When I hit control+alt+delete then click task manager nothing shows up. I just updated skype and it said I had a ShellExecuteEX failed; code 5. Access denied.
A lot of control panel functions don't work such as creating a new user.

This also appears when i try to uninstall anything.

https://cdn.discordapp.com/attachmen...39/unknown.png
https://cdn.discordapp.com/attachmen...41/unknown.png

What have I tried thus far:
1. Running in Safe mode (installing and uninstalling is fine) but I still cant create a new user.
2. In safe mode I tried deleting homegroupuser $ it got deleted then I set my account to admin nothing.
3. Through CMD i tried to give my self admin by
net localgroup administrators [username] /add It said the account was already admin.
4.Thought it was a SSD issue but Samsung Magician shows the my ssd is healthy.


So currently im stumped on what to do and i just want to be able to install stuff normally and hit control alt delete.
I also contemplated about playing with my registry but i have no idea what im doing.

This is my FRST Text

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2019
Ran by Ruroka (administrator) on RUROKA-PC (MSI MS-7816) (14-11-2019 18:23:34)
Running from C:\Users\Ruroka\Desktop
Loaded Profiles: Ruroka (Available Profiles: Ruroka)
Platform: Windows 10 Pro Version 1809 17763.864 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-23] (Logitech Inc -> Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [1047536 2013-11-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [3476432 2014-09-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star International)
HKLM-x32\...\Run: [Corsair laver] => C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe [1780736 2013-06-05] (Corsair Components Inc) [File not signed]
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [797648 2014-09-02] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-523977749-2779465332-2768229729-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [10531216 2019-05-22] (Binary Fortress Software Ltd. -> Binary Fortress Software)
HKU\S-1-5-21-523977749-2779465332-2768229729-1000\...\Run: [Discord] => C:\Users\Ruroka\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-523977749-2779465332-2768229729-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83524968 2019-11-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-523977749-2779465332-2768229729-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google Inc -> Google)
HKU\S-1-5-21-523977749-2779465332-2768229729-1000\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [12476064 2019-01-11] (Samsung Electronics CO., LTD. -> )
HKU\S-1-5-21-523977749-2779465332-2768229729-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [577568 2019-11-01] (Mozilla Corporation -> Mozilla Corporation)
HKU\S-1-5-21-523977749-2779465332-2768229729-1000\...\RunOnce: [Application Restart #1] => C:\Users\Ruroka\AppData\Roaming\BitTorrent Sync\BTSync.exe [8957432 2016-06-11] (BitTorrent Inc -> BitTorrent, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-09-20]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{A003678C-C125-49A0-90D0-99AE485F6F92}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Qualcomm Atheros, Inc. -> Flexera Software LLC)
Startup: C:\Users\Ruroka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-04-03]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Ruroka\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EE5BCF-2954-47CE-99DD-46FCEE2F55D2} - System32\Tasks\{357B38DB-93A0-439B-9E6B-664F7BCDD421} => C:\Users\Ruroka\AppData\Local\Google\Chrome SxS\Application\chrome.exe
Task: {085DCD39-40AE-4132-918C-7745400FD388} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-523977749-2779465332-2768229729-1000 => C:\Users\Ruroka\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-09-16] (Mega Limited -> Mega Limited)
Task: {0B2830DA-77CE-4701-B075-496820F9D13A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523977749-2779465332-2768229729-1000UA1d4e98351ffb88f => C:\Users\Ruroka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0F9EBBE9-ECF4-462C-8F88-487C44D19249} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {11697F07-BFCB-4B9C-A6D7-3E1A3794569A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1248D05A-D126-4C26-B441-19B3D99E9A74} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1697D9A9-4DB3-46C9-9972-F29CE24C4724} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {175D7E0E-0523-4680-81BD-9E7F349C0496} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {17B40C1E-D431-4C56-81DA-2571F861192C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {181CDB50-F085-4DAD-98D2-FE2F2B5D0730} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523977749-2779465332-2768229729-1000Core => C:\Users\Ruroka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {21CA6B4E-0734-4A34-8329-9EC0E5AF3822} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {27FF32A9-40D4-43D5-B595-C9B3DD29E3F9} - System32\Tasks\{0B1433D4-52E2-4B87-9646-10A86A95B04D} => C:\Windows\system32\pcalua.exe -a "F:\OtherDriver\Intel SCT\Setup.exe" -d "F:\OtherDriver\Intel SCT" -c -s
Task: {28CC40EC-A364-4F45-B1F6-E919C18E13B6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {32228845-642A-42ED-9651-4FFAC4D3295B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {3260707E-D6E1-44DF-A7DF-259FF1CE0408} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_Plugin.exe [1457720 2019-11-13] (Adobe Inc. -> Adobe)
Task: {3C9A1CB9-EF05-496F-94B8-DE5144DE7B55} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3E95D310-F90B-4B3F-AECD-96A1440C5467} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe
Task: {4308D76F-681C-4A44-A093-6201DF04A96F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {48D54752-8763-46CF-871A-7037A9713DB5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4FD3E128-B3CB-4768-9CA3-3407D15B7B45} - System32\Tasks\{A7ECDD8E-163B-4080-8013-74C5B930B5C8} => E:\Pictures\New folder\107GRJ518\AR107518\’´š’s—ƒƒCƒhI\’´š’s—ƒƒCƒhI.exe
Task: {54608EC6-227C-44A1-8D64-486DEB215C44} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {55472654-3F97-4D9C-BF53-ECB8ADB868D6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5B9FB43B-C9B8-4B00-8F64-877544D60542} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5C97205E-D548-4E1F-B4BF-7122FC00887D} - System32\Tasks\{4D457424-9597-417F-BFC5-964A92584C52} => E:\Pictures\New folder\107GRJ518\AR107518\’´š’s—ƒƒCƒhI\’´š’s—ƒƒCƒhI.exe
Task: {5DAD3E10-D7FF-4D35-B47C-B38FD4DD1F1B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5E2884C6-2F08-48DD-9EE2-858CF1C4CAEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-14] (Adobe Inc. -> Adobe)
Task: {601EACC1-C817-4D96-8895-2B2417A32EFC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_pepper.exe [1453112 2019-11-14] (Adobe Inc. -> Adobe)
Task: {61130889-A8EE-48EE-8211-FDBC789EBB05} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6954D200-EF23-449C-B22A-4994A57455A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6ED36A8E-6223-45EA-86E0-ADFFCAFA3E57} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {70C18FE4-56EF-4287-9252-4A3276F7CEA0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653864 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {710E2045-D781-4EE2-9A00-A433D4741946} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {716FA15C-C98D-4F10-9A49-09203D7C2543} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {751E0B50-2FCB-484B-BE8F-338FC0E747E9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7CD73CCE-2BFD-4D66-8DFA-5AFBA4A28F3D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8141FDD3-A2D3-4653-99D5-7171CCE0755A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {829472A6-AEFA-4419-9131-74932A3FDFFD} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1133608 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {82EB0C70-1076-4782-A6E2-6D651CD76CFF} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8546CDCD-914D-48C1-986E-8136EBD3F9B4} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3310688 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8BB54FBC-AD81-4E4D-8B96-3B7A60098F9E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8DD6ABA4-000C-4C4C-8BCC-51F012E39ADE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8F7B2DFB-4A38-4547-9CD4-5B6A341DB3F0} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8F935865-5E98-41EF-AE17-25C642820861} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\SamsungMagician.exe [1112576 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {9ED66EB6-4864-4909-A89E-76F324855657} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [913448 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A2B37E01-1D7B-4718-BEAF-36F090654506} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523977749-2779465332-2768229729-1000UA => C:\Users\Ruroka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A7B521C3-D8A0-45F7-9114-FCA7B78E830C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523977749-2779465332-2768229729-1000Core1d2bfa4af82c662 => C:\Users\Ruroka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A7F1DA23-8EFF-47B3-83B8-7E4C86E566A7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AB6816BA-BA7D-4B2E-A3A1-247BA7A23E1E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B4534181-D4FA-4972-BC4E-8F2B9525872A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CAF0C645-90CD-4B83-9B50-F9CCA7C814A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523977749-2779465332-2768229729-1000UA1d2bfa4af88b9e9 => C:\Users\Ruroka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {CCD0523A-7F87-43E5-B9DD-9EEA812C3AA1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {CDB36BA8-2BFA-48B3-BE45-21F906B0A658} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {CF2D052B-277E-41B8-B35D-44A39D0D6D3C} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [6528464 2016-09-01] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {D0B327F0-4576-42BA-A809-CF4D6CEF9F0C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D54539D2-8A68-47E2-A833-287D09522E33} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DBA55EB1-1638-4500-AA73-6AF58730B868} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E19A8845-D654-49CB-A4DC-D52F782B9299} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E3F5009F-EF9D-4114-8C14-000FD03EB847} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523977749-2779465332-2768229729-1000Core1d4e98351fbe860 => C:\Users\Ruroka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E985C37E-6855-473F-B938-73FFE00821B3} - System32\Tasks\Start Sync on startup => C:\Users\Ruroka\AppData\Roaming\BitTorrent Sync\BTSync.exe [8957432 2016-06-11] (BitTorrent Inc -> BitTorrent, Inc.)
Task: {EF18DEDD-3F5C-418E-B0C1-D32EC99F31EF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F0BC4C3D-F35E-4129-A406-3A8BC62AD8C0} - System32\Tasks\BlueStacksHelper => T:\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {F28B1D7E-EFD5-4A89-9D04-799C756BBA1C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8049358-7C1D-48B4-B0D0-941A5B516735}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-11] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-11] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

FireFox:
========
FF DefaultProfile: ft2tkp33.default-1434340142524-1506826299583
FF ProfilePath: C:\Users\Ruroka\AppData\Roaming\Mozilla\Firefox\Profiles\ft2tkp33.default-1434340142524-1506826299583 [2019-11-14]
FF DownloadDir: C:\Users\Ruroka\Desktop
FF Session Restore: Mozilla\Firefox\Profiles\ft2tkp33.default-1434340142524-1506826299583 -> is enabled.
FF Extension: (Firefox Lockwise) - C:\Users\Ruroka\AppData\Roaming\Mozilla\Firefox\Profiles\ft2tkp33.default-1434340142524-1506826299583\Extensions\lockbox@mozilla.com.xpi [2019-08-12] [UpdateUrl:hxxps://lockwise.firefox.com/addon/updates.json]
FF Extension: (Create a new script) - C:\Users\Ruroka\AppData\Roaming\Mozilla\Firefox\Profiles\ft2tkp33.default-1434340142524-1506826299583\Extensions\{aecec67f-0d10-4fa7-b7c7-609a2db280cf}.xpi [2019-11-07]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Ruroka\AppData\Roaming\Mozilla\Firefox\Profiles\ft2tkp33.default-1434340142524-1506826299583\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-10-23]
FF Plugin: @Adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [No File]

