020 03:14:33 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (04/21/2020 03:14:33 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected System errors: ============= Error: (04/21/2020 03:34:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:34:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:34:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Dell SupportAssist service failed to start due to the following error: The system cannot find the file specified. Error: (04/21/2020 03:33:32 PM) (Source: DCOM) (EventID: 10016) (User: MARKAY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user MarKay\MarKay SID (S-1-5-21-3528668509-3968989764-3154782742-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:30:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:30:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:30:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (04/21/2020 03:29:10 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:11:17 PM on ‎4/‎21/‎2020 was unexpected. Windows Defender: =================================== Date: 2018-08-22 12:49:05.264 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {7BCAB21A-C684-4D88-B1C1-6223E71EB2B4} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-08-22 12:19:12.981 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {57C6BE9F-96E5-45F2-8ABA-559E3F6751AF} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-08-01 18:58:39.688 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C921335A-204A-4EF6-847E-7A4404A6B7BD} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-07-20 22:39:04.739 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {3ADAA31D-B7B3-4B83-9548-B04C0CD0EF17} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-07-20 22:34:47.338 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {0DC92272-82C0-4D73-B77E-21C690264EF1} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2020-04-21 15:04:27.713 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.313.2035.0 Previous Signature Version: 1.313.2014.0 Update Source: User Signature Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.16900.4 Previous Engine Version: 1.1.16900.4 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2020-04-21 15:04:27.712 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.313.2035.0 Previous Signature Version: 1.313.2014.0 Update Source: User Signature Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.16900.4 Previous Engine Version: 1.1.16900.4 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2020-04-21 12:06:45.001 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.313.2014.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16900.4 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2020-04-21 12:06:45.000 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.313.2014.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16900.4 Error code: 0x80070102 Error description: The wait operation timed out. Date: 2020-04-21 11:32:34.245 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.313.1169.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16900.4 Error code: 0x80070102 Error description: The wait operation timed out. ==================== Memory info =========================== BIOS: Dell Inc. A01 11/04/2014 Motherboard: Dell Inc. 04GKPN Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 75% Total physical RAM: 4007.66 MB Available physical RAM: 981.14 MB Total Virtual: 5927.66 MB Available Virtual: 2616.15 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:920.54 GB) (Free:830.88 GB) NTFS \\?\Volume{9fef599b-2f24-4693-b346-382dcaa9aec6}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS \\?\Volume{43cb8ddf-b77e-4c9e-a7f4-9f3f98b8930f}\ () (Fixed) (Total:0.92 GB) (Free:0.46 GB) NTFS \\?\Volume{37c89ba5-1024-4af1-8d30-8ae05614691d}\ (PBR Image) (Fixed) (Total:8.67 GB) (Free:0.73 GB) NTFS \\?\Volume{8c06b1a0-57fa-4d2d-86d9-3cd6e8e4eb14}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6D52CD60) Partition: GPT. ==================== End of Addition.txt =======================
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-04-2020 Ran by MarKay (administrator) on MARKAY (Dell Inc. Inspiron 3543) (21-04-2020 15:37:51) Running from C:\Users\MarKay\Downloads Loaded Profiles: MarKay (Available Profiles: MarKay) Platform: Windows 10 Home Version 1803 17134.1246 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell Inc -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (DELL Inc.) [File not signed] C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe (Google LLC -> Google) C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\SwReporter\81.233.200\software_reporter_tool.exe <4> (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Leader Technologies Inc -> Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\MarKay\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12624.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4> (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Wyse Technology Inc -> ) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3859456 2014-09-05] (Dell Inc.) [File not signed] HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] (Dropbox, Inc -> ) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6287872 2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [84489984 2020-01-03] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04212020152936053\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\MarKay\AppData\Local\Microsoft\Teams\Update.exe [2324624 2020-04-21] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\...\Policies\Explorer: [NoLogOff] 0 HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.113\Installer\chrmstp.exe [2020-04-21] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> c:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2014-02-18] (Broadcom Corporation -> Broadcom Corporation.) Startup: C:\Users\MarKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk [2020-04-21] ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1944437N05PJ;CONNECTION=USB;MONITOR=1; Startup: C:\Users\MarKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-09-05] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05B3C478-8808-4F7A-947C-E0161AC5721B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe Task: {07DF6FE1-C0A2-4F1F-9D77-992DF0C310BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {188DB286-66F6-4E53-B82E-FBE8A8E44134} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {1D61B60A-B3F0-4A94-9DC1-0BF0DF6A2564} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4167224 2017-12-19] (Synaptics Incorporated -> Synaptics Incorporated) Task: {1DE82BCC-351D-48D3-8A1D-8BEA3CF6FC1B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation) Task: {2225C9AF-4D25-467A-9A82-6A822565EA54} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.) Task: {24A34E1F-C7DB-4398-930E-AE666DFD13BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4357016 2020-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {2BF00924-F6D5-41AC-8EC5-68E4A7D45CE5} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe] Task: {2FCEF649-8E79-42AD-823C-9740F10B51AE} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [713008 2013-08-22] (Wyse Technology Inc -> ) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {4AFE2147-7209-4E77-9DA3-01B5BDDE50D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-21] (Adobe Inc. -> Adobe) Task: {52DD92D5-D67F-4DC6-8FBD-4272D1505B2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {552B3233-5697-4076-B7BE-8E25223C94B7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-11] (Microsoft Windows -> Microsoft Corporation) Task: {5B09ECA6-BF21-4881-B90D-7EF879FD16D7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink) Task: {5DC68ECD-43E5-4F15-9684-C689FFECE624} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION Task: {670DBF19-0AB9-4296-B664-8A6453B5E4FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {695E1228-FA22-4B77-B92A-812CB46DB629} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2017-07-24] (Apple Inc. -> Apple Inc.) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {74BDE4B1-C3D7-432D-A362-D0D92BCF7F26} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-21] (Adobe Inc. -> Adobe) Task: {7F14A200-542D-42E7-AAD9-AED5DCD4899D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {9543A93A-5CE5-4314-9E89-A7075F4591FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-29] (Google Inc -> Google Inc.) Task: {96045AF9-97E8-4B84-B7C9-3A741A5CEF73} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {98C977F1-38A0-4A71-B1D8-7322F4411DD9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {B01BBD6A-B06D-4BC5-AEDE-97787B097DB2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4357016 2020-04-21] (Microsoft Corporation -> Microsoft Corporation) Task: {B2A67C31-8575-4CFF-BC8D-8F78EA47D7DD} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc) Task: {B6954865-E48E-4B03-A345-F47993FA0CCC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {BB0B5233-A0BC-4A95-99FE-7B71720A7394} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) Task: {C02762AE-F09B-40E5-A03C-339C4DB90E90} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {C57CCABA-0702-41C4-B0A9-9229865368E3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {C641E95B-C7E4-421A-A877-3487686B1EB0} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) Task: {CE239613-B4FD-4C17-9502-8263D69C9D1D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation) Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {CFA0FC04-3529-4284-9E96-FB63EC5A2A31} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {D1F17116-DDE8-4D0D-8877-276D9561C23B} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc) Task: {D67945E7-D83B-45E9-8205-60EFDD08BA95} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.) Task: {DB94ED5F-1552-43C6-A45F-5D8AC4BB8B14} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_Plugin.exe [1458232 2020-04-19] (Adobe Inc. -> Adobe) Task: {DFBE1B10-DD9C-4352-93DB-8485E1E8698A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {E744C069-CE66-4ABA-8F03-1E7E46E6108F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {E7D2D033-B041-4D78-A5CE-999273775454} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {EC36752F-0C6D-49D6-9FC0-FBFA21A03984} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-29] (Google Inc -> Google Inc.) Task: {EC955163-6405-4E8A-B428-86517C524ACE} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [17200 2013-08-22] (Wyse Technology Inc -> ) Task: {F4172F5B-8193-43CC-8EBA-FAFD43DDD659} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [340440 2013-03-22] (CyberLink Corp. -> CyberLink Corp.) Task: {F6139BE1-BE7A-4A9C-B5DB-97482E99199A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {FA5203C9-C31D-4ED8-AE7D-1DD90C1923EE} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {FD340491-43DC-40E0-A276-DCD3E2B17D66} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1448320 2020-04-21] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{0b4cae4d-802d-460b-a7fd-4ad38284263d}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{9dd3c540-9e69-40a9-9600-38f0ae087783}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3528668509-3968989764-3154782742-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-04-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-04-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation -> Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation -> Microsoft Corporation.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF DefaultProfile: zld0mb4h.default-1542906549349 FF ProfilePath: C:\Users\MarKay\AppData\Roaming\Mozilla\Firefox\Profiles\zld0mb4h.default-1542906549349 [2020-04-21] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_363.dll [2020-04-19] (Adobe Inc. -> ) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_363.dll [2020-04-19] (Adobe Inc. -> ) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-04-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-04-06] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default [2020-04-21] CHR Notifications: Default -> hxxps://www.facebook.com CHR HomePage: Default -> hxxps://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp CHR StartupUrls: Default -> "hxxps://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp","hxxps://www.google.com/" CHR Extension: (Slides) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-29] CHR Extension: (Docs) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-29] CHR Extension: (Google Drive) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-29] CHR Extension: (YouTube) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-29] CHR Extension: (Sheets) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-29] CHR Extension: (Google Docs Offline) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-21] CHR Extension: (Gmail) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-21] CHR Extension: (Chrome Media Router) - C:\Users\MarKay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-21] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10626648 2020-04-10] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-04-14] (Dropbox, Inc -> Dropbox, Inc.) S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc -> Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Leader Technologies Inc -> Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc -> Dell Inc.) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel(R) pGFX -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-04-21] (Malwarebytes Inc -> Malwarebytes) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink Corp. -> CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265784 2017-12-19] (Synaptics Incorporated -> Synaptics Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] (Wyse Technology Inc -> ) R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] S2 SupportAssistAgent; "C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Techporch Incorporated -> Dell Inc.) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Techporch Incorporated -> Dell Computer Corporation) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-04-21] (Malwarebytes Corporation -> Malwarebytes) S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation - Software and Firmware Products -> Intel Corporation) R3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation - Software and Firmware Products -> Intel Corporation) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-04-21] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-04-21] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-04-21] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-04-21] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [124560 2020-04-21] (Malwarebytes Inc -> Malwarebytes) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.) S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek Semiconductor Corp -> Realtek ) R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66104 2017-12-19] (Synaptics Incorporated -> Synaptics Incorporated) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394680 2020-04-21] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-21] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-21 15:37 - 2020-04-21 15:40 - 000030765 _____ C:\Users\MarKay\Downloads\FRST.txt 2020-04-21 15:37 - 2020-04-21 15:39 - 000000000 ____D C:\FRST 2020-04-21 15:36 - 2020-04-21 15:37 - 002281984 _____ (Farbar) C:\Users\MarKay\Downloads\FRST64.exe 2020-04-21 15:36 - 2020-04-21 15:36 - 002010624 _____ (Farbar) C:\Users\MarKay\Downloads\Unconfirmed 399113.crdownload 2020-04-21 15:16 - 2020-04-21 15:16 - 000000000 ____D C:\Users\MarKay\AppData\Local\D3DSCache 2020-04-21 15:15 - 2020-04-21 15:15 - 000001607 _____ C:\Users\MarKay\Documents\malware.txt 2020-04-21 15:12 - 2020-04-21 15:29 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2020-04-21 15:12 - 2020-04-21 15:12 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2020-04-21 15:12 - 2020-04-21 15:12 - 000124560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2020-04-21 15:01 - 2020-04-21 15:01 - 000000000 ____D C:\Users\MarKay\AppData\Local\mbam 2020-04-21 14:59 - 2020-04-21 14:59 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-04-21 14:59 - 2020-04-21 14:59 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-04-21 14:59 - 2020-04-21 14:59 - 000000000 ____D C:\Users\MarKay\AppData\Local\mbamtray 2020-04-21 14:58 - 2020-04-21 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2020-04-21 14:58 - 2020-04-21 14:58 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-04-21 14:58 - 2020-04-21 14:58 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-04-21 14:58 - 2020-04-21 14:57 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-04-21 14:58 - 2020-04-21 14:56 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-04-21 14:57 - 2020-04-21 14:57 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-04-21 14:55 - 2020-04-21 14:55 - 001928352 _____ (Malwarebytes) C:\Users\MarKay\Downloads\MBSetup-076981.076981-Consumer.exe 2020-04-21 14:55 - 2020-04-21 14:55 - 000000000 ____D C:\Program Files\Malwarebytes 2020-04-21 14:49 - 2020-04-21 14:49 - 000000000 ____D C:\Users\MarKay\AppData\Roaming\Microsoft Teams 2020-04-21 14:43 - 2020-04-21 14:49 - 000000000 ____D C:\Users\MarKay\AppData\Local\SquirrelTemp 2020-04-21 14:31 - 2020-02-03 17:18 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2020-04-21 14:31 - 2020-02-03 17:18 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2020-04-21 14:10 - 2020-04-21 14:14 - 000000000 ____D C:\AdwCleaner 2020-04-21 14:09 - 2020-04-21 14:09 - 008196784 _____ (Malwarebytes) C:\Users\MarKay\Downloads\adwcleaner_8.0.4.exe 2020-04-21 12:23 - 2019-03-28 03:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2020-04-21 12:23 - 2019-03-28 03:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll 2020-04-21 12:23 - 2019-03-28 03:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2020-04-21 12:23 - 2019-03-28 03:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll 2020-04-21 12:23 - 2019-03-28 00:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll 2020-04-21 12:23 - 2019-03-28 00:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll 2020-04-21 12:23 - 2019-03-28 00:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll 2020-04-21 12:23 - 2019-03-28 00:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll 2020-04-21 12:22 - 2019-03-28 00:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll 2020-04-21 12:22 - 2019-03-28 00:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll 2020-04-21 11:33 - 2020-04-21 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2020-04-19 21:16 - 2020-04-21 11:38 - 005197368 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2020-04-14 06:19 - 2020-04-14 06:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2020-04-14 06:19 - 2020-04-14 06:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2020-04-14 06:19 - 2020-04-14 06:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2020-04-14 06:19 - 2020-04-14 06:19 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2020-04-09 17:02 - 2019-02-12 23:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2020-04-09 16:35 - 2020-04-09 16:35 - 000000000 ____D C:\WINDOWS\{E9E39016-F1A4-4947-BF49-E0DACA61F95C} 2020-04-06 13:50 - 2019-09-03 23:15 - 000323904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2020-04-06 13:49 - 2020-01-07 03:36 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll 2020-04-06 13:49 - 2020-01-07 03:35 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll 2020-04-06 13:49 - 2020-01-07 03:35 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll 2020-04-06 13:49 - 2020-01-07 02:03 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll 2020-04-06 13:49 - 2020-01-06 21:58 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2020-04-06 13:49 - 2019-11-08 01:45 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll 2020-04-06 13:49 - 2019-11-08 00:03 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll 2020-04-06 13:49 - 2019-11-07 20:40 - 000060216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll 2020-04-06 13:49 - 2019-11-07 20:30 - 000785776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2020-04-06 13:49 - 2019-11-07 20:12 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2020-04-06 13:49 - 2019-10-02 04:11 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\compact.exe 2020-04-06 13:49 - 2019-10-02 03:12 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compact.exe 2020-04-06 13:49 - 2019-10-01 23:04 - 002774120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2020-04-06 13:49 - 2019-10-01 23:00 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2020-04-06 13:49 - 2019-10-01 22:48 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2020-04-06 13:49 - 2019-10-01 22:47 - 002260928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2020-04-06 13:49 - 2019-10-01 22:14 - 001222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2020-04-06 13:49 - 2019-10-01 22:14 - 000578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll 2020-04-06 13:49 - 2019-10-01 22:14 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll 2020-04-06 13:49 - 2019-09-04 03:44 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2020-04-06 13:49 - 2019-09-04 03:42 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll 2020-04-06 13:49 - 2019-09-03 22:43 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2020-04-06 13:49 - 2019-09-03 22:40 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2020-04-06 13:49 - 2019-08-07 02:08 - 000130840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2020-04-06 13:49 - 2019-08-07 02:08 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2020-04-06 13:49 - 2019-08-07 01:56 - 000101400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2020-04-06 13:49 - 2019-08-07 01:35 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2020-04-06 13:49 - 2019-08-07 01:35 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2020-04-06 13:49 - 2019-07-08 20:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll 2020-04-06 13:49 - 2019-07-08 20:50 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2020-04-06 13:49 - 2019-07-08 20:49 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll 2020-04-06 13:49 - 2019-06-21 02:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2020-04-06 13:48 - 2020-01-07 03:37 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll 2020-04-06 13:48 - 2020-01-07 03:34 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll 2020-04-06 13:48 - 2020-01-07 03:34 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll 2020-04-06 13:48 - 2020-01-07 02:00 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll 2020-04-06 13:48 - 2020-01-06 21:58 - 000694184 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2020-04-06 13:48 - 2020-01-06 21:48 - 000538912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2020-04-06 13:48 - 2020-01-06 21:29 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2020-04-06 13:48 - 2020-01-06 21:28 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll 2020-04-06 13:48 - 2020-01-06 21:23 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2020-04-06 13:48 - 2020-01-06 21:23 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll 2020-04-06 13:48 - 2020-01-06 21:22 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2020-04-06 13:48 - 2019-11-28 04:31 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2020-04-06 13:48 - 2019-11-28 04:31 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2020-04-06 13:48 - 2019-11-28 04:30 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2020-04-06 13:48 - 2019-11-28 02:53 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2020-04-06 13:48 - 2019-11-28 02:53 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2020-04-06 13:48 - 2019-11-28 02:52 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2020-04-06 13:48 - 2019-11-27 22:41 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll 2020-04-06 13:48 - 2019-11-27 22:36 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2020-04-06 13:48 - 2019-11-27 22:28 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2020-04-06 13:48 - 2019-11-08 01:41 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2020-04-06 13:48 - 2019-11-07 20:39 - 000227848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2020-04-06 13:48 - 2019-11-07 20:38 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2020-04-06 13:48 - 2019-11-07 20:38 - 000605712 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2020-04-06 13:48 - 2019-11-07 20:38 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2020-04-06 13:48 - 2019-11-07 20:13 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll 2020-04-06 13:48 - 2019-11-07 20:12 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll 2020-04-06 13:48 - 2019-11-07 20:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe 2020-04-06 13:48 - 2019-10-02 04:09 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll 2020-04-06 13:48 - 2019-10-02 04:07 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2020-04-06 13:48 - 2019-10-02 03:11 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prntvpt.dll 2020-04-06 13:48 - 2019-10-01 23:05 - 000092472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys 2020-04-06 13:48 - 2019-10-01 22:51 - 000192312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2020-04-06 13:48 - 2019-10-01 22:50 - 000536832 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2020-04-06 13:48 - 2019-10-01 22:48 - 000402744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2020-04-06 13:48 - 2019-10-01 22:35 - 000465832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2020-04-06 13:48 - 2019-10-01 22:14 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2020-04-06 13:48 - 2019-10-01 22:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2020-04-06 13:48 - 2019-09-13 04:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2020-04-06 13:48 - 2019-09-12 22:47 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2020-04-06 13:48 - 2019-09-12 22:47 - 000081720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys 2020-04-06 13:48 - 2019-09-12 22:47 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys 2020-04-06 13:48 - 2019-09-12 22:21 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2020-04-06 13:48 - 2019-09-12 22:21 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe 2020-04-06 13:48 - 2019-09-12 22:17 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2020-04-06 13:48 - 2019-09-12 22:13 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2020-04-06 13:48 - 2019-09-12 22:13 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll 2020-04-06 13:48 - 2019-09-12 22:11 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2020-04-06 13:48 - 2019-09-03 23:14 - 000594032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2020-04-06 13:48 - 2019-09-03 23:14 - 000420984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xbgmengine.dll 2020-04-06 13:48 - 2019-09-03 22:45 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll 2020-04-06 13:48 - 2019-09-03 22:45 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys 2020-04-06 13:48 - 2019-08-13 08:44 - 000163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll 2020-04-06 13:48 - 2019-08-13 08:43 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll 2020-04-06 13:48 - 2019-08-12 22:12 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll 2020-04-06 13:48 - 2019-08-12 22:12 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll 2020-04-06 13:48 - 2019-08-12 22:11 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2020-04-06 13:48 - 2019-08-12 20:51 - 000421376 _____ (curl, hxxps://curl.haxx.se/) C:\WINDOWS\system32\curl.exe 2020-04-06 13:48 - 2019-08-07 01:37 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll 2020-04-06 13:48 - 2019-08-07 01:37 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2020-04-06 13:48 - 2019-08-07 01:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2020-04-06 13:48 - 2019-08-07 01:33 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2020-04-06 13:48 - 2019-08-07 01:32 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2020-04-06 13:48 - 2019-08-07 01:32 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2020-04-06 13:48 - 2019-07-08 21:21 - 000133136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2020-04-06 13:48 - 2019-07-08 20:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2020-04-06 13:48 - 2019-06-13 00:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2020-04-06 13:48 - 2019-06-13 00:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2020-04-06 13:48 - 2019-06-12 22:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2020-04-06 13:47 - 2020-01-06 22:00 - 000568312 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2020-04-06 13:47 - 2020-01-06 21:59 - 000791352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2020-04-06 13:47 - 2020-01-06 21:58 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2020-04-06 13:47 - 2020-01-06 21:47 - 000222736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2020-04-06 13:47 - 2020-01-06 21:24 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2020-04-06 13:47 - 2019-11-27 22:52 - 025857024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2020-04-06 13:47 - 2019-11-27 22:40 - 022016000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2020-04-06 13:47 - 2019-11-08 01:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll 2020-04-06 13:47 - 2019-11-08 01:42 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2020-04-06 13:47 - 2019-11-07 20:13 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll 2020-04-06 13:47 - 2019-11-07 20:10 - 001827328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2020-04-06 13:47 - 2019-10-02 04:48 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2020-04-06 13:47 - 2019-10-02 04:47 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2020-04-06 13:47 - 2019-10-02 04:45 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2020-04-06 13:47 - 2019-10-02 04:09 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll 2020-04-06 13:47 - 2019-10-02 02:41 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2020-04-06 13:47 - 2019-10-01 23:01 - 000491208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2020-04-06 13:47 - 2019-10-01 23:00 - 000433168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2020-04-06 13:47 - 2019-10-01 22:49 - 000550512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2020-04-06 13:47 - 2019-10-01 22:28 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll 2020-04-06 13:47 - 2019-10-01 22:27 - 002126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2020-04-06 13:47 - 2019-10-01 22:25 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll 2020-04-06 13:47 - 2019-10-01 22:23 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2020-04-06 13:47 - 2019-10-01 22:22 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2020-04-06 13:47 - 2019-10-01 22:18 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2020-04-06 13:47 - 2019-09-12 22:48 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2020-04-06 13:47 - 2019-09-12 22:20 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe 2020-04-06 13:47 - 2019-09-12 22:20 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll 2020-04-06 13:47 - 2019-09-12 22:20 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2020-04-06 13:47 - 2019-09-12 22:17 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll 2020-04-06 13:47 - 2019-09-12 22:17 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2020-04-06 13:47 - 2019-09-12 22:14 - 001809408 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2020-04-06 13:47 - 2019-09-12 22:12 - 001634304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2020-04-06 13:47 - 2019-09-03 23:13 - 000129040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2020-04-06 13:47 - 2019-09-03 22:43 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2020-04-06 13:47 - 2019-08-12 22:16 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2020-04-06 13:47 - 2019-08-12 22:11 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2020-04-06 13:47 - 2019-08-07 02:07 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2020-04-06 13:47 - 2019-08-07 01:36 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll 2020-04-06 13:47 - 2019-08-07 01:34 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2020-04-06 13:47 - 2019-07-09 01:37 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll 2020-04-06 13:47 - 2019-07-09 01:37 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2020-04-06 13:47 - 2019-07-09 00:37 - 000485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll 2020-04-06 13:47 - 2019-07-08 21:29 - 000031032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys 2020-04-06 13:47 - 2019-07-08 21:19 - 000142352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2020-04-06 13:47 - 2019-07-08 21:11 - 000108560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2020-04-06 13:47 - 2019-07-08 20:52 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2020-04-06 13:47 - 2019-07-08 20:50 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2020-04-06 13:47 - 2019-06-13 05:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2020-04-06 13:47 - 2019-06-13 05:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2020-04-06 13:47 - 2019-06-13 05:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll 2020-04-06 13:47 - 2019-06-13 05:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2020-04-06 13:47 - 2019-06-13 05:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2020-04-06 13:47 - 2019-06-13 05:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll 2020-04-06 13:47 - 2019-06-13 03:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll 2020-04-06 13:46 - 2020-01-07 03:33 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2020-04-06 13:46 - 2020-01-07 03:32 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-04-06 13:46 - 2020-01-07 01:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-04-06 13:46 - 2020-01-06 20:02 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2020-04-06 13:46 - 2019-11-28 04:52 - 000094216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2020-04-06 13:46 - 2019-11-27 23:09 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2020-04-06 13:46 - 2019-11-27 23:09 - 000636848 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2020-04-06 13:46 - 2019-11-27 22:48 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2020-04-06 13:46 - 2019-11-08 01:46 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2020-04-06 13:46 - 2019-11-08 01:43 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2020-04-06 13:46 - 2019-11-08 01:40 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2020-04-06 13:46 - 2019-11-08 01:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll 2020-04-06 13:46 - 2019-11-08 01:38 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2020-04-06 13:46 - 2019-11-07 23:58 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll 2020-04-06 13:46 - 2019-11-07 23:57 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2020-04-06 13:46 - 2019-11-07 23:55 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2020-04-06 13:46 - 2019-11-07 20:38 - 000466744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2020-04-06 13:46 - 2019-11-07 20:12 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys 2020-04-06 13:46 - 2019-11-07 20:12 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll 2020-04-06 13:46 - 2019-11-07 20:11 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2020-04-06 13:46 - 2019-11-07 20:10 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll 2020-04-06 13:46 - 2019-11-07 20:09 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll 2020-04-06 13:46 - 2019-10-02 04:46 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2020-04-06 13:46 - 2019-10-02 04:29 - 001517480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2020-04-06 13:46 - 2019-10-02 03:24 - 001320640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2020-04-06 13:46 - 2019-10-02 02:25 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll 2020-04-06 13:46 - 2019-10-01 23:19 - 000374584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2020-04-06 13:46 - 2019-10-01 23:01 - 002468048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2020-04-06 13:46 - 2019-10-01 22:48 - 001990056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2020-04-06 13:46 - 2019-10-01 22:48 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2020-04-06 13:46 - 2019-10-01 22:40 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2020-04-06 13:46 - 2019-10-01 22:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll 2020-04-06 13:46 - 2019-10-01 22:19 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll 2020-04-06 13:46 - 2019-10-01 22:18 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll 2020-04-06 13:46 - 2019-09-13 04:40 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe 2020-04-06 13:46 - 2019-09-12 22:18 