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default [2019-04-02]
CHR Extension: (BetterTTV) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2018-08-15]
CHR Extension: (Docs) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-22]
CHR Extension: (Google Drive) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-22]
CHR Extension: (YouTube) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-22]
CHR Extension: (uBlock Origin) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-03-31]
CHR Extension: (Granblue Faggotry) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofpehnfogbkhlllbkiiokkgahoaakla [2018-01-24]
CHR Extension: (グランブルーファンタジー[ChromeApps版]) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\eablgejicbklomgaiclcolfilbkckngf [2018-08-15]
CHR Extension: (Sheets) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-22]
CHR Extension: (Viramate) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgpokpknehglcioijejfeebigdnbnokj [2019-03-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-08-15]
CHR Extension: (Granblue Fantasy1) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfaedihknneehpabpeooalmfneonjncf [2018-01-22]
CHR Extension: (LINE) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2018-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Granblue UI Mod) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldabbgalcibkledioddbmgekdolimhh [2018-04-19]
CHR Extension: (Gmail) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-22]
CHR Extension: (Chrome Media Router) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-15]
CHR Profile: C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-09-03]
CHR Profile: C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-10-29]
CHR Extension: (Slides) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24]
CHR Extension: (Docs) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
CHR Extension: (Google Drive) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-24]
CHR Extension: (YouTube) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-24]
CHR Extension: (Sheets) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-24]
CHR Extension: (Viramate) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgpokpknehglcioijejfeebigdnbnokj [2019-03-26]
CHR Extension: (VideoCast (VLC/Chromecast)) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gclhodkofgoighinmongpkpncdpalejb [2018-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-23]
CHR Profile: C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-09-03]
CHR Extension: (Slides) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24]
CHR Extension: (Docs) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
CHR Extension: (Google Drive) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-24]
CHR Extension: (YouTube) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-24]
CHR Extension: (Sheets) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-24]
CHR Extension: (Viramate) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fgpokpknehglcioijejfeebigdnbnokj [2018-04-06]
CHR Extension: (Google Docs Offline) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-06]
CHR Profile: C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-09-03]
CHR Extension: (Slides) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-24]
CHR Extension: (Docs) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-24]
CHR Extension: (Google Drive) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-24]
CHR Extension: (YouTube) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-24]
CHR Extension: (Sheets) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-24]
CHR Extension: (Viramate) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fgpokpknehglcioijejfeebigdnbnokj [2018-04-06]
CHR Extension: (Google Docs Offline) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-24]
CHR Extension: (Chrome Media Router) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-06]
CHR Profile: C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 4 [2018-09-03]
CHR Extension: (Slides) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-30]
CHR Extension: (Docs) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-30]
CHR Extension: (Google Drive) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-30]
CHR Extension: (YouTube) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-30]
CHR Extension: (Sheets) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-30]
CHR Extension: (Google Docs Offline) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-26]
CHR Extension: (Gmail) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-30]
CHR Extension: (Chrome Media Router) - C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-30]
CHR Profile: C:\Users\Ruroka\AppData\Local\Google\Chrome\User Data\System Profile [2018-09-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8404720 2019-10-22] (BattlEye Innovations e.K. -> )
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Google Inc -> Google Inc.)
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2018-04-02] (Creative Labs) [File not signed]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
S2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [122880 2017-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [7037344 2019-05-22] (Binary Fortress Software Ltd. -> Binary Fortress Software)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [781440 2018-12-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-01-23] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2100736 2014-06-04] (MSI) [File not signed]
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4026368 2014-06-06] (MSI) [File not signed]
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2118144 2014-07-28] () [File not signed]
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4156928 2014-08-27] () [File not signed]
S2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [1992192 2014-08-19] () [File not signed]
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2242560 2014-09-01] () [File not signed]
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2063360 2014-07-28] () [File not signed]
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [550400 2014-08-13] () [File not signed]
S2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1723856 2014-09-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star International)
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; O:\New folder\New folder\Origin\OriginClientService.exe [2425136 2019-11-12] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; O:\New folder\New folder\Origin\OriginWebHelperService.exe [3303736 2019-11-12] (Electronic Arts, Inc. -> Electronic Arts)
S3 PAExec; C:\Windows\PAExec.exe [189112 2017-01-27] (Power Admin LLC -> Power Admin LLC)
S2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-11] (Qualcomm Atheros) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12054872 2019-10-10] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-10-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-08] (AVG Technologies -> AVG Technologies)
S1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
S2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-10-16] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 CORSGKB; C:\WINDOWS\system32\drivers\CORSGKB.sys [25600 2012-03-27] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1074984 2017-01-18] (Creative Technology Ltd -> Creative Technology Ltd)
S3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [42792 2017-01-18] (Creative Technology Ltd -> Creative Technology Ltd)
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\DRIVERS\evolve.sys [21656 2015-02-11] (Echobit, LLC -> Echobit, LLC)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows (R) Win 7 DDK provider)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2016-07-26] (Intel(R) Smart Connect software -> )
S3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-09-15] (Microsoft Windows -> Qualcomm Atheros, Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-01-23] (Logitech Inc -> Logitech Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-11-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (Micro-Star Int'l Co. Ltd. -> MSI)
S3 NTIOLib_MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_MSIFrequency_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\CPU_Frequency\NTIOLib_X64.sys [13368 2012-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_MSIRatio_CC; C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_830a0263f2ee97ce\nvlddmkm.sys [22370696 2019-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 VBAudioVMAUXVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2017-09-01] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-09-01] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S1 VBoxUSBMon; C:\WINDOWS\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (Duodian Online Technology Co. Ltd. -> BigNox Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-10-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [351968 2019-10-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-28] (Microsoft Windows -> Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel(R) Software -> Intel Corporation)
S1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [310536 2019-10-17] (Beijing Duodian Online Science and Technology Co.,Ltd -> BigNox Corporation)
S3 GPUZ; \??\C:\Users\Ruroka\AppData\Local\Temp\GPUZ.sys [X] <==== ATTENTION
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-14 18:20 - 2019-11-14 18:21 - 000132305 _____ C:\Users\Ruroka\Desktop\Addition.txt
2019-11-14 18:19 - 2019-11-14 18:23 - 000042663 _____ C:\Users\Ruroka\Desktop\FRST.txt
2019-11-14 18:19 - 2019-11-14 18:23 - 000000000 ____D C:\FRST
2019-11-14 18:18 - 2019-11-14 18:18 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-11-14 18:14 - 2019-11-14 18:14 - 002260480 _____ (Farbar) C:\Users\Ruroka\Desktop\FRST64.exe
2019-11-14 18:09 - 2019-11-14 18:09 - 000000218 _____ C:\Users\Ruroka\AppData\Local\recently-used.xbel
2019-11-14 17:25 - 2019-11-14 17:25 - 000000000 ____D C:\Users\Ruroka\AppData\Local\ElevatedDiagnostics
2019-11-14 16:51 - 2019-11-14 16:51 - 000000000 ____D C:\Users\Ruroka\Desktop\New folder
2019-11-14 16:47 - 2019-11-14 18:18 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-11-14 16:47 - 2019-11-14 16:49 - 000000024 _____ C:\Users\Ruroka\Desktop\DiskInfo.ini
2019-11-14 16:41 - 2019-11-14 18:20 - 000910044 _____ C:\WINDOWS\ntbtlog.txt
2019-11-14 10:50 - 2019-11-12 19:20 - 005419576 _____ (Crystal Dew World) C:\Users\Ruroka\Desktop\DiskInfo64K.exe
2019-11-14 10:49 - 2019-11-14 10:49 - 048732624 _____ C:\Users\Ruroka\Desktop\CrystalDiskInfo8_3_2KureiKei.zip
2019-11-13 22:51 - 2019-11-14 08:54 - 004986936 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-11-12 17:54 - 2019-11-12 17:54 - 000000000 ____D C:\ProgramData\Ubisoft
2019-11-12 13:39 - 2019-11-12 13:39 - 023455232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 022137120 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 019014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 012960256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 012258816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 011724288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 009941504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 009667896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 007872000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 007700696 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 007656072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 006934016 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 006547896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 006318328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 005770240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 005608336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 005575168 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 005573232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 004873216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AI.MachineLearning.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 004661760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 004413936 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 004049920 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 003906560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 003872336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 003656792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 003637760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 003624448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 003576832 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 003496448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AI.MachineLearning.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 003333632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 003082752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 002918200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 002871824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 002848768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 002699976 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 002698752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 002628112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 002348544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 002109960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 002072176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 002050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001966096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 001933408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001918792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001702600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-11-12 13:39 - 2019-11-12 13:39 - 001677808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001668784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001666440 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001644544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001538560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 001486472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001473296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 001465472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001346216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-11-12 13:39 - 2019-11-12 13:39 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001294792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001267240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-11-12 13:39 - 2019-11-12 13:39 - 001262592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001258512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001183504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 001180248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 001054224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 001050112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 001049608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 001024712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 001022464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\assignedaccessmanagersvc.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000888560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000862008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000856424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000811536 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000808272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000801792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000782968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000775768 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000773208 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000747536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000741688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000661264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000642560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessManager.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000604344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000591160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000588816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000553784 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000542320 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000536320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000535080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000514600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000509968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000505640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000486400 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-11-12 13:39 - 2019-11-12 13:39 - 000473832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000465416 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000462352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000450632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000445752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000435512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000427832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000389408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000385848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ComposableShellProxyStub.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000262152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-11-12 13:39 - 2019-11-12 13:39 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000213304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-11-12 13:39 - 2019-11-12 13:39 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000160272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000152896 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComposableShellProxyStub.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000141736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prntvpt.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000120352 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000118480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000112168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinHvPlatform.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellExtFramework.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000090632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000087080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000086840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000086744 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-11-12 13:39 - 2019-11-12 13:39 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000071696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000061480 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessRuntime.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AssignedAccessRuntime.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\compact.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compact.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-11-12 13:39 - 2019-11-12 13:39 - 000023768 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000020144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-11-12 13:39 - 2019-11-12 13:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-11-12 13:39 - 2019-11-12 13:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-11-12 13:39 - 2019-11-12 13:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-11-12 13:39 - 2019-11-12 13:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-11-12 13:39 - 2019-11-12 13:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-11-12 13:39 - 2019-11-12 13:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-11-12 13:39 - 2019-11-12 13:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-11-12 13:39 - 2019-11-12 13:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-11-12 13:38 - 2019-11-12 13:38 - 000667664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-11-12 13:38 - 2019-11-12 13:38 - 000520208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2019-11-12 13:38 - 2019-11-12 13:38 - 000198968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-11-06 12:59 - 2019-11-06 12:59 - 000001010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-11-05 16:56 - 2019-11-07 21:35 - 000016586 _____ C:\Users\Ruroka\Desktop\KM coverletter.odt
2019-10-27 16:54 - 2019-10-27 16:54 - 001115213 _____ C:\Users\Ruroka\Downloads\410128_20191028_064520_226496212.mp4
2019-10-26 10:28 - 2019-10-26 10:32 - 000000000 ____D C:\ProgramData\HitmanPro
2019-10-26 10:28 - 2019-10-26 10:28 - 011539456 _____ (SurfRight B.V.) C:\Users\Ruroka\Downloads\HitmanPro_x64.exe
2019-10-26 10:25 - 2019-10-26 10:25 - 007622344 _____ (Malwarebytes) C:\Users\Ruroka\Downloads\AdwCleaner.exe
2019-10-26 10:11 - 2019-10-26 10:11 - 000000000 ____D C:\Users\Ruroka\AppData\Local\mbam
2019-10-26 10:10 - 2019-10-31 17:54 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-10-26 10:10 - 2019-10-26 10:10 - 000000000 ____D C:\Users\Ruroka\AppData\Local\mbamtray
2019-10-26 10:10 - 2019-10-26 10:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-26 10:10 - 2019-10-26 10:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-26 10:10 - 2019-10-26 10:10 - 000000000 ____D C:\Program Files\Malwarebytes
2019-10-26 10:10 - 2019-06-26 12:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-10-26 10:08 - 2019-10-26 10:08 - 064333800 _____ (Malwarebytes ) C:\Users\Ruroka\Downloads\mb3-setup-1878.1878-3.8.3.2965.exe
2019-10-26 10:07 - 2019-10-26 10:07 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Ruroka\Downloads\rkill.exe
2019-10-24 10:43 - 2019-10-25 10:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTG Arena
2019-10-17 18:54 - 2019-10-17 18:54 - 000003912 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper
2019-10-17 18:51 - 2019-10-17 18:51 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk
2019-10-17 18:51 - 2019-10-17 18:51 - 000001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2019-10-17 18:50 - 2019-10-17 18:50 - 000000000 ____D C:\Program Files\BlueStacks
2019-10-17 18:46 - 2019-10-17 18:50 - 000000000 ____D C:\Users\Ruroka\AppData\Local\BlueStacksSetup
2019-10-17 18:46 - 2019-10-17 18:50 - 000000000 ____D C:\Users\Public\BlueStacks
2019-10-17 18:45 - 2019-10-17 18:45 - 000938632 _____ (BlueStack Systems Inc.) C:\Users\Ruroka\Downloads\BlueStacksInstaller_4.140.11.1002_native_9a81f6a0e754ce0badb38ad1b4d11bf9.exe
2019-10-17 17:50 - 2019-11-04 12:12 - 000000000 ____D C:\Users\Ruroka\AppData\Local\NoxSrv
2019-10-17 17:50 - 2019-10-17 17:50 - 000000041 _____ C:\Users\Ruroka\inst.ini
2019-10-17 17:50 - 2019-10-17 17:50 - 000000000 ____D C:\Program Files (x86)\Bignox
2019-10-17 17:41 - 2019-10-17 17:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ax0b.CIS
2019-10-17 17:41 - 2019-10-17 17:41 - 000000000 ____D C:\Users\Ruroka\AppData\Local\NoxInsPackFileder
2019-10-16 11:06 - 2019-10-16 11:06 - 063390528 _____ (Electronic Arts) C:\Users\Ruroka\Downloads\OriginThinSetup.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-14 18:22 - 2019-02-15 09:49 - 000935300 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-14 18:22 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
2019-11-14 18:17 - 2019-02-15 09:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-14 18:17 - 2018-09-15 01:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-11-14 18:17 - 2016-06-05 22:21 - 000000000 ____D C:\Users\Ruroka\AppData\Roaming\BitTorrent Sync
2019-11-14 18:09 - 2019-05-27 19:32 - 000000000 ____D C:\Users\Ruroka\AppData\Roaming\deluge
2019-11-14 17:43 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-14 17:36 - 2017-01-01 01:57 - 000000000 ____D C:\Users\Ruroka\AppData\LocalLow\Mozilla
2019-11-14 17:35 - 2017-01-27 21:20 - 000000000 ____D C:\ProgramData\NVIDIA
2019-11-14 17:34 - 2019-02-15 09:53 - 000003248 _____ C:\WINDOWS\system32\Tasks\GPU Tweak II
2019-11-14 17:33 - 2014-09-21 01:11 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-11-14 16:49 - 2017-12-06 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-11-14 16:40 - 2019-02-15 09:50 - 000000000 ____D C:\Users\Ruroka
2019-11-14 16:21 - 2018-05-16 15:06 - 000000000 ____D C:\Users\Ruroka\AppData\Local\Ubisoft Game Launcher
2019-11-14 16:18 - 2014-09-21 07:10 - 000000000 ____D C:\Program Files (x86)\Samsung Magician
2019-11-14 16:05 - 2019-02-15 09:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-14 08:54 - 2019-02-15 09:53 - 000004530 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-11-14 08:54 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-11-14 08:54 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-11-13 22:51 - 2019-02-15 09:53 - 000004578 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-11-13 21:52 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-11-13 19:54 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-13 19:47 - 2019-02-16 00:58 - 000000000 ____D C:\Users\Ruroka\AppData\Roaming\Discord
2019-11-13 10:14 - 2014-09-20 21:06 - 000748816 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-11-13 10:04 - 2019-02-15 09:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-11-13 10:04 - 2019-02-15 09:53 - 000000000 ___RD C:\Users\Ruroka\3D Objects
2019-11-13 10:04 - 2018-05-01 18:05 - 000000000 ___RD C:\Users\Ruroka\Virtual Machines
2019-11-13 10:03 - 2019-02-15 09:47 - 000431464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-11-12 23:44 - 2018-09-15 02:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-11-12 23:44 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-11-12 23:44 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-11-12 23:44 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-11-12 23:44 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-11-12 23:44 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-11-12 23:44 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-11-12 23:44 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-11-12 13:46 - 2014-09-21 00:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-11-12 13:40 - 2018-09-15 02:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-11-12 13:40 - 2014-09-21 00:33 - 128443096 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-11-10 22:42 - 2019-02-06 23:09 - 000000000 ____D C:\ProgramData\Origin
2019-11-10 18:21 - 2018-12-24 12:27 - 000000109 _____ C:\Users\Ruroka\Desktop\listen.pls
2019-11-10 18:19 - 2019-02-11 00:15 - 000000000 ____D C:\Users\Ruroka\AppData\Roaming\Origin
2019-11-06 13:53 - 2019-02-15 10:01 - 000000000 ____D C:\Users\Ruroka\AppData\Local\Comms
2019-11-06 13:52 - 2019-02-15 09:53 - 000000000 ____D C:\Users\Ruroka\AppData\Local\Packages
2019-11-06 12:59 - 2018-01-30 23:44 - 000000000 ____D C:\Users\Ruroka\AppData\Local\TeamViewer
2019-11-05 14:19 - 2019-04-02 13:38 - 000003712 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-523977749-2779465332-2768229729-1000UA1d4e98351ffb88f
2019-11-05 14:19 - 2019-04-02 13:38 - 000003444 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-523977749-2779465332-2768229729-1000Core1d4e98351fbe860
2019-11-04 12:15 - 2016-07-13 22:32 - 000000000 ____D C:\Users\Ruroka\AppData\Local\Nox
2019-11-04 12:12 - 2019-09-24 15:44 - 000000300 _____ C:\Users\Ruroka\d4ac4633ebd6440fa397b84f1bc94a3c.7z
2019-11-04 12:12 - 2019-06-07 16:06 - 000000000 ____D C:\Users\Ruroka\.BigNox
2019-11-04 12:12 - 2018-12-06 13:01 - 000000000 ____D C:\Users\Ruroka\vmlogs
2019-11-04 12:12 - 2016-08-19 09:01 - 000000000 ____D C:\Users\Ruroka\.android
2019-11-03 12:27 - 2014-12-26 18:19 - 000000000 ____D C:\Users\Ruroka\AppData\Local\DisplayFusion
2019-11-02 10:30 - 2017-12-02 21:55 - 000000000 ____D C:\Users\Ruroka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-11-02 09:55 - 2015-01-09 03:34 - 000000000 ____D C:\Users\Ruroka\AppData\Local\CrashDumps
2019-11-01 16:42 - 2019-02-15 10:10 - 000000000 ____D C:\ProgramData\Packages
2019-11-01 09:45 - 2017-08-08 07:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-11-01 09:45 - 2014-09-21 00:05 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-10-30 12:49 - 2019-07-18 12:13 - 000044042 _____ C:\Users\Ruroka\Desktop\Resume.pdf
2019-10-29 19:38 - 2014-09-20 11:33 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-28 19:22 - 2019-02-15 09:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-10-27 09:01 - 2019-02-15 10:22 - 000000000 ____D C:\Users\Ruroka\AppData\Local\D3DSCache
2019-10-26 10:23 - 2014-11-08 01:39 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-10-26 10:10 - 2018-09-15 02:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-10-24 19:50 - 2017-06-05 17:19 - 000000000 ____D C:\Users\Ruroka\AppData\Roaming\discordptb
2019-10-24 11:28 - 2019-08-27 15:37 - 000039525 _____ C:\Users\Ruroka\Desktop\Cover Letter.pdf
2019-10-17 18:50 - 2016-04-21 21:42 - 000000000 ____D C:\Users\Ruroka\AppData\Local\BlueStacks
2019-10-17 17:50 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\Registration
2019-10-17 17:41 - 2019-03-10 13:36 - 000000070 _____ C:\Users\Ruroka\AppData\Local\update_progress.txt