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe 2020-04-06 13:46 - 2019-09-12 22:16 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll 2020-04-06 13:46 - 2019-09-12 22:15 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll 2020-04-06 13:46 - 2019-09-12 22:14 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll 2020-04-06 13:46 - 2019-09-04 03:39 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe 2020-04-06 13:46 - 2019-09-03 22:40 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2020-04-06 13:46 - 2019-09-03 22:39 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2020-04-06 13:46 - 2019-08-12 20:49 - 000806328 _____ C:\WINDOWS\SysWOW64\locale.nls 2020-04-06 13:46 - 2019-08-12 20:49 - 000806328 _____ C:\WINDOWS\system32\locale.nls 2020-04-06 13:46 - 2019-08-07 02:09 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2020-04-06 13:46 - 2019-08-07 02:08 - 000227744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmllite.dll 2020-04-06 13:46 - 2019-08-07 01:56 - 000192608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmllite.dll 2020-04-06 13:46 - 2019-08-07 01:37 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll 2020-04-06 13:46 - 2019-08-07 01:35 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2020-04-06 13:46 - 2019-08-07 01:34 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2020-04-06 13:46 - 2019-08-07 01:33 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll 2020-04-06 13:46 - 2019-07-08 21:12 - 001286528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2020-04-06 13:46 - 2019-07-08 21:12 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2020-04-06 13:46 - 2019-07-08 20:56 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2020-04-06 13:46 - 2019-07-08 20:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdcpw.dll 2020-04-06 13:46 - 2019-07-03 22:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2020-04-06 13:46 - 2019-07-03 22:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2020-04-06 13:46 - 2019-07-03 22:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2020-04-06 13:46 - 2019-07-03 22:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2020-04-06 13:46 - 2019-06-13 03:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2020-04-06 13:46 - 2019-06-13 00:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll 2020-04-06 13:46 - 2019-06-13 00:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2020-04-06 13:46 - 2019-06-13 00:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2020-04-06 13:46 - 2019-06-12 22:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2020-04-06 13:45 - 2020-01-06 22:00 - 001224504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-04-06 13:45 - 2020-01-06 22:00 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-04-06 13:45 - 2020-01-06 21:30 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2020-04-06 13:45 - 2020-01-06 21:28 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2020-04-06 13:45 - 2020-01-06 21:27 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2020-04-06 13:45 - 2020-01-06 21:23 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2020-04-06 13:45 - 2019-11-28 04:47 - 000490336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2020-04-06 13:45 - 2019-11-27 23:10 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2020-04-06 13:45 - 2019-11-27 22:49 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2020-04-06 13:45 - 2019-11-08 02:20 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2020-04-06 13:45 - 2019-11-08 02:20 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2020-04-06 13:45 - 2019-11-08 02:20 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2020-04-06 13:45 - 2019-11-07 20:39 - 000249088 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll 2020-04-06 13:45 - 2019-11-07 20:13 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys 2020-04-06 13:45 - 2019-11-07 20:13 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2020-04-06 13:45 - 2019-10-02 04:50 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2020-04-06 13:45 - 2019-10-02 04:46 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2020-04-06 13:45 - 2019-10-02 04:45 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2020-04-06 13:45 - 2019-10-02 04:45 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2020-04-06 13:45 - 2019-10-02 04:45 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll 2020-04-06 13:45 - 2019-10-02 04:45 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2020-04-06 13:45 - 2019-10-02 04:34 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2020-04-06 13:45 - 2019-10-02 04:07 - 001262592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2020-04-06 13:45 - 2019-10-01 23:01 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2020-04-06 13:45 - 2019-10-01 23:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2020-04-06 13:45 - 2019-10-01 23:01 - 000514576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2020-04-06 13:45 - 2019-10-01 23:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2020-04-06 13:45 - 2019-10-01 22:49 - 000088016 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe 2020-04-06 13:45 - 2019-10-01 22:48 - 000103736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2020-04-06 13:45 - 2019-10-01 22:28 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2020-04-06 13:45 - 2019-10-01 22:28 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2020-04-06 13:45 - 2019-10-01 22:26 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL 2020-04-06 13:45 - 2019-10-01 22:26 - 000468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2020-04-06 13:45 - 2019-10-01 22:24 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL 2020-04-06 13:45 - 2019-10-01 22:24 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2020-04-06 13:45 - 2019-10-01 22:24 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2020-04-06 13:45 - 2019-10-01 22:19 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2020-04-06 13:45 - 2019-10-01 22:18 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2020-04-06 13:45 - 2019-10-01 22:17 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2020-04-06 13:45 - 2019-10-01 22:17 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2020-04-06 13:45 - 2019-10-01 22:16 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe 2020-04-06 13:45 - 2019-10-01 22:15 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2020-04-06 13:45 - 2019-10-01 22:13 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2020-04-06 13:45 - 2019-09-13 04:56 - 000341392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll 2020-04-06 13:45 - 2019-09-13 04:44 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2020-04-06 13:45 - 2019-09-13 04:44 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2020-04-06 13:45 - 2019-09-12 22:21 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2020-04-06 13:45 - 2019-09-12 22:15 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2020-04-06 13:45 - 2019-09-12 22:13 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll 2020-04-06 13:45 - 2019-09-12 22:12 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2020-04-06 13:45 - 2019-09-12 22:11 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll 2020-04-06 13:45 - 2019-09-10 01:17 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2020-04-06 13:45 - 2019-09-03 23:14 - 000361752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2020-04-06 13:45 - 2019-09-03 22:39 - 000961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2020-04-06 13:45 - 2019-09-03 22:39 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2020-04-06 13:45 - 2019-09-03 22:39 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2020-04-06 13:45 - 2019-09-03 22:38 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2020-04-06 13:45 - 2019-09-03 22:38 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2020-04-06 13:45 - 2019-08-13 08:42 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2020-04-06 13:45 - 2019-08-13 08:40 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2020-04-06 13:45 - 2019-08-13 03:49 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2020-04-06 13:45 - 2019-08-07 02:09 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2020-04-06 13:45 - 2019-08-07 01:56 - 000357336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2020-04-06 13:45 - 2019-08-07 01:36 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll 2020-04-06 13:45 - 2019-08-07 01:31 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2020-04-06 13:45 - 2019-07-09 02:07 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2020-04-06 13:45 - 2019-07-09 01:44 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe 2020-04-06 13:45 - 2019-07-08 21:23 - 001213264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2020-04-06 13:45 - 2019-07-08 21:19 - 001674216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2020-04-06 13:45 - 2019-07-08 21:19 - 000799248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2020-04-06 13:45 - 2019-07-08 21:11 - 000576528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2020-04-06 13:45 - 2019-07-08 20:51 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2020-04-06 13:45 - 2019-07-08 20:50 - 000141312 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2020-04-06 13:45 - 2019-07-08 20:48 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2020-04-06 13:45 - 2019-07-08 20:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2020-04-06 13:45 - 2019-07-08 20:48 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2020-04-06 13:45 - 2019-07-08 20:44 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2020-04-06 13:45 - 2019-06-13 05:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2020-04-06 13:45 - 2019-06-13 05:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2020-04-06 13:45 - 2019-06-13 05:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2020-04-06 13:45 - 2019-06-13 05:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe 2020-04-06 13:45 - 2019-06-13 03:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2020-04-06 13:45 - 2019-06-13 00:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2020-04-06 13:44 - 2020-01-07 03:34 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll 2020-04-06 13:44 - 2020-01-07 02:01 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll 2020-04-06 13:44 - 2020-01-06 21:59 - 001798664 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2020-04-06 13:44 - 2020-01-06 21:29 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2020-04-06 13:44 - 2020-01-06 21:28 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2020-04-06 13:44 - 2020-01-06 21:28 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2020-04-06 13:44 - 2019-11-28 04:47 - 000790928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2020-04-06 13:44 - 2019-11-28 04:47 - 000396304 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2020-04-06 13:44 - 2019-11-28 04:26 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2020-04-06 13:44 - 2019-11-28 03:07 - 000662840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2020-04-06 13:44 - 2019-11-28 03:06 - 000322360 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2020-04-06 13:44 - 2019-11-27 23:09 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2020-04-06 13:44 - 2019-11-27 22:48 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2020-04-06 13:44 - 2019-11-27 22:41 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2020-04-06 13:44 - 2019-11-27 22:40 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2020-04-06 13:44 - 2019-11-27 22:39 - 000929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2020-04-06 13:44 - 2019-11-27 22:36 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2020-04-06 13:44 - 2019-11-27 22:35 - 001418752 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2020-04-06 13:44 - 2019-11-07 20:39 - 000727584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2020-04-06 13:44 - 2019-11-07 20:39 - 000435728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2020-04-06 13:44 - 2019-11-07 20:31 - 000379432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2020-04-06 13:44 - 2019-11-07 20:12 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2020-04-06 13:44 - 2019-11-07 20:10 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2020-04-06 13:44 - 2019-11-07 20:09 - 000659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2020-04-06 13:44 - 2019-10-02 05:14 - 000349216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2020-04-06 13:44 - 2019-10-02 05:08 - 001047568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2020-04-06 13:44 - 2019-10-02 04:27 - 000117240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2020-04-06 13:44 - 2019-10-02 04:06 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2020-04-06 13:44 - 2019-10-02 03:23 - 000106560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe 2020-04-06 13:44 - 2019-10-02 03:07 - 000486400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2020-04-06 13:44 - 2019-10-02 02:53 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2020-04-06 13:44 - 2019-10-01 23:02 - 000210448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2020-04-06 13:44 - 2019-10-01 23:02 - 000194352 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2020-04-06 13:44 - 2019-10-01 23:00 - 000039032 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll 2020-04-06 13:44 - 2019-10-01 22:50 - 000148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2020-04-06 13:44 - 2019-10-01 22:50 - 000095224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2020-04-06 13:44 - 2019-10-01 22:49 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll 2020-04-06 13:44 - 2019-10-01 22:48 - 000430304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll 2020-04-06 13:44 - 2019-10-01 22:48 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll 2020-04-06 13:44 - 2019-10-01 22:47 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2020-04-06 13:44 - 2019-10-01 22:34 - 000129360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2020-04-06 13:44 - 2019-10-01 22:34 - 000081040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2020-04-06 13:44 - 2019-10-01 22:32 - 000412696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll 2020-04-06 13:44 - 2019-10-01 22:28 - 002929152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll 2020-04-06 13:44 - 2019-10-01 22:25 - 001862656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll 2020-04-06 13:44 - 2019-10-01 22:18 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll 2020-04-06 13:44 - 2019-10-01 22:16 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll 2020-04-06 13:44 - 2019-10-01 22:14 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2020-04-06 13:44 - 2019-10-01 22:09 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2020-04-06 13:44 - 2019-09-13 05:03 - 000586680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2020-04-06 13:44 - 2019-09-13 04:41 - 001644032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2020-04-06 13:44 - 2019-09-13 04:41 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2020-04-06 13:44 - 2019-09-13 04:40 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2020-04-06 13:44 - 2019-09-13 03:18 - 000470512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll 2020-04-06 13:44 - 2019-09-13 03:01 - 001300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2020-04-06 13:44 - 2019-09-13 03:01 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2020-04-06 13:44 - 2019-09-12 22:49 - 000274792 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2020-04-06 13:44 - 2019-09-12 22:48 - 000710240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2020-04-06 13:44 - 2019-09-12 22:21 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll 2020-04-06 13:44 - 2019-09-12 22:19 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2020-04-06 13:44 - 2019-09-12 22:18 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2020-04-06 13:44 - 2019-09-12 22:17 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2020-04-06 13:44 - 2019-09-12 22:16 - 000910336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2020-04-06 13:44 - 2019-09-12 22:15 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll 2020-04-06 13:44 - 2019-09-12 22:14 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2020-04-06 13:44 - 2019-09-12 22:14 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2020-04-06 13:44 - 2019-09-12 22:14 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2020-04-06 13:44 - 2019-09-12 22:13 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2020-04-06 13:44 - 2019-09-12 22:12 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2020-04-06 13:44 - 2019-09-12 22:11 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2020-04-06 13:44 - 2019-09-03 23:13 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2020-04-06 13:44 - 2019-09-03 23:02 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2020-04-06 13:44 - 2019-09-03 22:41 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2020-04-06 13:44 - 2019-09-03 22:40 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2020-04-06 13:44 - 2019-09-03 22:38 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2020-04-06 13:44 - 2019-08-13 12:06 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe 2020-04-06 13:44 - 2019-08-13 03:49 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComputerDefaults.exe 2020-04-06 13:44 - 2019-08-12 22:13 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2020-04-06 13:44 - 2019-08-12 22:13 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll 2020-04-06 13:44 - 2019-08-07 02:08 - 001566736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2020-04-06 13:44 - 2019-08-07 02:08 - 000494992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2020-04-06 13:44 - 2019-08-07 01:56 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2020-04-06 13:44 - 2019-08-07 01:38 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2020-04-06 13:44 - 2019-08-07 01:36 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2020-04-06 13:44 - 2019-08-07 01:35 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2020-04-06 13:44 - 2019-08-07 01:32 - 000318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2020-04-06 13:44 - 2019-08-07 01:31 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2020-04-06 13:44 - 2019-07-09 01:39 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2020-04-06 13:44 - 2019-07-09 00:38 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2020-04-06 13:44 - 2019-07-08 21:29 - 000230200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2020-04-06 13:44 - 2019-07-08 21:19 - 000152104 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2020-04-06 13:44 - 2019-07-08 21:19 - 000046608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\werkernel.sys 2020-04-06 13:44 - 2019-07-08 20:51 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll 2020-04-06 13:44 - 2019-07-08 20:50 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2020-04-06 13:44 - 2019-07-08 20:50 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2020-04-06 13:44 - 2019-07-08 20:45 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2020-04-06 13:44 - 2019-07-08 20:44 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2020-04-06 13:44 - 2019-07-03 22:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2020-04-06 13:44 - 2019-07-03 22:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2020-04-06 13:44 - 2019-07-03 22:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2020-04-06 13:44 - 2019-07-03 22:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2020-04-06 13:44 - 2019-06-13 00:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2020-04-06 13:44 - 2019-06-13 00:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2020-04-06 13:44 - 2019-06-13 00:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2020-04-06 13:43 - 2020-01-07 03:54 - 001639864 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-04-06 13:43 - 2020-01-07 02:15 - 001628496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-04-06 13:43 - 2020-01-06 22:00 - 000076328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2020-04-06 13:43 - 2020-01-06 21:59 - 001964176 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2020-04-06 13:43 - 2020-01-06 21:48 - 001659944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2020-04-06 13:43 - 2020-01-06 21:27 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2020-04-06 13:43 - 2020-01-06 21:25 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2020-04-06 13:43 - 2020-01-06 21:24 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2020-04-06 13:43 - 2020-01-06 21:24 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2020-04-06 13:43 - 2019-11-27 23:11 - 000498072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll 2020-04-06 13:43 - 2019-11-27 23:09 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2020-04-06 13:43 - 2019-11-27 23:09 - 001260784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2020-04-06 13:43 - 2019-11-27 23:09 - 001141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2020-04-06 13:43 - 2019-11-27 23:09 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2020-04-06 13:43 - 2019-11-27 22:51 - 000424208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2020-04-06 13:43 - 2019-11-27 22:39 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2020-04-06 13:43 - 2019-11-27 22:38 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2020-04-06 13:43 - 2019-11-27 22:28 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2020-04-06 13:43 - 2019-11-07 20:39 - 000500752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2020-04-06 13:43 - 2019-11-07 20:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2020-04-06 13:43 - 2019-10-31 20:10 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2020-04-06 13:43 - 2019-10-02 04:09 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2020-04-06 13:43 - 2019-10-02 04:05 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll 2020-04-06 13:43 - 2019-10-02 03:08 - 000472576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll 2020-04-06 13:43 - 2019-10-02 03:06 - 002406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2020-04-06 13:43 - 2019-10-01 23:00 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2020-04-06 13:43 - 2019-10-01 22:59 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2020-04-06 13:43 - 2019-10-01 22:49 - 000769288 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll 2020-04-06 13:43 - 2019-10-01 22:48 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2020-04-06 13:43 - 2019-10-01 22:47 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2020-04-06 13:43 - 2019-10-01 22:34 - 000526512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll 2020-04-06 13:43 - 2019-10-01 22:23 - 004938240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2020-04-06 13:43 - 2019-10-01 22:23 - 004517376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2020-04-06 13:43 - 2019-10-01 22:19 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2020-04-06 13:43 - 2019-10-01 22:18 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2020-04-06 13:43 - 2019-10-01 22:14 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2020-04-06 13:43 - 2019-10-01 22:14 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll 2020-04-06 13:43 - 2019-10-01 22:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2020-04-06 13:43 - 2019-10-01 22:13 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2020-04-06 13:43 - 2019-10-01 22:09 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2020-04-06 13:43 - 2019-09-13 04:40 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2020-04-06 13:43 - 2019-09-13 03:00 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2020-04-06 13:43 - 2019-09-12 22:58 - 007900880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2020-04-06 13:43 - 2019-09-12 22:56 - 005821448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2020-04-06 13:43 - 2019-09-12 22:15 - 002913792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2020-04-06 13:43 - 2019-09-12 22:11 - 000979456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll 2020-04-06 13:43 - 2019-09-09 19:20 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2020-04-06 13:43 - 2019-09-09 19:20 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2020-04-06 13:43 - 2019-09-03 23:24 - 000705336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2020-04-06 13:43 - 2019-09-03 23:14 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2020-04-06 13:43 - 2019-09-03 23:13 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2020-04-06 13:43 - 2019-09-03 23:03 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2020-04-06 13:43 - 2019-09-03 22:42 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2020-04-06 13:43 - 2019-09-03 22:41 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2020-04-06 13:43 - 2019-09-03 22:41 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2020-04-06 13:43 - 2019-08-13 09:04 - 001585304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2020-04-06 13:43 - 2019-08-12 22:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2020-04-06 13:43 - 2019-08-12 22:44 - 001793472 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2020-04-06 13:43 - 2019-08-12 22:12 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2020-04-06 13:43 - 2019-08-12 19:24 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2020-04-06 13:43 - 2019-08-12 18:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2020-04-06 13:43 - 2019-08-07 02:07 - 001031696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2020-04-06 13:43 - 2019-07-10 19:30 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2020-04-06 13:43 - 2019-07-08 21:19 - 000767232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2020-04-06 13:43 - 2019-07-08 21:12 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2020-04-06 13:43 - 2019-07-08 20:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2020-04-06 13:43 - 2019-07-08 20:48 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2020-04-06 13:43 - 2019-07-08 20:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2020-04-06 13:43 - 2019-07-08 20:46 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2020-04-06 13:43 - 2019-07-08 20:43 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2020-04-06 13:43 - 2019-06-19 20:21 - 000058882 _____ C:\WINDOWS\system32\srms.dat 2020-04-06 13:43 - 2019-06-13 05:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2020-04-06 13:43 - 2019-06-13 05:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2020-04-06 13:43 - 2019-06-13 05:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe 2020-04-06 13:43 - 2019-06-13 05:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2020-04-06 13:43 - 2019-06-13 01:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2020-04-06 13:43 - 2019-06-13 01:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2020-04-06 13:43 - 2019-06-13 00:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2020-04-06 13:43 - 2019-06-13 00:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2020-04-06 13:43 - 2019-06-12 22:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2020-04-06 13:42 - 2020-01-07 03:33 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-04-06 13:42 - 2020-01-07 01:59 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-04-06 13:42 - 2020-01-06 22:03 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2020-04-06 13:42 - 2020-01-06 21:59 - 002810896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2020-04-06 13:42 - 2020-01-06 21:58 - 009080848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-04-06 13:42 - 2020-01-06 21:30 - 003403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2020-04-06 13:42 - 2020-01-06 21:27 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2020-04-06 13:42 - 2020-01-06 21:25 - 002179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2020-04-06 13:42 - 2020-01-06 21:25 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2020-04-06 13:42 - 2020-01-06 21:24 - 002163712 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-04-06 13:42 - 2020-01-06 21:24 - 001563648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2020-04-06 13:42 - 2020-01-06 21:24 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-04-06 13:42 - 2020-01-06 21:24 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2020-04-06 13:42 - 2020-01-06 21:23 - 001058816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2020-04-06 13:42 - 2020-01-06 21:23 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-04-06 13:42 - 2020-01-06 21:23 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2020-04-06 13:42 - 2019-11-28 04:46 - 001632112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2020-04-06 13:42 - 2019-11-28 03:09 - 001453624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2020-04-06 13:42 - 2019-11-27 23:10 - 002571336 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2020-04-06 13:42 - 2019-11-27 22:49 - 001979960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2020-04-06 13:42 - 2019-11-27 22:35 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2020-04-06 13:42 - 2019-11-27 22:25 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2020-04-06 13:42 - 2019-11-08 01:38 - 001289216 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2020-04-06 13:42 - 2019-11-07 20:38 - 002711352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2020-04-06 13:42 - 2019-11-07 20:10 - 003091968 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2020-04-06 13:42 - 2019-11-07 20:09 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2020-04-06 13:42 - 2019-11-07 20:08 - 003203072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2020-04-06 13:42 - 2019-11-07 20:08 - 002603008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2020-04-06 13:42 - 2019-10-02 04:50 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2020-04-06 13:42 - 2019-10-02 04:48 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2020-04-06 13:42 - 2019-10-02 04:06 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll 2020-04-06 13:42 - 2019-10-02 03:07 - 000645632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll 2020-04-06 13:42 - 2019-10-02 02:42 - 003397120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2020-04-06 13:42 - 2019-10-01 23:01 - 001288928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-04-06 13:42 - 2019-10-01 22:59 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2020-04-06 13:42 - 2019-10-01 22:59 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2020-04-06 13:42 - 2019-10-01 22:48 - 002421776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2020-04-06 13:42 - 2019-10-01 22:48 - 001922056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys 2020-04-06 13:42 - 2019-10-01 22:47 - 001380312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2020-04-06 13:42 - 2019-10-01 22:47 - 001020280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2020-04-06 13:42 - 2019-10-01 22:47 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2020-04-06 13:42 - 2019-10-01 22:22 - 001110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2020-04-06 13:42 - 2019-10-01 22:15 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2020-04-06 13:42 - 2019-10-01 22:11 - 000848384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll 2020-04-06 13:42 - 2019-09-13 04:57 - 001375456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2020-04-06 13:42 - 2019-09-13 03:17 - 001026280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2020-04-06 13:42 - 2019-09-12 22:48 - 003290584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2020-04-06 13:42 - 2019-09-12 22:47 - 001947168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2020-04-06 13:42 - 2019-09-12 22:36 - 002478152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2020-04-06 13:42 - 2019-09-12 22:35 - 001559272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2020-04-06 13:42 - 2019-09-03 23:04 - 000286616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2020-04-06 13:42 - 2019-08-13 12:21 - 000221016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2020-04-06 13:42 - 2019-06-13 05:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe 2020-04-06 13:42 - 2019-06-13 05:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2020-04-06 13:42 - 2019-06-13 00:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll 2020-04-06 13:42 - 2019-06-13 00:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll 2020-04-06 13:42 - 2019-06-13 00:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll 2020-04-06 13:42 - 2019-06-13 00:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll 2020-04-06 13:42 - 2019-06-12 22:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll 2020-04-06 13:42 - 2019-06-12 22:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll 2020-04-06 13:42 - 2019-06-12 22:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll 2020-04-06 13:41 - 2020-01-07 04:02 - 000403584 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2020-04-06 13:41 - 2020-01-07 03:54 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2020-04-06 13:41 - 2020-01-07 03:37 - 008628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2020-04-06 13:41 - 2020-01-07 02:15 - 000358128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2020-04-06 13:41 - 2020-01-07 02:00 - 007991808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2020-04-06 13:41 - 2020-01-07 01:24 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2020-04-06 13:41 - 2020-01-06 23:27 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2020-04-06 13:41 - 2020-01-06 21:59 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-04-06 13:41 - 2020-01-06 21:49 - 001462192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2020-04-06 13:41 - 2020-01-06 21:48 - 006566448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-04-06 13:41 - 2020-01-06 21:30 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2020-04-06 13:41 - 2020-01-06 21:27 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2020-04-06 13:41 - 2020-01-06 21:26 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2020-04-06 13:41 - 2020-01-06 21:26 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2020-04-06 13:41 - 2020-01-06 21:24 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2020-04-06 13:41 - 2019-11-28 04:27 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2020-04-06 13:41 - 2019-11-27 23:10 - 002161072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2020-04-06 13:41 - 2019-11-27 22:49 - 001651040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2020-04-06 13:41 - 2019-11-27 22:43 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2020-04-06 13:41 - 2019-11-27 22:38 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-04-06 13:41 - 2019-11-27 22:34 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2020-04-06 13:41 - 2019-11-27 22:28 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-04-06 13:41 - 2019-11-08 01:38 - 000488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2020-04-06 13:41 - 2019-11-07 23:56 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2020-04-06 13:41 - 2019-11-07 20:39 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2020-04-06 13:41 - 2019-11-07 20:39 - 000494904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2020-04-06 13:41 - 2019-11-07 20:39 - 000440768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2020-04-06 13:41 - 2019-11-07 20:39 - 000209936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2020-04-06 13:41 - 2019-11-07 20:39 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2020-04-06 13:41 - 2019-11-07 20:32 - 000435216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2020-04-06 13:41 - 2019-11-07 20:32 - 000385272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2020-04-06 13:41 - 2019-11-07 20:32 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2020-04-06 13:41 - 2019-11-07 20:32 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2020-04-06 13:41 - 2019-11-07 20:31 - 006053808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2020-04-06 13:41 - 2019-11-07 20:31 - 000665432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2020-04-06 13:41 - 2019-11-07 20:17 - 022736384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-04-06 13:41 - 2019-10-02 05:10 - 004527072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2020-04-06 13:41 - 2019-10-02 05:08 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL 2020-04-06 13:41 - 2019-10-02 04:50 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2020-04-06 13:41 - 2019-10-02 04:45 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2020-04-06 13:41 - 2019-10-02 04:28 - 021411976 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2020-04-06 13:41 - 2019-10-02 04:13 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2020-04-06 13:41 - 2019-10-02 03:11 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2020-04-06 13:41 - 2019-10-02 02:52 