==================== Files in the root of some directories ========

2016-03-31 21:46 - 2016-04-24 22:29 - 000001411 _____ () C:\Users\Ruroka\AppData\Roaming\.syncplay.log
2018-07-26 09:44 - 2018-09-28 23:12 - 000000134 _____ () C:\Users\Ruroka\AppData\Roaming\licecap.ini
2017-09-17 12:49 - 2017-09-17 12:56 - 000033882 _____ () C:\Users\Ruroka\AppData\Roaming\VoiceMeeterDefault.xml
2015-11-16 02:14 - 2015-11-16 02:14 - 001065984 _____ () C:\Users\Ruroka\AppData\Local\file__0.localstorage
2019-11-14 18:09 - 2019-11-14 18:09 - 000000218 _____ () C:\Users\Ruroka\AppData\Local\recently-used.xbel
2017-05-01 14:32 - 2017-05-01 14:32 - 000000017 _____ () C:\Users\Ruroka\AppData\Local\resmon.resmoncfg
2019-03-10 13:36 - 2019-10-17 17:41 - 000000070 _____ () C:\Users\Ruroka\AppData\Local\update_progress.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

In my spam folder I received and email entitled I Know, which claims to have installed malware RAT that has videos me in a compromising situation and wants ransom to prevent these videos from being published. It then states the malware has been removed without a trace. The email has displayed a very old unused password of mine.

A quick scan with Avira shows no detection and MBAM free is currently scanning. I don't notice any problems with the pc. There were never any compromising situations in front of this pc camera and the camera also has tape over the lens.

What should be the next step ? Or just ignore it as scam as shown in some search engines?

https://www.techsupportforum.com/for...t-1239092.html


Sorry for the inactivity I did what was last asked for
Start:: VirusTotal: E:\Pictures\New folder\107GRJ518\AR107518\'´š's-ƒƒCƒhI\'´š's-ƒƒCƒhI.exe End::\

Attached Files

Fixlog.txt (624 Bytes)

Cannot open Chrome

In addition, every time I try to uninstall chromium, i can't even find the program in my add/remove programs tool.

Really frustrating.

In addition, I don't know why but it won't allow me to upload the addition for some reason.

Attached Files

FRST.txt (50.5 KB)

I have a HiJack this log I need looking at, please see the second post

I just ran a program called Advanced System Repair. My computer (Windows 7) has gotten extremely slow so I was looking for a way to clear my cache as a start. Anyway, the program found about 1 million things that needed correction. But of course, to fix all problems requires a license for $29.95. Has anyone had any experience with this program? Is it worth $29.95?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2020
Ran by ron (administrator) on DESKTOP-T7FEF9L (Dell Inc. OptiPlex 7010) (21-01-2020 10:10:53)
Running from C:\Users\ron\Downloads
Loaded Profiles: ron (Available Profiles: ron)
Platform: Windows 10 Pro Version 1809 17763.973 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Byte Technologies LLC -> Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
(Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Byte Technologies LLC -> Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2917632 2016-11-22] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2016-11-22] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1178912 2016-05-09] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-06] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\...\Run: [DellSystemDetect] => C:\Users\ron\AppData\Local\Apps\2.0\TDKK3HDC.PKC\DXLOK7LW.LM0\dell..tion_831211ca63b981c5_0008.0005_9a48d74816d64e41\DellSystemDetect.exe [313264 2017-07-21] (Dell Inc -> Dell)
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\...\Run: [Chromium] => c:\users\ron\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-16] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06661EBD-EFC8-4105-8A0A-9DD03AB896FB} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {07070EC9-85EB-419E-83BB-C177B3970A43} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {09242B71-6269-4786-8564-E03237145E03} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {523F3693-07ED-49F0-9EC5-9F9F088C25A8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5BAF6494-726E-45CD-B796-4AC09882041C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [4747720 2014-06-27] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {61286F8D-BEFE-4E56-A9D6-59AD1242D5CD} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [3917128 2019-11-20] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
Task: {67DA32EB-6202-483E-82ED-CD6DA817561B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {68BC3FF4-5054-40CE-9009-F16A13426F29} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-06] (Piriform Ltd -> Piriform Ltd)
Task: {7C7BA83D-D8A4-4222-8CB7-F1713CD8A0D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-23] (Google Inc -> Google Inc.)
Task: {A0BAADFC-5A1F-4BC1-A76A-9EEB83DCB434} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {A4A5CA02-D9D9-4748-878C-92D8E395AE97} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
Task: {B4787F19-F475-405A-B819-294EEBD9DD0D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5753752 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
Task: {BC921946-1FBE-4F98-A93F-D5D6CF2A4796} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {C1312372-9244-44A0-8BCF-48E799B1E670} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [435672 2017-05-29] (Dell Inc. -> PC-Doctor, Inc.)
Task: {C3EBD308-8D32-4F34-927A-3C183B439451} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-23] (Google Inc -> Google Inc.)
Task: {F050493F-9257-4C53-A4C4-326A5249E61F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6193080 2016-03-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CouponViewer Toolbar.job => C:\Users\ron\AppData\Local\Programs\CouponViewer\Add-On\2017.4.2.1\CVHP.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b7e96db6-2283-43b8-be95-9b21cc9a539d}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.palikan.com/?f=1&a=plk_coinisreb_18_04&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtBtCtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0F0F0AyCtB0ByCtGyC0FyC0CtG0FtCtDzztGtA0E0AyBtGtAzztAzytDyEtCtBtDtCtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutB&cr=301444270&ir=
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_04&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtBtCtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0F0F0AyCtB0ByCtGyC0FyC0CtG0FtCtDzztGtA0E0AyBtGtAzztAzytDyEtCtBtDtCtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutB&cr=301444270&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_17_42_ssg02&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtCtCyBtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyBzztCtBzztD0FtGyD0AtCyEtGyE0EyDyBtGyCtDtAtCtGyByDyCtDtCyEzzyDyE0E0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyEyDyBtD&cr=2034830137&ir=&q={searchTerms}
SearchScopes: HKLM-x32 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_04&cd=2XzuyEtN2Y1L1QzuzytD0BtCtC0CzztB0D0CtCzytByEyD0EtN0D0Tzu0StBtBtCtAtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0F0F0AyCtB0ByCtGyC0FyC0CtG0FtCtDzztGtA0E0AyBtGtAzztAzytDyEtCtBtDtCtBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBtAzzyEtDyCtGtCzy0FtBtGyE0B0FtBtG0B0CzzyBtGtA0AyEzyyEtAtC0B0BtB0E0F2QtN0A0LzutB&cr=301444270&ir=&q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-06-14] (Google Inc -> Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-06-14] (Google Inc -> Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-06-14] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-06-14] (Google Inc -> Google Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\system\ole db\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [File not signed]

Edge:
======
DownloadDir: C:\Users\ron\Downloads

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3075259716-4219239708-4241734008-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2019-06-27] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-3075259716-4219239708-4241734008-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2019-06-27] (TD Ameritrade -> TD Ameritrade)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default [2020-01-17]
CHR Extension: (Docs) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (Google Drive) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-05]
CHR Extension: (YouTube) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-05]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-10-25]
CHR Extension: (Google Docs Offline) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-09-11]
CHR Extension: (Avast Online Security) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-09-11]
CHR Extension: (Autofill) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2019-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-25]
CHR Extension: (Search Manager) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2019-10-31]
CHR Extension: (Gmail) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-11]
CHR Extension: (Chrome Media Router) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-31]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKU\S-1-5-21-3075259716-4219239708-4241734008-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [160584 2019-11-20] (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-05-09] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [297288 2018-04-11] (Byte Technologies LLC -> Byte Technologies LLC.) <==== ATTENTION
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-15] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-15] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-02] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c65x64.sys [488736 2016-11-22] (Intel(R) Intel Network Drivers -> Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2540800 2016-11-22] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-08-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-08-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-21 10:10 - 2020-01-21 10:12 - 000026902 _____ C:\Users\ron\Downloads\FRST.txt
2020-01-21 10:09 - 2020-01-21 10:09 - 002572800 _____ (Farbar) C:\Users\ron\Downloads\FRST64.exe
2020-01-17 19:34 - 2020-01-17 19:34 - 000003129 _____ C:\WINDOWS\wininit.ini
2020-01-15 11:15 - 2020-01-15 11:17 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2020-01-15 11:15 - 2020-01-15 11:17 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 009668408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-15 11:12 - 2020-01-15 11:12 - 008905728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 007922688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 006543736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-01-15 11:12 - 2020-01-15 11:12 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 002323896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001677088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001665712 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 001200920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-01-15 11:12 - 2020-01-15 11:12 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000651776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-01-15 11:12 - 2020-01-15 11:12 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000541264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000410616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000350416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000154976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-01-15 11:12 - 2020-01-15 11:12 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000122568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2020-01-15 11:12 - 2020-01-15 11:12 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-01-15 11:11 - 2020-01-15 11:11 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-15 11:11 - 2020-01-15 11:11 - 002419712 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-01-15 11:11 - 2020-01-15 11:11 - 002149160 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 001936520 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 001670800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 001258296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-15 11:11 - 2020-01-15 11:11 - 001084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-01-15 11:11 - 2020-01-15 11:11 - 001049400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-01-15 11:11 - 2020-01-15 11:11 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000677144 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000405304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-01-15 11:11 - 2020-01-15 11:11 - 000378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2020-01-15 11:11 - 2020-01-15 11:11 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-01-15 11:11 - 2020-01-15 11:11 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-01-15 11:11 - 2020-01-15 11:11 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-21 10:11 - 2017-05-17 14:40 - 000000000 ____D C:\FRST
2020-01-21 10:09 - 2017-10-18 12:51 - 000002320 _____ C:\Users\ron\Desktop\Chromium.lnk
2020-01-21 10:09 - 2016-11-22 18:27 - 000001851 _____ C:\Users\ron\Desktop\Command Prompt.lnk
2020-01-21 09:48 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-21 09:26 - 2018-01-22 19:26 - 000000000 ____D C:\Program Files\ByteFence
2020-01-21 09:24 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-21 09:24 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-21 09:23 - 2019-06-07 17:44 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-17 10:21 - 2018-06-13 09:06 - 000000154 _____ C:\Users\ron\AppData\Roaming\WB.CFG
2020-01-16 19:32 - 2016-11-23 13:14 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-16 19:32 - 2016-11-23 13:14 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-16 19:32 - 2016-11-23 13:14 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-01-16 12:54 - 2016-11-22 18:27 - 000190464 _____ C:\Users\ron\Desktop\D1A52E40.xls
2020-01-16 09:22 - 2017-07-07 08:40 - 000000000 ____D C:\Program Files\UNP
2020-01-16 09:15 - 2018-09-15 02:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-16 09:15 - 2018-07-24 16:58 - 000000000 ____D C:\Users\ron\AppData\Local\CrashDumps
2020-01-16 09:14 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
2020-01-16 09:07 - 2019-06-07 17:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-16 09:07 - 2019-06-07 17:24 - 000286440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-01-15 19:41 - 2018-09-15 01:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-15 19:40 - 2018-09-15 02:33 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-01-15 19:40 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-15 19:40 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-15 11:20 - 2016-11-22 15:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-15 11:18 - 2016-11-22 15:24 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-15 10:48 - 2019-06-07 17:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-15 09:18 - 2016-12-03 04:26 - 000000000 ____D C:\Users\ron\AppData\Local\ConnectedDevicesPlatform
2020-01-14 09:37 - 2016-11-22 17:21 - 000000000 ____D C:\Users\ron\AppData\Local\Comms

==================== Files in the root of some directories ========

2018-06-13 09:06 - 2020-01-17 10:21 - 000000154 _____ () C:\Users\ron\AppData\Roaming\WB.CFG
2018-03-05 17:30 - 2018-03-05 17:30 - 000000017 _____ () C:\Users\ron\AppData\Local\resmon.resmoncfg
2018-12-11 13:38 - 2018-12-11 13:38 - 000000000 _____ () C:\Users\ron\AppData\Local\{234FAE3F-78C9-4DE1-92C2-54166F8A376A}
2019-03-05 11:23 - 2019-03-05 11:23 - 000000000 _____ () C:\Users\ron\AppData\Local\{60C9BEBD-44CA-4C42-ADC7-90F70DDBFCBD}
2019-01-29 08:54 - 2019-01-29 08:54 - 000000000 _____ () C:\Users\ron\AppData\Local\{6A79A31C-3C80-4A8E-A91C-C013068FD406}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

I have been getting lots of trojans popping up in Windows Security, I go through the motions of removing them, but they keep coming back after restarting. Now I think they keep coming back as different named ones.
My computer will not upload the FRST or ADDITION files so I am starting this thread from another computer for now.

Computer is a Pre-built 64-bit, windows 10 Professional O.S.
Intel Core 2 quad CPU, Q6600 @ 2.4 GHz 2.39 GHz
4 GB Ram