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL 2020-04-06 13:41 - 2019-10-01 23:02 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2020-04-06 13:41 - 2019-10-01 22:50 - 006979128 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2020-04-06 13:41 - 2019-10-01 22:47 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2020-04-06 13:41 - 2019-10-01 22:33 - 003330880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll 2020-04-06 13:41 - 2019-10-01 22:26 - 016598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2020-04-06 13:41 - 2019-10-01 22:25 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll 2020-04-06 13:41 - 2019-10-01 22:23 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2020-04-06 13:41 - 2019-10-01 22:21 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2020-04-06 13:41 - 2019-10-01 22:20 - 001647616 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2020-04-06 13:41 - 2019-10-01 22:16 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll 2020-04-06 13:41 - 2019-10-01 22:16 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll 2020-04-06 13:41 - 2019-10-01 22:10 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll 2020-04-06 13:41 - 2019-09-13 04:40 - 000806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2020-04-06 13:41 - 2019-09-13 04:40 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2020-04-06 13:41 - 2019-09-13 04:39 - 002085888 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2020-04-06 13:41 - 2019-09-13 04:39 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2020-04-06 13:41 - 2019-09-13 02:59 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2020-04-06 13:41 - 2019-09-12 22:48 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2020-04-06 13:41 - 2019-09-12 22:17 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2020-04-06 13:41 - 2019-09-12 22:15 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2020-04-06 13:41 - 2019-09-12 22:15 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2020-04-06 13:41 - 2019-09-12 22:13 - 002893312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2020-04-06 13:41 - 2019-09-12 22:13 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2020-04-06 13:41 - 2019-09-12 22:12 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll 2020-04-06 13:41 - 2019-09-12 22:11 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll 2020-04-06 13:41 - 2019-09-10 01:16 - 019525632 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2020-04-06 13:41 - 2019-09-03 23:14 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2020-04-06 13:41 - 2019-09-03 23:02 - 001805872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2020-04-06 13:41 - 2019-09-03 22:48 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2020-04-06 13:41 - 2019-09-03 22:46 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2020-04-06 13:41 - 2019-09-03 22:45 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2020-04-06 13:41 - 2019-09-03 22:44 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2020-04-06 13:41 - 2019-09-03 22:44 - 003687424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2020-04-06 13:41 - 2019-09-03 22:43 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2020-04-06 13:41 - 2019-09-03 22:43 - 004849664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2020-04-06 13:41 - 2019-09-03 22:43 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2020-04-06 13:41 - 2019-09-03 22:43 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2020-04-06 13:41 - 2019-09-03 22:42 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2020-04-06 13:41 - 2019-09-03 22:42 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2020-04-06 13:41 - 2019-09-03 22:42 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2020-04-06 13:41 - 2019-09-03 22:41 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll 2020-04-06 13:41 - 2019-09-03 22:41 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll 2020-04-06 13:41 - 2019-09-03 22:40 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2020-04-06 13:41 - 2019-09-03 22:40 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2020-04-06 13:41 - 2019-09-03 22:39 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2020-04-06 13:41 - 2019-09-03 22:39 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2020-04-06 13:41 - 2019-08-13 12:06 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2020-04-06 13:41 - 2019-08-13 08:45 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2020-04-06 13:41 - 2019-08-13 08:43 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll 2020-04-06 13:41 - 2019-08-13 03:46 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2020-04-06 13:41 - 2019-08-12 22:17 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2020-04-06 13:41 - 2019-08-12 22:11 - 000737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2020-04-06 13:41 - 2019-08-07 06:55 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll 2020-04-06 13:41 - 2019-08-07 06:55 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll 2020-04-06 13:41 - 2019-08-07 06:53 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll 2020-04-06 13:41 - 2019-08-07 06:53 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll 2020-04-06 13:41 - 2019-08-07 06:51 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll 2020-04-06 13:41 - 2019-08-07 06:26 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll 2020-04-06 13:41 - 2019-08-07 06:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll 2020-04-06 13:41 - 2019-08-07 06:24 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll 2020-04-06 13:41 - 2019-08-07 01:36 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2020-04-06 13:41 - 2019-08-07 01:36 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll 2020-04-06 13:41 - 2019-08-07 01:35 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll 2020-04-06 13:41 - 2019-08-07 01:32 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2020-04-06 13:41 - 2019-08-07 01:31 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2020-04-06 13:41 - 2019-07-09 01:43 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll 2020-04-06 13:41 - 2019-07-09 01:39 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe 2020-04-06 13:41 - 2019-07-09 01:39 - 001193472 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll 2020-04-06 13:41 - 2019-07-08 20:43 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2020-04-06 13:41 - 2019-07-04 03:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2020-04-06 13:41 - 2019-07-03 22:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2020-04-06 13:41 - 2019-07-03 22:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2020-04-06 13:41 - 2019-07-03 22:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2020-04-06 13:41 - 2019-06-13 05:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll 2020-04-06 13:41 - 2019-06-13 00:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2020-04-06 13:40 - 2019-11-27 22:28 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2020-04-06 13:40 - 2019-11-08 01:43 - 012835328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2020-04-06 13:40 - 2019-11-08 00:00 - 012036096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2020-04-06 13:40 - 2019-11-07 20:40 - 005627280 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2020-04-06 13:40 - 2019-11-07 20:38 - 007447904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2020-04-06 13:40 - 2019-11-07 20:15 - 019386368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-04-06 13:40 - 2019-11-07 20:14 - 004383232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2020-04-06 13:40 - 2019-10-02 04:53 - 004852736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2020-04-06 13:40 - 2019-10-02 04:47 - 000957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2020-04-06 13:40 - 2019-10-02 04:34 - 004098912 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2020-04-06 13:40 - 2019-10-02 04:13 - 006594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2020-04-06 13:40 - 2019-10-02 04:12 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2020-04-06 13:40 - 2019-10-02 03:22 - 020402960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2020-04-06 13:40 - 2019-10-02 03:22 - 003751824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2020-04-06 13:40 - 2019-10-02 03:16 - 005662720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2020-04-06 13:40 - 2019-10-02 02:41 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2020-04-06 13:40 - 2019-10-01 23:21 - 002417744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2020-04-06 13:40 - 2019-10-01 23:20 - 003180080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2020-04-06 13:40 - 2019-10-01 22:58 - 000795360 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2020-04-06 13:40 - 2019-10-01 22:49 - 001662480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2020-04-06 13:40 - 2019-10-01 22:33 - 001254712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll 2020-04-06 13:40 - 2019-10-01 22:28 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2020-04-06 13:40 - 2019-10-01 22:27 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2020-04-06 13:40 - 2019-10-01 22:16 - 002379264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2020-04-06 13:40 - 2019-09-12 22:58 - 001613096 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2020-04-06 13:40 - 2019-09-12 22:56 - 001299472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2020-04-06 13:40 - 2019-08-13 12:21 - 000665400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2020-04-06 13:40 - 2019-08-13 04:09 - 000771384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2020-04-06 13:40 - 2019-08-13 04:09 - 000571688 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe 2020-04-06 13:40 - 2019-08-13 03:51 - 000905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe 2020-04-06 13:40 - 2019-08-13 03:50 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll 2020-04-06 13:40 - 2019-08-07 06:54 - 004783104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2020-04-06 13:40 - 2019-08-07 06:25 - 004175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2020-04-06 13:19 - 2020-04-06 13:20 - 000000000 ____D C:\Program Files (x86)\Teams Installer 2020-04-06 08:17 - 2020-04-21 15:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-04-21 15:40 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-04-21 15:33 - 2018-05-24 17:01 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-04-21 15:33 - 2018-04-11 17:36 - 000000000 ____D C:\WINDOWS\INF 2020-04-21 15:31 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-04-21 15:31 - 2015-08-18 17:30 - 000000000 __SHD C:\Users\MarKay\IntelGraphicsProfiles 2020-04-21 15:30 - 2018-05-24 16:49 - 000000000 ____D C:\Users\MarKay 2020-04-21 15:30 - 2017-08-22 00:09 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2020-04-21 15:29 - 2018-05-24 17:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-04-21 15:29 - 2018-05-24 16:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-04-21 15:24 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2020-04-21 15:11 - 2015-08-18 18:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-04-21 15:10 - 2018-04-11 15:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-04-21 15:08 - 2015-01-10 05:44 - 000000000 ____D C:\Program Files (x86)\Amazon 2020-04-21 14:58 - 2018-04-11 17:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2020-04-21 14:56 - 2015-09-13 13:49 - 000000000 ____D C:\Users\MarKay\AppData\Local\Google 2020-04-21 14:53 - 2016-11-28 10:10 - 000000000 ____D C:\Users\MarKay\AppData\LocalLow\Mozilla 2020-04-21 14:44 - 2018-02-13 15:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2020-04-21 14:43 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps 2020-04-21 14:43 - 2015-08-18 18:41 - 000001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-04-21 14:41 - 2018-01-12 07:32 - 000000000 ___RD C:\Users\MarKay\3D Objects 2020-04-21 14:41 - 2015-08-18 17:21 - 000000000 __RHD C:\Users\Public\AccountPictures 2020-04-21 14:30 - 2018-05-24 16:43 - 000501528 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-04-21 14:27 - 2015-08-20 13:23 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2020-04-21 14:27 - 2015-08-20 13:23 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\UNP 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\TextInput 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2020-04-21 14:21 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2020-04-21 14:21 - 2018-04-11 15:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\ShellComponents 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\Provisioning 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2020-04-21 14:20 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ___SD C:\WINDOWS\system32\F12 2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ___RD C:\Program Files\Windows Defender 2020-04-21 14:19 - 2018-04-11 17:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2020-04-21 14:18 - 2015-08-20 13:08 - 000000000 ____D C:\Program Files\Microsoft Silverlight 2020-04-21 14:18 - 2015-01-10 05:51 - 000000000 ____D C:\Program Files (x86)\Dropbox 2020-04-21 14:17 - 2018-04-11 15:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2020-04-21 14:16 - 2019-03-19 01:02 - 000000000 ___HD C:\$WINDOWS.~BT 2020-04-21 14:16 - 2018-05-23 18:21 - 000000000 ___DC C:\WINDOWS\Panther 2020-04-21 14:14 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\Registration 2020-04-21 14:03 - 2018-05-24 17:11 - 000009528 _____ C:\WINDOWS\diagwrn.xml 2020-04-21 14:03 - 2018-05-24 17:11 - 000009528 _____ C:\WINDOWS\diagerr.xml 2020-04-21 13:33 - 2017-12-29 22:11 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-04-21 13:33 - 2017-12-29 22:11 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-04-21 13:33 - 2017-12-29 22:11 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-04-21 12:38 - 2018-04-11 17:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-04-21 11:59 - 2015-01-10 05:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2020-04-21 11:38 - 2018-07-09 10:03 - 000004584 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-04-21 11:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2020-04-21 11:38 - 2018-04-11 17:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2020-04-19 21:18 - 2018-05-24 17:12 - 000004572 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-04-09 16:35 - 2015-01-10 05:30 - 000000000 ____D C:\ProgramData\Temp 2020-04-09 16:30 - 2018-05-24 17:12 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3528668509-3968989764-3154782742-1001 2020-04-09 16:29 - 2018-05-24 16:49 - 000002410 _____ C:\Users\MarKay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-04-09 16:29 - 2015-08-18 17:36 - 000000000 ___RD C:\Users\MarKay\OneDrive 2020-04-07 01:48 - 2018-06-14 21:22 - 000000000 ____D C:\ProgramData\Packages 2020-04-07 01:31 - 2018-01-11 19:08 - 000000000 ____D C:\Users\MarKay\AppData\Local\Packages 2020-04-06 14:18 - 2018-04-11 17:38 - 000017800 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2020-04-06 13:05 - 2015-08-20 13:23 - 000000000 ____D C:\Users\MarKay\AppData\Local\Dropbox 2020-04-06 12:53 - 2018-05-24 17:12 - 000003982 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2020-04-06 12:53 - 2018-05-24 17:12 - 000003750 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore 2020-04-06 08:28 - 2019-06-07 16:11 - 000000000 ____D C:\Program Files\CUAssistant 2020-04-06 08:21 - 2015-11-17 00:33 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2020-04-06 08:16 - 2018-01-11 17:03 - 000000000 ____D C:\Program Files\rempl 2020-04-06 08:15 - 2018-05-24 17:12 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2020-04-06 08:15 - 2018-05-24 17:12 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2020-04-06 08:13 - 2017-12-29 22:11 - 000000000 ____D C:\Program Files (x86)\Google ==================== Files in the root of some directories ======== 2016-02-05 21:29 - 2016-08-01 20:16 - 000010886 _____ () C:\Users\MarKay\AppData\Local\OfficeMix_16_0.txt ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================
  5. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/21/20 Scan Time: 3:01 PM Log File: 519a01f8-8413-11ea-bad3-74e6e239d998.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.875 Update Package Version: 1.0.22744 License: Trial -System Information- OS: Windows 10 (Build 17134.1246) CPU: x64 File System: NTFS User: MARKAY\MarKay -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 299963 Threats Detected: 3 Threats Quarantined: 3 Time Elapsed: 5 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 2 PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, 11070, -1, 0.0.0, , action, PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, 11070, -1, 0.0.0, , action, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 1 PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP, Quarantined, 11070, 809559, 1.0.22744, , ame, File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  6. # ------------------------------- # Malwarebytes AdwCleaner 8.0.4.0 # ------------------------------- # Build: 04-03-2020 # Database: 2020-04-08.2 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 04-21-2020 # Duration: 00:00:26 # OS: Windows 10 Home # Cleaned: 23 # Failed: 1 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\mysearch.avg.com Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll Deleted HKLM\Software\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted HKLM\Software\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D Deleted HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp Deleted HKLM\Software\Wow6432Node\\Classes\AppID\AmazonAppIE.dll Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8} Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769} Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted AVG Secure Search Deleted https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp Deleted https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp Deleted https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp Deleted https://mysearch.avg.com?cid={37CD525D-9C01-4C54-93B7-5D338E9E6C78}&mid=fc0f94ce627547d2b4fe595b08624410-08bfd2d650d49b04e4dfd009589721a1f02a8332&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-09-04 08:48:16&v=18.1.9.786&pid=safeguard&sg=&sap=hp Not Deleted AVG Secure Search ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [9031 octets] - [21/04/2020 14:11:16] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