I could only get the FRST file uploaded before now getting BLOCKED from your site.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2020 01
Ran by Owner (administrator) on BRIANDESKTOP (Dell Inc. OptiPlex 755) (22-01-2020 17:12:43)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & supportaccount & DefaultAppPool)
Platform: Windows 10 Pro Version 1903 18362.592 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bluebeam, Inc. -> Bluebeam, Inc.) C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Revu\BBPrint.exe
(CyberLink -> Cyberlink Corp.) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Kaspersky Lab -> Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(NTI Corporation -> ) C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Sage Software, Inc. -> Sage) C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
(Sage Software, Inc. -> Sage) C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer -> TeamViewer GmbH) C:\Users\Owner\AppData\Roaming\Batiscaf\defwin.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-21] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Pushbutton PDF\Bluebeam Admin User.exe [107568 2019-04-17] (Bluebeam, Inc. -> Bluebeam, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Revu\BBPrint.exe [880688 2019-04-17] (Bluebeam, Inc. -> Bluebeam, Inc.)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (CyberLink -> Cyberlink Corp.) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [386392 2019-12-07] (Sage Software, Inc. -> Sage)
HKLM-x32\...\Run: [BackupNowEZ4Tray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\Bunez4Tray.exe [1089712 2016-10-21] (NTI Corporation -> NTI Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\1.3.35.422\GoogleUpdateCore.exe [219592 2019-12-15] (Google LLC -> Google LLC)
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198000 2019-12-18] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --notification-launch-id="3|0|Default|0|hxxps://www.youtube.com/|p#hxxps://www.youtube.com/#1Abraham Hicks Love Yourself Into Alignment No Ads DuringRecommended: And Joyhxxps://lh5.googleusercontent.com/-XBvK8XLGuPc/AAAAAAAAAAI/AAAAAAAAAAA/SObKNmNihmw/s96-mo/photo.jpg" --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\MountPoints2: {907b6325-bffc-11e3-8be2-806e6f6e6963} - "D:\start.exe"
HKLM\Software\...\AppCompatFlags\Custom\Acrobat.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\Acrobat.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\AcroRd32.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\AcroRd32.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\EXCEL.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\EXCEL.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\INFOPATH.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\INFOPATH.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\java.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\java.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaw.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaw.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaws.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaws.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\LYNC.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\LYNC.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSACCESS.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSACCESS.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSPUB.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSPUB.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OIS.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OIS.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OUTLOOK.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OUTLOOK.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\POWERPNT.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\POWERPNT.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\PPTVIEW.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\PPTVIEW.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VISIO.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VISIO.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VPREVIEW.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VPREVIEW.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\WINWORD.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\WINWORD.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\wordpad.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\wordpad.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\InstalledSDB\{e1c810aa-f7cc-4aaf-ada1-181863075f9b}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb [2016-12-26]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{f8c4cc07-6dc4-418f-b72b-304fcdb64052}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb [2016-12-26]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk [2020-01-22]
ShortcutTarget: Windows Defender.lnk -> C:\Users\Owner\AppData\Roaming\Batiscaf\defwin.exe (TeamViewer -> TeamViewer GmbH)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {003CDC2E-93C2-4FD7-ADE6-D189B3F331FE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {00FC7519-833A-415B-B0BB-E0A6D8E2F60E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {03C16BC1-F4F3-44A7-994D-35A28CB681A9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {043F0B55-4022-4D6B-B267-B358C2DB6CCE} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {052B12E6-DC6F-4B0E-9878-ADF6C2FC00D0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0573E675-FA70-4A16-948C-551C99B695A0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0906F0AB-A8CD-435F-BDA4-0932697C3AF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
Task: {098F8197-0609-42C8-8137-75D17DE4D323} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0EFAF3D1-8991-4545-9D6D-5BD0E164BC46} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
Task: {16296365-C78D-4E16-84A5-12997B4A1BA5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {203D2B5D-DBAB-45F6-801F-292E6E1C130C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2D591A9C-4ADB-433D-9DE5-2DF5F1F02573} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. -> Adobe)
Task: {2D9D6A1A-4A91-4546-BDA6-02BF8AE04A0D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2941010735-3585041794-3592001094-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe [41536 2017-03-08] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {30B9A528-3F8B-4A5D-BB2B-41B7B351F426} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {32B952E2-1958-412A-816D-B9919C1DE7F7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantAllUsersRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {3518859E-2071-4F49-9D05-4CD4B764ECBA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {455AD01A-A8CE-4F17-98BF-D4973293B211} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BCD6644-903D-417C-8943-2580435717C0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5CCC1466-E0BC-46E5-89B2-ED866138B13D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6030F09E-8D4C-4933-AD8A-4128FCEA57D3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {610A82AC-5BF0-486F-9CAF-B58EC26C2BBB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6121F116-9746-441A-9CDC-350729AA44DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941010735-3585041794-3592001094-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-20] (Google Inc -> Google Inc.)
Task: {63D0110B-9C57-42ED-BB1E-A1BAFE55D744} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6619266F-8CB4-4F3C-827F-7F0AC193F7A4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {66649AED-C261-4CFE-ADA5-C6286218026A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {6C103E98-1636-4300-9B3D-BB9415462B4B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7557BBCE-0C80-4E7A-A9F9-35F960610A55} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {7A1EAC41-2F2F-4A37-B4B2-9D91A4315AC5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7EC8CF87-DC24-4E8A-9B97-D4E20E6867A5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_pepper.exe [1453624 2020-01-21] (Adobe Inc. -> Adobe)
Task: {82125653-3B24-47E6-BA6A-FE584E3436AD} - System32\Tasks\{20481B20-8659-4CEA-8F80-85FDB2A7B758} => C:\Windows\system32\pcalua.exe -a D:\AutoRunPro.exe -d D:\
Task: {8AA89A41-ABB4-4692-8E0B-40A1F14E294F} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {8C51AA78-3039-4B6B-B9AA-019F8F6D130F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {8F313ABA-6BF1-41E8-8FD2-46BB7435A747} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {A2145D31-F1A3-411E-B90B-9AE1B0B34549} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A34D8CB6-5C8C-414D-A959-D9ED162EA2F9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {A9BB17FB-7177-4C9A-9158-147DDA9EFBC0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {AD9F190F-B2C4-4722-AEE6-469892D6E329} - System32\Tasks\G2MUploadTask-S-1-5-21-2941010735-3585041794-3592001094-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe [41536 2017-03-08] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {AF8D3E46-F763-4AFF-8844-5E52834750FD} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B352AC5F-B4CE-4DAA-B3E1-E12CAE400EDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941010735-3585041794-3592001094-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-20] (Google Inc -> Google Inc.)
Task: {BC4DE2DF-6FA9-47CF-8937-E8B950836E9F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BD89D6BF-24A6-492E-9DD7-480BE206CC0D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C07B5952-9F2D-4F91-851E-EB8C89412D51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C7C4BE24-93A4-42F1-8921-E59072D96588} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {D0DB9595-4F69-4F57-A997-AE69C331C0DD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D2F3ED54-DA24-4657-A3D0-763719F6EDDE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D377E2CF-3176-4373-8D96-67F735D63F38} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D636A3F9-8C1B-4ECB-B565-CB5373B61D14} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DBCED337-F724-44FC-AAE0-61C4494DA67D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCA1D292-931E-45F8-8840-30FE1D2DF3DE} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA09F9F5-1F58-4E3E-8D78-3A40136219F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-22] (Google Inc -> Google Inc.)
Task: {EFA2719A-95AF-4AFB-B6BB-A7E9B6ADD9B4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F0786202-87EE-4F37-ACBF-03D38C365436} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-22] (Google Inc -> Google Inc.)
Task: {F72A7DAB-BEA1-4DDE-81CB-13AC03F80DC0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F9980EE5-9420-4004-8988-41DE42DA4BAC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FD1A77FF-417B-4029-9DE1-E6E0C185FF44} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2941010735-3585041794-3592001094-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2941010735-3585041794-3592001094-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.153.176.1 8.8.8.8
Tcpip\..\Interfaces\{3b0d0c84-b83f-4f62-94e0-ec285251d325}: [DhcpNameServer] 192.168.1.1 64.59.184.15 64.59.190.245
Tcpip\..\Interfaces\{ee62e349-4d1d-4426-ae7a-a196c4ab401b}: [DhcpNameServer] 75.153.176.1 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
SearchScopes: HKU\S-1-5-21-2941010735-3585041794-3592001094-1000 -> DefaultScope {425040C6-9BDE-414C-8BF9-1E7E1D880D6C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US876D20150913&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2941010735-3585041794-3592001094-1000 -> {425040C6-9BDE-414C-8BF9-1E7E1D880D6C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US876D20150913&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2941010735-3585041794-3592001094-1000 -> {DD1DA92C-0E5D-4A85-AC19-63D149FC9583} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D19700101&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Owner\Downloads

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin -> C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll [2012-01-11] (MiTAC International Corporation -> Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2941010735-3585041794-3592001094-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-28] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2941010735-3585041794-3592001094-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin HKU\S-1-5-21-2941010735-3585041794-3592001094-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://player.siriusxm.ca/home/foryou#/player/live","hxxps://www.facebook.com/","hxxps://webmail.telus.net/#1","hxxps://shopbadmintononline.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US876D20150913&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://www.facebook.com; hxxps://www.icy-veins.com; hxxps://www.pinterest.com; hxxps://www.youtube.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2020-01-22]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (IBM Security Rapport) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-12-27]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-26]
CHR Extension: (Honey) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-01-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-30]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-18]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-12-27]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2019-12-27]
CHR HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2015-06-22] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab -> Kaspersky Lab ZAO)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-21] (Intel Corporation -> Intel Corporation)
S4 LogService; C:\RealTick\log_service32.exe [22528 2012-10-05] (Townsend Analytics) [File not signed]
R2 NTI Backup Now EZ 4 Scheduler; C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe [105136 2016-10-21] (NTI Corporation -> )
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3001632 2019-10-06] (IBM -> IBM Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-07] () [File not signed]
S3 Sage 50 Transaction Manager 2016 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2016 - CDN\Sage_SA.TransactionManager.exe [35848 2016-12-06] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2017 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2017 - CDN\Sage_SA.TransactionManager.exe [42400 2017-06-06] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2018 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2018 - CDN\Sage_SA.TransactionManager.exe [42400 2018-05-31] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2019 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2019 - CDN\Sage_SA.TransactionManager.exe [42328 2019-06-03] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2020 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2020 - CDN\Sage_SA.TransactionManager.exe [42328 2019-12-07] (Sage Software, Inc. -> Sage)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [35160 2019-12-07] (Sage Software, Inc. -> Sage)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer -> TeamViewer GmbH)
R2 termservice; c:\program files\windows mail\appcache.xml [55296 2020-01-21] (fhhfyayy4gfgg) [File not signed] <==== ATTENTION (no ServiceDLL)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation -> Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Video Converter Ultimate (Desktop)\Transfer\DriverInstall.exe [107760 2019-09-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_db678424d2641c3d\nvlddmkm.sys [22094728 2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NxDrv; C:\WINDOWS\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc. -> SonicWALL Inc.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [429112 2019-10-06] (IBM -> IBM Corp.)
R1 RapportCerberus_1950099; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1950099.sys [1466824 2019-11-29] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [542112 2019-10-06] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [395384 2019-10-06] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [445240 2019-10-06] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [560568 2019-10-06] (IBM -> IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbser; C:\Windows\SysWOW64\drivers\usbser.sys [24192 2005-04-26] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-22 17:12 - 2020-01-22 17:14 - 000038679 _____ C:\Users\Owner\Downloads\FRST.txt
2020-01-22 17:12 - 2020-01-22 17:12 - 000000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2020-01-22 17:11 - 2020-01-22 17:11 - 000000000 ___HD C:\OneDriveTemp
2020-01-22 16:54 - 2020-01-22 16:54 - 000000000 ____D C:\Users\supportaccount\AppData\Local\PeerDistRepub
2020-01-21 22:23 - 2020-01-21 22:23 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-21 22:23 - 2020-01-21 22:23 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-21 22:23 - 2020-01-21 22:23 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-01-21 22:23 - 2020-01-21 22:23 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-01-21 22:23 - 2020-01-21 22:23 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-01-21 22:23 - 2020-01-21 22:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-01-21 22:03 - 2019-12-09 21:15 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-01-21 22:03 - 2019-12-09 20:59 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-01-21 18:02 - 2020-01-21 18:02 - 000000000 ____D C:\Users\supportaccount\AppData\Local\Comms
2020-01-21 14:54 - 2020-01-21 14:54 - 000000000 ____D C:\Users\supportaccount\AppData\LocalLow\Adobe
2020-01-21 14:54 - 2020-01-21 14:54 - 000000000 ____D C:\Users\supportaccount\AppData\Local\Adobe
2020-01-08 18:23 - 2020-01-08 18:23 - 000124806 _____ C:\Users\Owner\Downloads\Tylers kitchen with 40_ uppers.pdf
2020-01-08 17:55 - 2020-01-08 17:55 - 000145140 _____ C:\Users\Owner\Downloads\Tylers kitchen 30_ uppers (1).pdf
2020-01-08 16:12 - 2020-01-08 16:12 - 000132184 _____ C:\Users\Owner\Downloads\Tylers kitchen 30_ uppers.pdf
2020-01-08 13:10 - 2020-01-08 13:10 - 594621545 _____ C:\WINDOWS\MEMORY.DMP
2020-01-08 13:10 - 2020-01-08 13:10 - 000566948 _____ C:\WINDOWS\Minidump\010820-11734-01.dmp
2020-01-08 13:10 - 2020-01-08 13:10 - 000000000 ____D C:\WINDOWS\Minidump
2020-01-08 12:57 - 2020-01-08 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-01-07 05:21 - 2020-01-07 05:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-01-07 05:21 - 2020-01-07 05:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-01-07 05:21 - 2020-01-07 05:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-01-07 05:21 - 2020-01-07 05:21 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-01-05 15:07 - 2020-01-05 15:07 - 001239195 _____ C:\Users\Owner\Downloads\Tylers kitchen.pdf
2019-12-31 10:14 - 2019-12-31 10:14 - 000148341 _____ C:\Users\Owner\Downloads\ReceiptReport.pdf
2019-12-31 09:50 - 2020-01-21 14:26 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Batiscaf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-22 17:14 - 2019-07-22 15:08 - 000972156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-22 17:14 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-22 17:13 - 2016-12-23 23:35 - 000000000 ____D C:\FRST
2020-01-22 17:12 - 2019-12-02 10:43 - 002580480 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2020-01-22 17:11 - 2016-07-19 13:55 - 000000000 ___RD C:\Users\Owner\OneDrive
2020-01-22 17:09 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-22 17:07 - 2019-07-22 15:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-22 17:07 - 2019-07-22 14:55 - 001647392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-01-22 17:07 - 2016-09-15 22:51 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-22 17:06 - 2019-03-18 20:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-22 14:37 - 2019-07-22 15:10 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D45969D5-1613-4F7B-AFEC-C03FFEFFC0FE}
2020-01-22 13:18 - 2016-12-26 17:05 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-22 13:18 - 2016-12-26 17:05 - 000002300 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-22 13:18 - 2016-12-26 17:05 - 000002300 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-01-22 12:14 - 2019-07-22 14:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-21 22:34 - 2013-12-23 13:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-21 22:28 - 2013-12-23 13:06 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-21 22:27 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-21 22:08 - 2019-12-02 10:23 - 000000000 ____D C:\Users\supportaccount\AppData\Local\Packages
2020-01-21 22:08 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-21 22:08 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-21 14:54 - 2019-12-02 10:23 - 000000000 ____D C:\Users\supportaccount\AppData\Roaming\Adobe
2020-01-21 14:42 - 2019-12-02 10:23 - 000000000 ___RD C:\Users\supportaccount\3D Objects
2020-01-21 14:42 - 2016-04-26 22:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-01-21 14:41 - 2019-12-13 21:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\DBLite
2020-01-21 14:41 - 2019-12-08 09:54 - 000000000 ____D C:\Users\Owner\AppData\Roaming\MyLiteDB
2020-01-21 14:33 - 2016-05-04 18:20 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2020-01-21 12:11 - 2019-12-18 13:55 - 000000925 _____ C:\Windows Defender.lnk
2020-01-21 12:01 - 2019-07-22 15:10 - 000004594 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-01-21 12:01 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-01-21 12:00 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-01-09 21:08 - 2014-04-22 21:12 - 000000000 ____D C:\Users\Owner\AppData\Local\Battle.net
2020-01-08 21:59 - 2019-07-22 15:01 - 000000000 ____D C:\Users\Owner
2020-01-08 17:32 - 2014-06-30 11:41 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2020-01-08 12:57 - 2015-11-02 18:16 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-01-07 18:51 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-01-07 18:26 - 2014-06-17 16:17 - 000000000 ____D C:\Users\Owner\Documents\Li-Ning
2020-01-06 17:08 - 2015-10-14 18:07 - 000004875 _____ C:\WINDOWS\ODBC.INI
2020-01-06 16:52 - 2019-10-30 19:38 - 000000000 ____D C:\Program Files (x86)\Sage 50 Pro Accounting Version 2020
2020-01-06 16:48 - 2019-07-22 15:10 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2941010735-3585041794-3592001094-1000
2020-01-06 16:48 - 2019-07-22 15:01 - 000002409 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-06 11:29 - 2019-07-22 15:10 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-12-31 15:47 - 2016-07-19 13:50 - 000000000 ____D C:\Users\Owner\AppData\Local\Packages
2019-12-31 15:29 - 2019-12-07 12:04 - 000795250 _____ C:\WINDOWS\ntbtlog.txt
2019-12-31 15:22 - 2016-12-26 09:25 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-12-31 13:09 - 2016-12-26 17:04 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-12-31 09:32 - 2019-11-26 20:18 - 000000000 ____D C:\Users\Owner\AppData\Roaming\DScience

==================== Files in the root of some directories ========

2016-12-26 17:40 - 2016-12-30 07:23 - 000000115 _____ () C:\Users\Owner\AppData\Roaming\LogFile.txt
2014-06-07 20:29 - 2014-06-07 20:29 - 000007652 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2017-04-08 09:26 - 2017-04-08 09:26 - 000000000 _____ () C:\Users\Owner\AppData\Local\{62287BAF-A115-49BA-9240-5503F719DF52}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Although hate ordering from amazon for multiple reasons, had to yesterday. I was checking out and it asked me to add-on to my browser (Firefox) an add-on about delivery (since they never deliver as instructed and rarely get my packages I downloaded the add-on but went to Firefox to get it). I scanned with Malwarebyts shortly after and it found a PUP and quarantined it.

I immediately tried to post but every time I attached the FRST additon.txt I would get error message:


Sorry, you have been blocked
You are unable to access techsupportforum.com
Why have I been blocked?

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
What can I do to resolve this?

You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Cloudflare Ray ID: 57f9755bbd99fdb1 Your IP: 174.21.149.170 Performance & security by Cloudflare

A different number later:

Cloudflare Ray ID: 57fe01a01a10fda5 Your IP: 174.21.149.170 Performance & security by Cloudflare

Then I tried to post without Addition.txt and pasted the FRST.txt and got similar error message without number.

So, I can't seem to post any of the FRST results, without being barred from posting.

I do think I have a thumb drive with windows 10 on it.

Attached Thumbnails

 

I have an older MacBook Pro that crawls along. I suspect malware and other wares as well. Is this a topic for the Alternate Computing Forum?

Hello, I believe from the research i've done I have the soundmixer.exe trojan on my computer. I first discovered this when the command prompt wouldn't open correctly. I was just wondering if I could get instructions on getting rid of it. I've tried using Malwarebytes but it didn't detect it.

Thank you for your time.

Was directed here to post logs of a scan. I am running Win10 and using Brave/Chrome for browsers.
I first encountered the issue when launching the game Albion Online. The splash page wouldn't come up and it would not fetch the updates. Repair and reinstall options didn't do anything when clicked. I visited their site, albiononline.com which appeared as black text on a white background. Navigating to their download page results in "This page cannot be reached". Similar thing happened with another game launcher for Escape from Tarkov. When attempting to download the launcher again, the exe file would appear but it would say my pc cannot run this app. Other company's games, such as Blizzard, worked like normal.

I have tried different browsers, clearing cache, flushing DNS, release/renew IP, restarting modem and PC. Connecting to a VPN allows me to operate normally, but I never had to before this.