  7. Please help clean my computer!
  8. Thank you so much chuck it is working so much better!! I will surely recommend you!
  9. # DelFix v10.8 - Logfile created 30/11/2014 at 20:54:38 # Updated 29/07/2014 by Xplode # Username : Owner - OWNER-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\_OTL Deleted : C:\zoek_backup Deleted : C:\AdwCleaner Deleted : C:\zoek-results.log Deleted : C:\Users\Owner\Desktop\dds.txt Deleted : C:\Users\Owner\Desktop\JRT.txt Deleted : C:\Users\Owner\Downloads\adwcleaner.exe Deleted : C:\Users\Owner\Downloads\adwcleaner_4.102.exe Deleted : C:\Users\Owner\Downloads\dds.scr Deleted : C:\Users\Owner\Downloads\Extras.Txt Deleted : C:\Users\Owner\Downloads\JRT(1).exe Deleted : C:\Users\Owner\Downloads\JRT.exe Deleted : C:\Users\Owner\Downloads\OTL.Txt Deleted : C:\Users\Owner\Downloads\SecurityCheck(1).exe Deleted : C:\Users\Owner\Downloads\SecurityCheck.exe Deleted : HKLM\SOFTWARE\OldTimer Tools Deleted : HKLM\SOFTWARE\AdwCleaner ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #253 [Windows Update | 10/31/2014 16:25:43] Deleted : RP #254 [Windows Update | 11/05/2014 23:55:27] Deleted : RP #255 [Removed WeatherBug | 11/12/2014 23:19:32] Deleted : RP #256 [Windows Update | 11/12/2014 23:35:29] Deleted : RP #257 [Removed VideoBuzz | 11/12/2014 23:55:50] Deleted : RP #258 [Windows Update | 11/13/2014 02:58:38] Deleted : RP #259 [Windows Update | 11/19/2014 00:49:58] Deleted : RP #260 [Windows Update | 11/21/2014 02:59:09] Deleted : RP #261 [Windows Update | 11/26/2014 19:35:03] Deleted : RP #262 [zoek.exe restore point | 11/30/2014 17:43:33] Deleted : RP #263 [OTL Restore Point - 11/30/2014 8:45:08 PM | 12/01/2014 03:45:10] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  10. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}\ not found. Registry key HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{113537E9-AEA4-4BED-BBB0-C5DCC1B70EE4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{113537E9-AEA4-4BED-BBB0-C5DCC1B70EE4}\ not found. Registry key HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. C:\Users\Owner\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully. C:\Users\Owner\AppData\Roaming\mozilla\Extensions folder moved successfully. C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\0rbzcbm3.default-1395006579003\extensions folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dnsshield deleted successfully. Registry value HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. File Protocol\Handler\skype4com - No CLSID value found not found. ========== COMMANDS ========== [EMPTYJAVA] User: Administrator User: All Users User: Default User: Default User User: Guest User: HomeGroupUser$ User: Owner ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Guest User: HomeGroupUser$ User: Owner ->Flash cache emptied: 1704 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest User: HomeGroupUser$ User: Owner ->Temp folder emptied: 5655820 bytes ->Temporary Internet Files folder emptied: 3697171 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 78319461 bytes ->Google Chrome cache emptied: 856432 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7994 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 84.00 mb C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 11302014_204417 Files\Folders moved on Reboot... File\Folder C:\Users\Owner\AppData\Local\Temp\OICE_7A559717-D76B-4B6C-8086-7F156FDADB01.0\mso3518.tmp not found! File\Folder C:\Users\Owner\AppData\Local\Temp\OICE_7A559717-D76B-4B6C-8086-7F156FDADB01.0\~WRS{422348F8-93E8-4E5D-82B4-D8BD259FB543}.tmp not found! File\Folder C:\Users\Owner\AppData\Local\Temp\OICE_7A559717-D76B-4B6C-8086-7F156FDADB01.0\~WRS{6BF44758-09CB-4FFA-BD1C-CF8B5F8E0F45}.tmp not found! C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot. File move failed. C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  11. OTL Extras logfile created on: 11/30/2014 8:03:59 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17420) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 41.22% Memory free 7.60 Gb Paging File | 5.05 Gb Available in Paging File | 66.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 583.11 Gb Total Space | 525.27 Gb Free Space | 90.08% Space Free | Partition Type: NTFS Drive D: | 509.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{152FD0A3-F0A4-4683-8976-778AE00870B0}" = lport=10243 | protocol=6 | dir=in | app=system | "{25880696-7D6E-4F26-BFE0-334DF8DC0E7E}" = lport=139 | protocol=6 | dir=in | app=system | "{3B1A23C8-027A-4978-BF2E-39B9CCC5A81E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{45C75B4D-BCE3-4B91-9C86-6F3D3DB7FBAD}" = rport=137 | protocol=17 | dir=out | app=system | "{4E612F40-751A-4C55-99A6-121E92061298}" = lport=2869 | protocol=6 | dir=in | app=system | "{503BCF64-261C-4037-B325-118291FD9E39}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{528F64F2-064C-47C3-8BB7-EC3064A815B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{58FDB526-0F67-42AA-BF8B-A7B26FA1B78A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5F3B9A93-E7CE-4AC7-8EE5-489943685A2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{60EC594A-4537-4B67-944F-4707A2F64A77}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{64F6E930-6898-43EE-8869-FFF175C2B5AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{6970D384-CF25-4238-A500-4B80B0D4557C}" = rport=10243 | protocol=6 | dir=out | app=system | "{707A860E-9A13-4FAD-BAED-0A9A45FC3477}" = lport=137 | protocol=17 | dir=in | app=system | "{8920EDBC-A221-4C6D-8A21-F7971A519E03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8A5256F7-292C-43F0-A2BE-060BD90EDFEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8B9F9313-6543-4DC0-B1C9-21601CDBF952}" = rport=138 | protocol=17 | dir=out | app=system | "{8DDC9207-A363-4E54-9EE5-1FF5D23B7960}" = rport=139 | protocol=6 | dir=out | app=system | "{8F83562C-87DC-4F72-B9F0-EE55DFB1FD3A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A39AB92B-448A-4728-A9EE-4EDFE6FAD45E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A6DC61A7-1F0C-45CF-923E-ED45CF569AD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A7DED250-2FDC-47B8-9471-A36270D0A9BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A826F968-4381-40F6-9BC2-24D173CE6802}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A8BD79CF-6E68-41ED-AD66-25D2015F52A6}" = lport=2869 | protocol=6 | dir=in | app=system | "{AA224A88-A174-473B-941E-99F8D4826621}" = lport=445 | protocol=6 | dir=in | app=system | "{E87D2983-1DF0-4249-A0AA-DDDBD407616D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EF0322E0-427D-4784-9AD8-78ED2B9B4517}" = rport=445 | protocol=6 | dir=out | app=system | "{FD720341-5589-4352-BF92-2E405BE7A6A3}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00F4C894-8AE5-4C85-BB01-A82EDB89E59D}" = protocol=1 | dir=out | [email protected],-28544 | "{07AB37FC-2FBB-41AE-9C9C-0A35C4B28C49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1EB0FD21-F292-4F72-878A-DA9714671AB8}" = dir=in | app=c:\users\owner\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{2CBD8C9B-1095-4EF0-A41B-99ECAC26CFE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{367FE427-23CE-49A9-A754-4D1A249DE79D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{38CDB13F-156E-4378-8674-A84629CD77B2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{42557E08-B633-43FC-87CA-3C9BB852F1DD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{4418D890-D5DC-4E15-BF6D-327675FF012E}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | "{4436EB00-F248-4236-8A74-C00787392EA7}" = protocol=1 | dir=in | [email protected],-28543 | "{45E6778B-0A9B-4ADB-AA82-740544338514}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{49FCB6EC-3CE1-4555-8742-CD2458606804}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{55EA347F-DEBD-4DC6-A24F-D4044032DD97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5B191765-9A10-4599-994E-3282F7E5F278}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5F0DC987-9EA6-4642-B1D7-4D82500880C4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{61A8AFB2-BBA0-42CE-964E-3BBB58DB5B7F}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zse55e.tmp\symnrt.exe | "{65A6F4D4-2F31-4491-80EF-F21A2A24D1AE}" = protocol=58 | dir=in | app=system | "{6BBE3461-D4C6-4B86-89F3-738CC0F0BEED}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe | "{70CD95D8-D193-448E-87E0-5BF0BEDBD0D5}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zse55e.tmp\symnrt.exe | "{7731591C-5DA5-44F5-BAF3-0E41C0A25B1F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{77400AE7-946B-4B1A-8F87-1DEDF360D259}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{787492D0-8E56-463A-B7AE-E53BD6BC5B67}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{841C89B1-321F-465D-A652-E3DDCB1DE216}" = protocol=17 | dir=in | app=c:\users\owner\downloads\online_anthropology_kinship_chart_creator_downloader.exe | "{8C5C96D5-0EF1-4F39-818E-9885C83F0E63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8D6D485F-1CC4-4752-9879-14C2067DFFA8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8F45A27B-5969-44AE-9422-43E9E96696F7}" = protocol=58 | dir=out | [email protected],-503 | "{90297666-B45A-4681-B043-0660111BDB7A}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | "{9E9EAEE9-9819-4B51-B224-92291FECD49B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9FAA15D4-D250-43FD-9DD3-2D6C64AE671E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A4DE0ABC-71D6-468C-B20C-D1FE25124078}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B78EE4D6-88EA-4961-B160-4AB92BFAC1BE}" = protocol=6 | dir=in | app=c:\users\owner\downloads\online_anthropology_kinship_chart_creator_downloader.exe | "{BB7D40EF-7365-4ADC-9B46-D68DADEE2454}" = protocol=58 | dir=in | [email protected],-28545 | "{C17DCFD8-5D52-4AA3-9F75-5F3E530DB1C6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{C63349A2-45E3-4078-B5F9-D75DB838817A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C8D05211-B847-4F17-8800-2FF14827258C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CD848823-E4D2-41AD-B627-D4C254FFDFC4}" = protocol=58 | dir=out | [email protected],-28546 | "{D04E55B8-7376-413C-BB5D-CBE100689BAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D489BFE2-C01A-41AB-AC39-BF441A1E48BF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DC32C1F1-C472-41CA-AD68-DAC2A1020B86}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{DE7101F8-73CA-4715-A374-7CE62D1084F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E86EEFF0-AE49-4340-8680-372D0BAF726B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E93E2E53-ADFB-4D2C-BE92-2B3D81BD016E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EF769D05-47AF-472F-B5C9-0C848E55E1B0}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | "{EFF33D34-4C2B-468C-BE2C-97E01D8B491D}" = protocol=6 | dir=out | app=system | "{F12C3805-A7E9-4619-B8BA-9AE6D5A73836}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | "{F5AABD7B-D795-4D73-9F8B-A60D45102C50}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{F6C1C234-24B0-4D22-B28D-F19D8AB65FD2}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | "{F7BDF7E6-8170-47AE-A43D-B18F2FA72EA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F89209F3-1ACA-40F7-B213-5B5E8B099028}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{FEBACEF5-81D7-4533-8458-DC41FD1B0EA3}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe | "TCP Query User{111C9DD9-85DB-42D5-9A83-398F83EDE02F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{1C72954E-8BE3-4BFE-B2E0-4470B032145A}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{2C5E3417-9CF3-4FDB-95C0-2F1250655981}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{6D02F5B8-5092-4DC2-841E-91D419A59C1B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{911692AE-D1E2-4875-AA7C-805DDEBC9F91}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{2D62497B-6E10-4523-AEC7-F859A23816EF}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{68819A61-07F0-4666-BC11-93D34E26F45A}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{78FB9ED9-C91E-43E8-9BFE-F2A9AFA8E1F6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{7C955AD9-C1AA-49D1-A314-2C5C9401EB5D}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{E9D2B5CE-5DCD-491A-A89A-7C054D05882F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{710D4D91-1924-4A6B-8659-9CDE02DC7207}" = HP Deskjet 3050A J611 series Product Improvement Study "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel® PROSet/Wireless WiFi Software "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app "McAfee Security Scan" = McAfee Security Scan Plus "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = [email protected] 1.0 "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521 "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33BC5F69-0E51-4121-A04A-0868D65CF050}" = VBPlayerMoz "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.11 "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Avast" = avast! Free Antivirus "dnsshield" = Social Privacy DNS "GeniusBox" = GeniusBox 2.0 "Google Chrome" = Google Chrome "groove_stream" = Groove-Stream "HP Photo Creations" = HP Photo Creations "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "InstallShield_{33BC5F69-0E51-4121-A04A-0868D65CF050}" = VBPlayerMoz "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "KeepMySettingsX" = KeepMySettingsX "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025 "Mozilla Firefox 33.1.1 (x86 en-US)" = Mozilla Firefox 33.1.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.SingleImage" = Microsoft Office Home and Student 2010 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe "e55b814e55744b76" = Best Buy pc app ========== Last 20 Event Log Errors ========== [ System Events ] Error - 11/30/2014 3:58:03 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010 Description = Error - 11/30/2014 4:35:26 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdate) service failed to start due to the following error: %%2 < End of report >
  12. OTL logfile created on: 11/30/2014 8:03:59 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17420) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 41.22% Memory free 7.60 Gb Paging File | 5.05 Gb Available in Paging File | 66.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 583.11 Gb Total Space | 525.27 Gb Free Space | 90.08% Space Free | Partition Type: NTFS Drive D: | 509.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/11/30 20:01:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.com PRC - [2014/11/26 12:29:58 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe PRC - [2014/11/23 13:07:55 | 000,982,600 | ---- | M] (InstallX, LLC) -- C:\Users\Owner\AppData\Roaming\KeepMySettingsX\keepmysettingsx.exe PRC - [2014/11/15 18:02:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014/08/01 04:00:08 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2014/08/01 03:59:51 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/02/14 23:39:36 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe PRC - [2010/04/01 09:52:22 | 000,252,728 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe PRC - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2009/12/25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe ========== Modules (No Company Name) ========== MOD - [2014/11/26 12:29:58 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll MOD - [2014/11/15 18:02:20 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2014/08/01 03:59:52 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014/08/01 03:59:51 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/02/14 16:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll ========== Services (SafeList) ========== SRV:64bit: - [2014/11/05 20:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014/08/01 03:59:51 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2013/09/06 10:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService) SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/07/28 10:27:16 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2010/07/22 16:36:16 | 000,822,192 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2010/06/29 11:05:02 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010/06/07 15:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv) SRV:64bit: - [2010/06/07 15:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent) SRV:64bit: - [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2010/03/05 10:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/10/21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv) SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2014/11/26 12:29:59 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014/11/15 18:02:21 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013/09/03 06:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014/11/23 12:58:46 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx) DRV:64bit: - [2014/08/01 04:00:07 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP) DRV:64bit: - [2014/08/01 03:59:54 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2014/08/01 03:59:54 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2014/08/01 03:59:54 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm) DRV:64bit: - [2014/08/01 03:59:54 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2014/08/01 03:59:54 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2014/08/01 03:59:54 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:64bit: - [2012/09/28 21:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 00:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/06/18 10:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010/05/31 12:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2010/05/18 16:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010/05/16 17:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) DRV:64bit: - [2010/05/16 17:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) DRV:64bit: - [2010/05/16 17:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) DRV:64bit: - [2010/05/08 18:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2010/05/03 14:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/04/21 11:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/03 06:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/01/15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 17:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm) DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv) DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01 IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data] IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01 IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20141146,20029,0,101,9284 IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes,DefaultScope = {113537E9-AEA4-4BED-BBB0-C5DCC1B70EE4} IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms} IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes\{113537E9-AEA4-4BED-BBB0-C5DCC1B70EE4}: "URL" = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20141146,20028,0,101,0 IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49167;https=127.0.0.1:49167 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20141146,20030,0,101,0" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "https://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20141146,20031,0,101,0" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20141146,20030,0,101,0" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\vbplayer: C:\Program Files (x86)\Common Files\VBrick\VBPlayerMoz\npvbplayer.dll (VBrick Inc.) FF - HKLM\Software\MozillaPlugins\vbwmplayer: C:\Program Files (x86)\Common Files\VBrick\VBPlayerMoz\npvbwmplayer.dll (VBrick Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/01 03:59:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/07 16:59:28 | 000,000,000 | ---D | M] [2014/11/12 16:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions [2014/11/30 12:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\0rbzcbm3.default-1395006579003\extensions [2014/11/07 16:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/11/15 18:02:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll ========== Chrome ========== CHR - default_search_provider: Microsoft (Bing) (Enabled) CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&FORM=AVASDF&PC=AV01, CHR - homepage: http://www.msn.com/?pc=AV01 CHR - Extension: Avast Online Security = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2204.148_0\ CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ O1 HOSTS File: ([2013/11/24 21:49:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [dnsshield] C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe File not found O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [iSUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000..\Run: [sanDiskSecureAccess_Manager.exe] C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3546646767-1445017109-1683610049-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{473B71CB-DE63-4CA3-86EE-6E3E788BD628}: DhcpNameServer = 10.1.0.101 10.33.1.101 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{473B71CB-DE63-4CA3-86EE-6E3E788BD628}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E8163B9-9237-4136-840E-0B07C0F72B55}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5F7D1AA-E3BD-489C-9076-9B2120943A5D}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8F484EE-41AE-4C9A-BF17-D8F84709B324}: NameServer = 8.8.8.8,8.8.4.4 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/07/19 17:04:00 | 000,000,028 | R--- | M] () - D:\autorun.bat -- [ CDFS ] O32 - AutoRun File - [2004/06/23 23:28:58 | 000,000,029 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{6532aff3-7b7b-11e1-9610-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6532aff3-7b7b-11e1-9610-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat -- [2010/07/19 17:04:00 | 000,000,028 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/11/30 11:07:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014/11/30 11:02:05 | 000,000,000 | ---D | C] -- C:\windows\Temp [2014/11/30 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Temp [2014/11/30 10:41:49 | 000,000,000 | ---D | C] -- C:\zoek_backup [2014/11/12 16:37:28 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll [2014/11/12 16:37:27 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll [2014/11/12 16:37:27 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2014/11/12 16:37:20 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2014/11/12 16:37:20 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adtschema.dll [2014/11/12 16:37:20 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adtschema.dll [2014/11/12 16:37:19 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msaudite.dll [2014/11/12 16:37:19 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msaudite.dll [2014/11/12 16:37:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2014/11/12 16:37:08 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe [2014/11/12 16:37:08 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll [2014/11/12 16:37:08 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2014/11/12 16:37:08 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll [2014/11/12 16:37:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll [2014/11/12 16:37:08 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll [2014/11/12 16:37:08 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2014/11/12 16:37:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2014/11/12 16:37:07 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2014/11/12 16:37:07 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2014/11/12 16:37:06 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2014/11/12 16:37:06 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe [2014/11/12 16:37:06 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll [2014/11/12 16:37:06 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2014/11/12 16:37:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll [2014/11/12 16:37:05 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2014/11/12 16:37:05 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2014/11/12 16:37:05 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2014/11/12 16:37:04 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2014/11/12 16:37:04 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2014/11/12 16:37:04 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2014/11/12 16:37:02 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll [2014/11/12 16:37:01 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2014/11/12 16:37:01 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2014/11/12 16:37:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2014/11/12 16:37:01 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll [2014/11/12 16:37:00 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll [2014/11/12 16:37:00 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2014/11/12 16:37:00 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2014/11/12 16:36:59 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2014/11/12 16:36:59 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll [2014/11/12 16:36:59 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2014/11/12 16:36:58 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2014/11/12 16:36:58 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll [2014/11/12 16:36:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll [2014/11/12 16:36:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll [2014/11/12 16:36:12 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IMJP10K.DLL [2014/11/12 16:36:12 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IMJP10K.DLL [2014/11/12 16:36:05 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2014/11/12 16:36:01 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AUDIOKSE.dll [2014/11/12 16:36:01 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AUDIOKSE.dll [2014/11/12 16:36:00 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll [2014/11/12 16:36:00 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll [2014/11/12 16:36:00 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDump.dll [2014/11/12 16:35:58 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll [2014/11/12 16:35:57 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll [2014/11/12 16:35:55 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll [2014/11/12 16:35:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll [2014/11/12 16:15:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\KeepMySettingsX [2014/11/12 16:15:30 | 000,159,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ATL90.dll [2014/11/08 19:24:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Comodo [2014/11/07 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014/11/04 09:55:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics ========== Files - Modified Within 30 Days ========== [2014/11/30 20:01:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000UA.job [2014/11/30 20:01:00 | 000,000,256 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job [2014/11/30 19:32:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2014/11/30 19:29:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2014/11/30 19:25:01 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000UA.job [2014/11/30 17:32:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2014/11/30 16:29:01 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys [2014/11/30 13:41:13 | 000,019,248 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/11/30 13:41:13 | 000,019,248 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/11/30 13:37:43 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2014/11/30 13:37:43 | 000,662,650 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2014/11/30 13:37:43 | 000,122,486 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2014/11/30 13:33:51 | 000,001,960 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk [2014/11/30 13:33:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2014/11/30 13:32:57 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys [2014/11/30 13:25:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000Core.job [2014/11/30 13:01:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3546646767-1445017109-1683610049-1000Core.job [2014/11/30 12:57:10 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/11/30 11:07:21 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014/11/30 10:42:53 | 000,024,064 | ---- | M] () -- C:\windows\zoek-delete.exe [2014/11/26 12:29:58 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2014/11/26 12:29:58 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2014/11/23 12:58:46 | 001,041,168 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsnx.sys [2014/11/15 12:32:11 | 000,348,312 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2014/11/05 21:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll [2014/11/05 20:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2014/11/05 20:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2014/11/05 20:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll [2014/11/05 20:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll [2014/11/05 20:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2014/11/05 20:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2014/11/05 20:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2014/11/05 20:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe [2014/11/05 20:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll [2014/11/05 20:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2014/11/05 20:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe [2014/11/05 20:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2014/11/05 20:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2014/11/05 20:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll [2014/11/05 20:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll [2014/11/05 20:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll [2014/11/05 20:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2014/11/05 20:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2014/11/05 20:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2014/11/05 20:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2014/11/05 19:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2014/11/05 19:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll [2014/11/05 19:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2014/11/05 19:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll [2014/11/05 19:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2014/11/05 19:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2014/11/05 19:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll [2014/11/05 19:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2014/11/05 19:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll [2014/11/05 19:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2014/11/05 19:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2014/11/05 19:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll [2014/11/05 18:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2014/11/05 18:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll [2014/11/05 10:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll [2014/11/05 10:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll [2014/11/05 10:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll ========== Files Created - No Company Name ========== [2014/11/30 11:02:05 | 000,024,064 | ---- | C] () -- C:\windows\zoek-delete.exe [2014/11/08 19:24:07 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014/04/22 06:50:59 | 000,775,124 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012/09/11 14:40:01 | 000,000,064 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Statdisk.prefs [2012/04/02 17:54:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012/03/31 14:00:11 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/11/30 19:45:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software [2012/08/21 14:17:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blackboard [2014/11/30 19:35:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KeepMySettingsX [2012/08/08 11:42:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicOasis [2013/03/22 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details [2013/08/29 15:38:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk [2013/08/29 15:35:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk SecureAccess [2012/11/14 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba [2012/03/31 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch ========== Purity Check ========== < End of report >
  13. Results of screen317's Security Check version 0.99.91 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 2.0.3.1025 Adobe Flash Player 15.0.0.239 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (33.1.1) Google Chrome 31.0.1650.48 Google Chrome out of date! ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  14. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/31/2012 1:27:38 PM System Uptime: 11/30/2014 1:32:46 PM (3 hours ago) . Motherboard: TOSHIBA | | NWQAA Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU | 2533/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 583 GiB total, 525.323 GiB free. D: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP253: 10/31/2014 10:25:43 AM - Windows Update RP254: 11/5/2014 4:55:27 PM - Windows Update RP255: 11/12/2014 4:19:32 PM - Removed WeatherBug RP256: 11/12/2014 4:35:29 PM - Windows Update RP257: 11/12/2014 4:55:50 PM - Removed VideoBuzz RP258: 11/12/2014 7:58:38 PM - Windows Update RP259: 11/18/2014 5:49:58 PM - Windows Update RP260: 11/20/2014 7:59:09 PM - Windows Update RP261: 11/26/2014 12:35:03 PM - Windows Update RP262: 11/30/2014 10:43:33 AM - zoek.exe restore point . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 15 ActiveX Adobe Flash Player 15 Plugin Adobe Reader X (10.1.8) Adobe Shockwave Player 12.0 Apple Application Support Apple Mobile Device Support Apple Software Update avast! Free Antivirus Best Buy pc app Bing Rewards Client Installer Bonjour D3DX10 Definition Update for Microsoft Office 2010 (KB2899521) 32-Bit Edition Facebook Video Calling 3.1.0.521 GeniusBox 2.0 Google Chrome Google Earth Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Groove-Stream HP Deskjet 3050A J611 series Basic Device Software HP Deskjet 3050A J611 series Help HP Deskjet 3050A J611 series Product Improvement Study HP Photo Creations HP Update Intel PROSet Wireless Intel WiMAX Tutorial Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® PROSet/Wireless WiMAX Software Intel® Wireless Display iTunes JMicron Flash Media Controller Driver Junk Mail filter update KeepMySettingsX [email protected] 1.0 Malwarebytes Anti-Malware version 2.0.3.1025 McAfee Security Scan Plus Mesh Runtime Messenger Companion Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 33.1.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 PlayReady PC Runtime amd64 Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver SanDiskSecureAccess_Manager.exe Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Skype Click to Call Skypeâ„¢ 6.11 Social Privacy DNS swMSM Synaptics Pointing Device Driver TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup TOSHIBA HDD Protection TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application ToshibaRegistration Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Excel 2010 (KB2889935) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2878251) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition Utility Common Driver VBPlayerMoz Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== .