I have access to Win10 on a USB.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2020
Ran by tzc00 (administrator) on TANNER-HOME (28-04-2020 15:15:10)
Running from C:\Users\tzc00\Downloads
Loaded Profiles: tzc00 (Available Profiles: tzc00)
Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe <3>
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.7022\Agent.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe <10>
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\Corsair.Service.DisplayAdapter.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\Corsair.Service.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\iCUE.exe
(Electronic Arts, Inc. -> ) C:\Program Files (x86)\Origin\QtWebEngineProcess.exe <2>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.120.4062.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Slack Technologies, Inc. -> Slack Technologies Inc.) C:\Users\tzc00\AppData\Local\slack\app-4.5.0\slack.exe <7>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TunnelBear -> TunnelBear) C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
(TunnelBear -> TunnelBear) C:\Program Files (x86)\TunnelBear\TunnelBear.UI.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\iCUE.exe [32644304 2018-06-07] (Corsair Components, Inc. -> Corsair Components, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\...\Run: [Google Update] => C:\Users\tzc00\AppData\Local\Google\Update\1.3.35.452\GoogleUpdateCore.exe [217544 2020-03-20] (Google LLC -> Google LLC)
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3371296 2020-04-03] (Valve -> Valve Corporation)
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\...\Run: [GalaxyClient] => D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [7937608 2019-12-25] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [913800 2019-12-03] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3140376 2020-04-14] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\...\Run: [Discord] => C:\Users\tzc00\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [31740816 2020-04-27] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\...\Run: [com.squirrel.slack.slack] => C:\Users\tzc00\AppData\Local\slack\slack.exe [306704 2020-04-21] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [1980048 2020-04-19] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\81.1.7.98\Installer\chrmstp.exe [2020-04-21] (Brave Software, Inc.) [File not signed]
Startup: C:\Users\tzc00\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2019-11-21]
ShortcutTarget: Twitch.lnk -> C:\Users\tzc00\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E0D78F6-B113-4AC0-82AE-E4F3F0BB10DE} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C8AFF2A-000C-479F-A29C-9BB10711554A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {325685E3-CCC9-44F6-AF3D-FD4F5B18F829} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-12-03] (Nota Inc. -> Nota Inc.)
Task: {330AAEC5-2F45-4E68-B738-FBF5985BAA9F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36B05A90-EDA7-480E-A9F1-6AA300CC6962} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3E673A61-DCF0-47D7-B150-53D467C2E745} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-29] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {4A4BC48E-82BC-4BE4-823F-880851898AC1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {609B7A97-0877-47BA-A03E-D6B426261768} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {615A5189-323E-48B8-B471-79652F254318} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-14] (Adobe Inc. -> Adobe)
Task: {634CB697-4DB1-447F-9D3E-DDACEA8D5344} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6F3D8D02-9485-407D-941F-884E7D98D021} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-29] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {78A68A0A-D810-4E40-9CC4-4BEEC473A2C1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7932D456-1C59-403F-A405-B1358658E537} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_Plugin.exe [1458232 2020-04-14] (Adobe Inc. -> Adobe)
Task: {93C52B13-EF3A-4A8A-9D8E-15F4F0CFD2B4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {94CE7174-8709-4668-A11C-7A823075D6FE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {94F11C83-6A2F-4EF9-ADD6-46BE3FD28F67} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-14] (Adobe Inc. -> Adobe)
Task: {9B77B9F7-1A43-42CE-9224-081B5DB42AF8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3293168 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A42A5E66-6524-43EE-B8D2-7EFBC6D78979} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A466F165-88DD-4200-A85C-F80733CCFAB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A73D4157-75C4-4F26-B363-5FE93626909E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3501895849-3895629900-3463264977-1004Core => C:\Users\tzc00\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-09-29] (Google Inc -> Google Inc.)
Task: {AB0FA6F2-6E80-4D1B-A47A-F8C63E0BB297} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B2D95B79-3E77-4EE8-A1A0-C5EBE9E12BE2} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [784880 2019-10-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {BAA79480-A813-49E8-8EF4-763C7655C2B6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BF0BD619-4E7B-4475-A54E-540EF67DC62A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3501895849-3895629900-3463264977-1004UA => C:\Users\tzc00\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-09-29] (Google Inc -> Google Inc.)
Task: {CEF9C2F5-1263-46FA-80A7-C6543E823315} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {E8F7814E-6E84-477C-B8F9-EB0CC3A5E057} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-27] (Avast Software s.r.o. -> Avast Software)
Task: {ED8BB228-1415-43E3-A61D-8E9295C519F9} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2019-12-03] (Nota Inc. -> Nota Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{0f03de16-ce27-4b3f-a546-378fd8554f2a}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3501895849-3895629900-3463264977-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-3501895849-3895629900-3463264977-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: rz1ggtap.default-1569143622255
FF ProfilePath: C:\Users\tzc00\AppData\Roaming\Mozilla\Firefox\Profiles\rz1ggtap.default-1569143622255 [2020-04-28]
FF Plugin: @Adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_363.dll [2020-04-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_363.dll [2020-04-14] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-03-29] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-03-29] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3501895849-3895629900-3463264977-1004: @zoom.us/ZoomVideoPlugin -> C:\Users\tzc00\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-17] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default [2020-04-28]
CHR Notifications: Default -> hxxps://fres-news.com; hxxps://personal-video.live; hxxps://www.facebook.com; hxxps://www.youtube.com; hxxps://wynsys.club
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Extension: (Slides) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-29]
CHR Extension: (BetterTTV) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2020-03-25]
CHR Extension: (Docs) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-29]
CHR Extension: (Google Drive) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (YouTube) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-29]
CHR Extension: (Honey) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-04-03]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-03-31]
CHR Extension: (Sheets) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-09]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Global Twitch Emotes) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgniedifoejifjkndekolimjeclnokkb [2020-03-25]
CHR Extension: (Gmail) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\tzc00\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8615864 2020-04-17] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-29] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2020-03-29] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\Corsair Utility Engine\Corsair.Service.exe [44752 2018-06-07] (Corsair Components, Inc. -> Corsair Components, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-03-30] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 GalaxyClientService; D:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1208392 2019-12-25] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6617160 2019-12-25] (GOG Sp. z o.o. -> GOG.com)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495280 2020-04-14] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3446576 2020-04-14] (Electronic Arts, Inc. -> Electronic Arts)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13216784 2020-04-09] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [137848 2020-04-09] (TunnelBear -> TunnelBear)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [45832 2019-10-01] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-10-18] (Microsoft Corporation) [File not signed]
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45528 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21968 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz146; C:\WINDOWS\temp\cpuz146\cpuz146_x64.sys [52824 2020-04-28] (CPUID -> CPUID)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [22200 2018-10-13] (eSupport.com, Inc. -> Phoenix Technologies)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63268710a2dc3648\nvlddmkm.sys [23439080 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2020-03-31] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [67456 2020-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [680416 2018-10-24] (Realtek Semiconductor Corp. -> Realtek )
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2020-04-08] (TunnelBear, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-03-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-03-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-24] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-28 15:15 - 2020-04-28 15:15 - 000028592 _____ C:\Users\tzc00\Downloads\FRST.txt
2020-04-28 15:12 - 2020-04-28 15:15 - 000000000 ____D C:\FRST
2020-04-28 15:12 - 2020-04-28 15:12 - 002283008 _____ (Farbar) C:\Users\tzc00\Downloads\FRST64.exe
2020-04-28 11:44 - 2020-04-28 11:44 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\EasyAntiCheat
2020-04-28 10:47 - 2020-04-28 10:47 - 000000786 _____ C:\Users\Public\Desktop\Battlestate Games Launcher.lnk
2020-04-28 10:47 - 2020-04-28 10:47 - 000000786 _____ C:\ProgramData\Desktop\Battlestate Games Launcher.lnk
2020-04-28 10:47 - 2020-04-28 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlestate Games
2020-04-28 10:42 - 2020-04-28 10:43 - 000000000 ____D C:\Program Files (x86)\AlbionOnline
2020-04-28 10:42 - 2020-04-28 10:42 - 000001267 _____ C:\Users\tzc00\Desktop\AlbionOnline.lnk
2020-04-28 10:42 - 2020-04-28 10:42 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online
2020-04-28 10:41 - 2020-04-28 10:41 - 050022608 _____ C:\Users\tzc00\Downloads\albion-online-setup.exe
2020-04-28 10:39 - 2020-04-28 10:40 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2020-04-28 10:39 - 2020-04-28 10:39 - 137103880 _____ (TunnelBear) C:\Users\tzc00\Downloads\TunnelBear-Installer.exe
2020-04-28 10:39 - 2020-04-28 10:39 - 000001980 _____ C:\Users\Public\Desktop\TunnelBear.lnk
2020-04-28 10:39 - 2020-04-28 10:39 - 000001980 _____ C:\ProgramData\Desktop\TunnelBear.lnk
2020-04-28 10:39 - 2020-04-28 10:39 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\TunnelBear
2020-04-28 10:39 - 2020-04-28 10:39 - 000000000 ____D C:\Users\tzc00\AppData\Local\TunnelBear
2020-04-28 10:39 - 2020-04-28 10:39 - 000000000 ____D C:\Users\tzc00\AppData\Local\IsolatedStorage
2020-04-28 10:39 - 2020-04-28 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2020-04-21 13:06 - 2020-04-28 15:15 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\Slack
2020-04-21 13:06 - 2020-04-21 13:06 - 000002213 _____ C:\Users\tzc00\Desktop\Slack.lnk
2020-04-21 13:06 - 2020-04-21 13:06 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2020-04-21 13:06 - 2020-04-21 13:06 - 000000000 ____D C:\Users\tzc00\AppData\Local\slack
2020-04-20 17:19 - 2020-04-20 17:19 - 000000000 ____D C:\Users\tzc00\AppData\Local\Skyrim Special Edition
2020-04-20 16:40 - 2020-04-20 16:40 - 000000222 _____ C:\Users\tzc00\Desktop\The Elder Scrolls V Skyrim Special Edition.url
2020-04-18 21:39 - 2020-04-18 21:39 - 000000222 _____ C:\Users\tzc00\Desktop\ARK Survival Evolved.url
2020-04-17 12:46 - 2020-04-17 12:46 - 000000000 ____D C:\Users\tzc00\Documents\Zoom
2020-04-17 12:45 - 2020-04-17 12:45 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\Zoom
2020-04-17 12:45 - 2020-04-17 12:45 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-04-16 21:18 - 2020-04-16 21:18 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-16 21:18 - 2020-04-16 21:18 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-16 21:18 - 2020-04-16 21:18 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-16 21:18 - 2020-04-16 21:18 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-16 21:18 - 2020-04-16 21:18 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-16 21:18 - 2020-04-16 21:18 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-16 21:18 - 2020-04-16 21:18 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-16 21:18 - 2020-04-16 21:18 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-16 21:18 - 2020-04-16 21:18 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-16 21:18 - 2020-04-16 21:18 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-16 21:18 - 2020-04-16 21:18 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-16 21:18 - 2020-04-16 21:18 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-16 21:18 - 2020-04-16 21:18 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-16 21:18 - 2020-04-16 21:18 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-16 21:18 - 2020-04-16 21:18 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-16 21:18 - 2020-04-16 21:18 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-16 21:17 - 2020-04-16 21:17 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-16 21:17 - 2020-04-16 21:17 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-16 21:17 - 2020-04-16 21:17 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-16 21:17 - 2020-04-16 21:17 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-16 21:17 - 2020-04-16 21:17 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-16 21:13 - 2020-03-16 20:57 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-16 21:13 - 2020-03-16 20:56 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-08 19:43 - 2020-04-08 19:43 - 000038656 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap-tb-0901.sys
2020-03-31 15:10 - 2020-03-31 15:10 - 000091829 _____ C:\Users\tzc00\Downloads\FullSizeRender (4).jpeg
2020-03-31 15:08 - 2020-03-31 15:08 - 000246194 _____ C:\Users\tzc00\Downloads\FullSizeRender (3).jpeg
2020-03-31 15:07 - 2020-03-31 15:07 - 000091829 _____ C:\Users\tzc00\Downloads\FullSizeRender (2).jpeg
2020-03-31 15:06 - 2020-03-31 15:06 - 000246194 _____ C:\Users\tzc00\Downloads\FullSizeRender (1).jpeg
2020-03-31 14:50 - 2020-03-31 14:50 - 000246194 _____ C:\Users\tzc00\Downloads\FullSizeRender.jpeg
2020-03-30 21:12 - 2020-03-30 21:12 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\NVIDIA
2020-03-30 00:41 - 2020-03-30 00:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2020-03-30 00:41 - 2020-03-18 09:59 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2020-03-30 00:41 - 2020-03-17 21:00 - 005581800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-03-30 00:41 - 2020-03-17 21:00 - 002632680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2020-03-30 00:41 - 2020-03-17 21:00 - 001759216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2020-03-30 00:41 - 2020-03-17 21:00 - 001172464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2020-03-30 00:41 - 2020-03-17 21:00 - 000446264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2020-03-30 00:41 - 2020-03-17 21:00 - 000121144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2020-03-30 00:41 - 2020-03-17 21:00 - 000074736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2020-03-30 00:41 - 2020-03-15 23:39 - 008997147 _____ C:\WINDOWS\system32\nvcoproc.bin
2020-03-30 00:39 - 2020-03-18 22:11 - 001729232 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-03-30 00:39 - 2020-03-18 22:11 - 001729232 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-03-30 00:39 - 2020-03-18 22:11 - 001329360 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-03-30 00:39 - 2020-03-18 22:11 - 001329360 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-03-30 00:39 - 2020-03-18 22:11 - 001078992 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-03-30 00:39 - 2020-03-18 22:11 - 001078992 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-03-30 00:39 - 2020-03-18 22:11 - 000937680 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-03-30 00:39 - 2020-03-18 22:11 - 000937680 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-03-30 00:39 - 2020-03-18 22:11 - 000450464 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-03-30 00:39 - 2020-03-18 22:11 - 000348048 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-03-30 00:39 - 2020-03-18 22:10 - 011945072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2020-03-30 00:39 - 2020-03-18 22:10 - 010285680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2020-03-30 00:39 - 2020-03-18 22:10 - 000817056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-03-30 00:39 - 2020-03-18 22:10 - 000676448 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-03-30 00:39 - 2020-03-18 22:10 - 000544352 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 017600912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 015157664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 005856656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 005158304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 002072992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 001723280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6444575.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 001564904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 001483168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6444575.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 001480936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 001351568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 001142176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 001049488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 000811424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 000679840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 000655264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-03-30 00:39 - 2020-03-18 22:09 - 000546720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-03-30 00:39 - 2020-03-18 19:06 - 004927048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-03-30 00:39 - 2020-03-18 19:05 - 004196160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-03-30 00:39 - 2020-03-18 00:51 - 001682368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2020-03-30 00:39 - 2020-03-18 00:51 - 000223120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2020-03-30 00:39 - 2020-03-18 00:51 - 000056618 _____ C:\WINDOWS\system32\nvinfo.pb
2020-03-30 00:39 - 2020-03-18 00:51 - 000039824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2020-03-30 00:39 - 2020-03-11 12:26 - 000067456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2020-03-29 21:20 - 2020-03-29 21:20 - 000000000 ____D C:\Users\tzc00\AppData\Local\Saber
2020-03-29 18:50 - 2020-04-21 16:55 - 000002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2020-03-29 18:50 - 2020-04-21 16:55 - 000002389 _____ C:\Users\Public\Desktop\Brave.lnk
2020-03-29 18:50 - 2020-04-21 16:55 - 000002389 _____ C:\ProgramData\Desktop\Brave.lnk
2020-03-29 18:50 - 2020-03-29 18:50 - 000003436 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2020-03-29 18:50 - 2020-03-29 18:50 - 000003312 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2020-03-29 18:49 - 2020-03-29 18:50 - 000000000 ____D C:\Users\tzc00\AppData\Local\BraveSoftware
2020-03-29 18:49 - 2020-03-29 18:50 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2020-03-29 18:49 - 2020-03-29 18:49 - 001299864 _____ (BraveSoftware Inc.) C:\Users\tzc00\Downloads\BraveBrowserSetup-ANI763.exe
2020-03-29 00:44 - 2020-03-29 00:44 - 000187618 _____ C:\Users\tzc00\Downloads\2019TurboTaxReturn.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-28 15:16 - 2019-03-20 18:28 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\Origin
2020-04-28 15:13 - 2019-10-17 23:28 - 000003134 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2020-04-28 15:13 - 2018-09-29 23:40 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\discord
2020-04-28 15:08 - 2018-09-30 00:37 - 000000000 ____D C:\Users\tzc00\AppData\Local\Battle.net
2020-04-28 15:00 - 2019-03-18 21:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-28 14:50 - 2018-10-10 17:35 - 000015212 _____ C:\Users\tzc00\Downloads\FarmVille.xlsx
2020-04-28 14:20 - 2019-06-09 16:04 - 000000000 ____D C:\Program Files\Warcraft III
2020-04-28 14:01 - 2018-09-29 22:54 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-28 12:16 - 2019-10-02 09:03 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-04-28 12:16 - 2019-10-02 09:03 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-04-28 11:43 - 2018-10-03 22:24 - 000000000 ____D C:\Users\tzc00\AppData\Local\CrashDumps
2020-04-28 11:37 - 2019-10-17 23:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-28 10:47 - 2020-01-29 18:09 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\Battlestate Games
2020-04-28 10:47 - 2020-01-29 18:09 - 000000000 ____D C:\Users\tzc00\AppData\Local\Battlestate Games
2020-04-28 10:40 - 2019-03-18 21:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-28 10:39 - 2018-09-29 23:58 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-28 10:30 - 2018-12-27 02:17 - 000001017 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-04-28 10:30 - 2018-12-27 02:17 - 000000000 ____D C:\Users\tzc00\AppData\LocalLow\Mozilla
2020-04-28 10:30 - 2018-12-27 02:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-04-28 10:30 - 2018-12-27 02:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-28 10:17 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-04-28 09:56 - 2019-10-17 23:31 - 000841376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-28 09:53 - 2019-10-17 23:28 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{6B472310-807C-4712-88B8-DB10195B7423}
2020-04-28 09:51 - 2019-02-05 22:43 - 000000000 ____D C:\ProgramData\Origin
2020-04-28 09:51 - 2018-09-30 00:01 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-28 09:50 - 2019-10-17 23:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-28 09:50 - 2019-08-27 20:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-04-28 09:50 - 2019-03-24 20:12 - 000002249 _____ C:\Users\tzc00\Desktop\Discord.lnk
2020-04-28 09:50 - 2019-03-20 18:28 - 000000000 ____D C:\Users\tzc00\AppData\Local\Origin
2020-04-28 09:50 - 2018-09-30 13:32 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2020-04-27 23:57 - 2019-03-18 21:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-27 19:37 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-26 21:28 - 2018-10-11 15:55 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\obs-studio
2020-04-25 23:33 - 2019-03-18 21:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-24 22:28 - 2019-10-17 23:28 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-24 22:28 - 2019-10-17 23:28 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-24 22:28 - 2019-10-17 23:28 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-24 22:28 - 2019-10-17 23:28 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-24 22:28 - 2019-10-17 23:28 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-24 22:28 - 2019-10-17 23:28 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-24 22:28 - 2019-10-17 23:28 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-24 22:28 - 2019-10-17 23:28 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-24 22:28 - 2019-10-17 23:28 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-24 22:28 - 2019-10-17 23:28 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-04-24 22:28 - 2018-10-03 22:21 - 000001459 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2020-04-24 22:28 - 2018-10-03 22:21 - 000001459 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2020-04-24 22:28 - 2018-09-29 22:54 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-04-24 22:28 - 2018-09-29 22:54 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-04-24 22:28 - 2018-09-29 22:54 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-04-23 14:22 - 2018-10-27 10:36 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\TS3Client
2020-04-21 16:28 - 2018-09-29 23:31 - 000002514 _____ C:\Users\tzc00\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-21 16:28 - 2018-09-29 23:31 - 000002477 _____ C:\Users\tzc00\Desktop\Google Chrome.lnk
2020-04-21 13:06 - 2018-09-29 23:39 - 000000000 ____D C:\Users\tzc00\AppData\Local\SquirrelTemp
2020-04-20 17:10 - 2019-03-20 18:29 - 000000000 ____D C:\Program Files (x86)\Origin
2020-04-20 16:40 - 2018-09-30 00:17 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-04-20 16:39 - 2018-10-01 20:08 - 000000000 ____D C:\Users\tzc00\Documents\my games
2020-04-19 15:00 - 2018-09-30 14:23 - 000000000 ____D C:\Users\tzc00\AppData\Local\D3DSCache
2020-04-19 13:54 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-04-19 13:34 - 2018-10-27 10:36 - 000000000 ____D C:\Users\tzc00\AppData\Local\TeamSpeak 3 Client
2020-04-18 21:53 - 2019-03-10 13:05 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\vlc
2020-04-18 21:36 - 2018-09-29 23:00 - 000000000 ____D C:\Users\tzc00\AppData\Local\Packages
2020-04-17 23:36 - 2020-03-21 18:11 - 000030973 _____ C:\Users\tzc00\Desktop\ammo.xlsx
2020-04-17 09:44 - 2019-10-17 23:23 - 000362152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-17 02:09 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-17 02:09 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-17 02:09 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-17 02:09 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-17 02:09 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-17 02:09 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-16 21:19 - 2019-03-18 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-14 22:37 - 2019-10-17 23:28 - 000004550 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-14 22:37 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-14 22:37 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-14 21:37 - 2019-10-17 23:28 - 000004538 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-04-14 18:29 - 2019-10-17 21:19 - 000000000 ____D C:\Users\tzc00\AppData\Local\ElevatedDiagnostics
2020-04-10 11:20 - 2019-08-27 21:30 - 000000000 ____D C:\Users\tzc00\AppData\Roaming\Twitch
2020-04-07 10:58 - 2018-10-03 22:21 - 002799416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2020-04-07 10:58 - 2018-10-03 22:21 - 002159592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2020-04-07 10:58 - 2018-10-03 22:21 - 001314792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2020-04-01 18:59 - 2019-10-18 17:08 - 000748816 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-03-31 14:28 - 2018-09-30 00:36 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-03-30 21:12 - 2018-10-03 22:21 - 000000000 ____D C:\Users\tzc00\AppData\Local\NVIDIA
2020-03-30 00:39 - 2019-03-18 21:52 - 000000000 ____D C:\WINDOWS\Help
2020-03-29 10:57 - 2019-08-27 20:08 - 000000000 ____D C:\Users\tzc00\AppData\Local\TeamViewer