  15. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17420 Run by Owner at 16:56:23 on 2014-11-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.2102 [GMT -7:00] . AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\taskhost.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\ThpSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\ThpSrv.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\TECO\Teco.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\windows\system32\wbem\unsecapp.exe C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe C:\windows\system32\RunDll32.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Users\Owner\AppData\Roaming\KeepMySettingsX\keepmysettingsx.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyServer = hxxp=127.0.0.1:49167;https=127.0.0.1:49167 uProxyOverride = <-loopback> mWinlogon: Userinit = userinit.exe, BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll uRun: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [sanDiskSecureAccess_Manager.exe] C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [dnsshield] C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 8.8.8.8,8.8.4.4 TCP: NameServer = 192.168.1.1 TCP: Interfaces\{473B71CB-DE63-4CA3-86EE-6E3E788BD628} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{473B71CB-DE63-4CA3-86EE-6E3E788BD628} : DHCPNameServer = 10.1.0.101 10.33.1.101 TCP: Interfaces\{6E8163B9-9237-4136-840E-0B07C0F72B55} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{E5F7D1AA-E3BD-489C-9076-9B2120943A5D} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\05658434F57457563747 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\05658434F57457563747 : DHCPNameServer = 67.215.21.202 72.21.65.14 TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\A62626F677562737 : DHCPNameServer = 192.168.10.1 TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\E42484840275966496 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\E42484840275966496 : DHCPNameServer = 72.21.65.13 72.21.65.14 TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\E67736 : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{E6759FE2-C7A5-477D-8FF9-27F41EDE2897}\E67736 : DHCPNameServer = 192.168.96.1 TCP: Interfaces\{F8F484EE-41AE-4C9A-BF17-D8F84709B324} : NameServer = 8.8.8.8,8.8.4.4 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0rbzcbm3.default-1395006579003\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\VBrick\VBPlayerMoz\npvbplayer.dll FF - plugin: C:\Program Files (x86)\Common Files\VBrick\VBPlayerMoz\npvbwmplayer.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll FF - plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-11-30 65776] R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-11-30 224896] R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-3-31 482384] R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2013-11-30 1041168] R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2013-11-30 427360] R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-8-1 29208] R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-11-30 79184] R2 aswStm;aswStm;C:\windows\System32\drivers\aswStm.sys [2014-8-1 92008] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-1 50344] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-31 2320920] R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872] R3 bpenum;bpenum;C:\windows\System32\drivers\bpenum.sys [2010-5-16 71168] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\System32\drivers\bpmp.sys [2010-5-16 175104] R3 bpusb;bpusb;C:\windows\System32\drivers\bpusb.sys [2010-5-16 81920] R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2012-3-31 56344] R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-26 158976] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-3-31 35008] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-31 331880] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-3-31 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192] R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-12-14 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-11-12 114688] S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-5-18 164464] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-3-31 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-31 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2014-11-30 18:07:56 -------- d-sh--w- C:\$RECYCLE.BIN 2014-11-30 18:02:05 24064 ----a-w- C:\windows\zoek-delete.exe 2014-11-30 18:02:05 -------- d-----w- C:\Users\Owner\AppData\Local\Temp 2014-11-30 17:41:49 -------- d-----w- C:\zoek_backup 2014-11-28 16:11:33 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C295FA03-4060-4F4C-959D-A106DEC2CBA1}\mpengine.dll 2014-11-19 00:50:07 728064 ----a-w- C:\windows\System32\kerberos.dll 2014-11-19 00:50:07 241152 ----a-w- C:\windows\System32\pku2u.dll 2014-11-19 00:50:07 186880 ----a-w- C:\windows\SysWow64\pku2u.dll 2014-11-19 00:50:05 550912 ----a-w- C:\windows\SysWow64\kerberos.dll 2014-11-12 23:36:59 950784 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll 2014-11-12 23:35:58 77824 ----a-w- C:\windows\System32\packager.dll 2014-11-12 23:35:57 67584 ----a-w- C:\windows\SysWow64\packager.dll 2014-11-12 23:35:57 3198976 ----a-w- C:\windows\System32\win32k.sys 2014-11-12 23:35:55 3241984 ----a-w- C:\windows\System32\msi.dll 2014-11-12 23:35:55 2363904 ----a-w- C:\windows\SysWow64\msi.dll 2014-11-12 23:35:39 861696 ----a-w- C:\windows\System32\oleaut32.dll 2014-11-12 23:35:39 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll 2014-11-12 23:15:41 -------- d-----w- C:\Users\Owner\AppData\Roaming\KeepMySettingsX 2014-11-12 23:15:30 159032 ----a-w- C:\windows\System32\ATL90.dll 2014-11-09 02:24:06 -------- d-----w- C:\Users\Owner\AppData\Local\Comodo 2014-11-04 16:55:47 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics . ==================== Find3M ==================== . 2014-11-30 23:29:01 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys 2014-11-26 19:29:58 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-11-26 19:29:58 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2014-11-23 19:58:46 1041168 ----a-w- C:\windows\System32\drivers\aswsnx.sys 2014-11-06 04:04:03 2724864 ----a-w- C:\windows\System32\mshtml.tlb 2014-11-06 04:03:50 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll 2014-11-06 03:47:03 66560 ----a-w- C:\windows\System32\iesetup.dll 2014-11-06 03:46:12 580096 ----a-w- C:\windows\System32\vbscript.dll 2014-11-06 03:46:12 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll 2014-11-06 03:44:28 88064 ----a-w- C:\windows\System32\MshtmlDac.dll 2014-11-06 03:30:22 144384 ----a-w- C:\windows\System32\ieUnatt.exe 2014-11-06 03:30:08 114688 ----a-w- C:\windows\System32\ieetwcollector.exe 2014-11-06 03:29:18 814080 ----a-w- C:\windows\System32\jscript9diag.dll 2014-11-06 03:28:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb 2014-11-06 03:23:57 6040064 ----a-w- C:\windows\System32\jscript9.dll 2014-11-06 03:20:18 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe 2014-11-06 03:13:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll 2014-11-06 03:13:36 62464 ----a-w- C:\windows\SysWow64\iesetup.dll 2014-11-06 03:12:44 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll 2014-11-06 03:10:58 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll 2014-11-06 03:07:29 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll 2014-11-06 02:59:36 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2014-11-06 02:58:38 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll 2014-11-06 02:42:36 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-11-06 02:39:39 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll 2014-11-06 02:38:25 2124288 ----a-w- C:\windows\System32\inetcpl.cpl 2014-11-06 02:21:49 4298240 ----a-w- C:\windows\SysWow64\jscript9.dll 2014-11-06 02:21:25 2051072 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2014-11-06 02:20:37 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll 2014-11-06 02:17:24 2365440 ----a-w- C:\windows\System32\wininet.dll 2014-11-06 01:52:35 1892864 ----a-w- C:\windows\SysWow64\wininet.dll 2014-11-05 17:56:54 304640 ----a-w- C:\windows\System32\generaltel.dll 2014-11-05 17:56:36 228864 ----a-w- C:\windows\System32\aepdu.dll 2014-11-05 17:52:22 424448 ----a-w- C:\windows\System32\aeinv.dll 2014-11-04 21:30:58 275080 ------w- C:\windows\System32\MpSigStub.exe 2014-10-14 02:16:37 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2014-10-14 02:13:06 683520 ----a-w- C:\windows\System32\termsrv.dll 2014-10-14 02:12:57 1460736 ----a-w- C:\windows\System32\lsasrv.dll 2014-10-14 02:09:31 146432 ----a-w- C:\windows\System32\msaudite.dll 2014-10-14 02:07:31 681984 ----a-w- C:\windows\System32\adtschema.dll 2014-10-14 01:50:47 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2014-10-14 01:49:38 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2014-10-14 01:47:30 146432 ----a-w- C:\windows\SysWow64\msaudite.dll 2014-10-14 01:46:02 681984 ----a-w- C:\windows\SysWow64\adtschema.dll 2014-10-03 02:12:00 500224 ----a-w- C:\windows\System32\AUDIOKSE.dll 2014-10-03 02:11:54 284672 ----a-w- C:\windows\System32\EncDump.dll 2014-10-03 02:11:51 680960 ----a-w- C:\windows\System32\audiosrv.dll 2014-10-03 02:11:51 440832 ----a-w- C:\windows\System32\AudioEng.dll 2014-10-03 02:11:51 296448 ----a-w- C:\windows\System32\AudioSes.dll 2014-10-03 01:44:42 442880 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll 2014-10-03 01:44:26 374784 ----a-w- C:\windows\SysWow64\AudioEng.dll 2014-10-03 01:44:26 195584 ----a-w- C:\windows\SysWow64\AudioSes.dll 2014-10-01 18:11:26 63704 ----a-w- C:\windows\System32\drivers\mwac.sys 2014-10-01 18:11:16 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys 2014-10-01 18:11:12 25816 ----a-w- C:\windows\System32\drivers\mbam.sys 2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll 2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll 2014-09-19 09:42:52 210944 ----a-w- C:\windows\System32\wdigest.dll 2014-09-19 09:42:51 86528 ----a-w- C:\windows\System32\TSpkg.dll 2014-09-19 09:42:49 342016 ----a-w- C:\windows\System32\schannel.dll 2014-09-19 09:42:47 314880 ----a-w- C:\windows\System32\msv1_0.dll 2014-09-19 09:42:47 309760 ----a-w- C:\windows\System32\ncrypt.dll 2014-09-19 09:42:41 22016 ----a-w- C:\windows\System32\credssp.dll 2014-09-19 09:23:55 172032 ----a-w- C:\windows\SysWow64\wdigest.dll 2014-09-19 09:23:52 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll 2014-09-19 09:23:49 248832 ----a-w- C:\windows\SysWow64\schannel.dll 2014-09-19 09:23:46 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll 2014-09-19 09:23:45 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll 2014-09-19 09:23:36 17408 ----a-w- C:\windows\SysWow64\credssp.dll 2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll 2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll 2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll . ============= FINISH: 16:57:03.32 ===============