==================== Files in the root of some directories ========

2019-01-26 20:05 - 2020-01-15 20:17 - 000001456 _____ () C:\Users\tzc00\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-09-29 23:45 - 2018-09-29 23:45 - 000000036 _____ () C:\Users\tzc00\AppData\Local\housecall.guid.cache
2018-11-08 20:35 - 2018-11-08 20:35 - 000000410 _____ () C:\Users\tzc00\AppData\Local\oobelibMkey.log
2018-11-01 20:44 - 2019-01-08 16:35 - 000007597 _____ () C:\Users\tzc00\AppData\Local\Resmon.ResmonCfg
2018-09-30 13:33 - 2019-09-21 21:49 - 000000010 _____ () C:\Users\tzc00\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Attached Files

Addition.txt (80.7 KB)

This computer and my wife's computer are set up with file sharing and both are having issues. I want to get this computer fixed and then I will probably have to do this again with my wife's.

This computer becomes non responsive and hangs often. It will also not open programs and I have to restart it to get it to open the program. I do not have install disks or reboot disks.

Here is my log Thank you:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2020
Ran by Daniel (administrator) on HOMEPC (Hewlett-Packard 23-g017c) (03-05-2020 12:32:48)
Running from C:\Users\Daniel\Desktop
Loaded Profiles: Daniel & QBDataServiceUser28 (Available Profiles: Daniel & QBDataServiceUser28)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

( (Advanced Micro Devices Inc.) [File not signed]) [File is in use ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
( (ATI Technologies Inc.) [File not signed]) [File is in use ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21>
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_1\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SAP -> SAP SE or an SAP affiliate company) C:\Program Files (x86)\Intuit\QuickBooks 2018\QBDBMgrN.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.228\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Softex Incorporated -> Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-541829613-2727475704-1047741498-1001\...\Run: [Spotify] => C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe [22825376 2020-03-18] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-541829613-2727475704-1047741498-1001\...\Run: [HP OfficeJet Pro 9010 series (NET)] => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\ScanToPCActivationApp.exe [4071840 2018-12-10] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-05-01] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> c:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2013-09-01] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-26] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-09-26] (Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2018-06-27]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2018-06-27]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2018-06-27]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2018\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06E88D07-CDDD-4236-89D6-507411BA70E3} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [382792 2020-04-22] (Intuit, Inc. -> Intuit Inc.)
Task: {09C60F2A-CAF7-4D25-B31C-D604943D898C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-22] (Google Inc -> Google Inc.)
Task: {0CC6F4A5-F5F4-4798-8625-EEFEDE288F97} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 9010 series => C:\Program Files\HP\HP OfficeJet Pro 9010 series\Bin\HPCustPartic.exe [6692256 2019-07-25] (HP Inc -> HP Inc.)
Task: {15360D51-ED96-43B7-90AE-401BD20E3610} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {28AA727C-8D2E-43A7-AF69-D11CE7FB588F} - System32\Tasks\DRScanner Startup => C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe [6078920 2020-02-22] (Trend Micro, Inc. -> Trend Micro Inc.)
Task: {313AEF4F-7D6C-4835-8955-03B0A6672BC5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {3AC1688A-6DFA-4174-B766-D6A7E5EBA99A} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
Task: {3B991AB2-DF08-4B7E-ADE6-8067E2D66CBF} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [339008 2013-03-12] (CyberLink Corp. -> CyberLink Corp.)
Task: {58FFC590-CF60-46D2-AAB2-6281799D1246} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [761424 2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
Task: {5AFDECD2-9DFD-46E4-A942-BB3DF15DD061} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink Corp. -> CyberLink)
Task: {73185AEF-8404-4D02-A5B0-CEBB734BB90B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {8B87510D-F4BA-4ADB-BEFC-AB713F1F5F46} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.134\DADUpdater.exe [4147336 2020-03-20] (McAfee, Inc. -> McAfee, LLC)
Task: {91ABDF8F-89D3-4726-BADB-BFE6279ED64A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A5D57E65-1848-45A9-BB2A-FAA572CEE97E} - System32\Tasks\G2MUpdateTask-S-1-5-21-541829613-2727475704-1047741498-1001 => C:\Users\Daniel\AppData\Local\GoToMeeting\17359\g2mupdate.exe [32256 2020-04-07] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {C68E3F0F-D3F9-4637-A1A9-EFB3AEED985E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {C7D35114-9D71-43D8-AF78-85FFC3B8507C} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072312 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
Task: {C7F3C1AB-A73E-4AF8-8DB8-D32C98405B6C} - System32\Tasks\G2MUploadTask-S-1-5-21-541829613-2727475704-1047741498-1001 => C:\Users\Daniel\AppData\Local\GoToMeeting\17359\g2mupload.exe [32256 2020-04-07] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {CC000EA5-7F82-4A2D-BD46-07436DA43168} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1448320 2020-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCF02621-7482-4A3C-AEDA-F1C7E1C44E99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-22] (Google Inc -> Google Inc.)
Task: {D1CA06C3-5F53-4C2A-B64D-B268FCF3A68D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {D31A61B3-7829-4180-81EB-7D1E25E33A69} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {D8D0DB40-F8D7-4AB6-B474-8C722FF5F43A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4552120 2020-01-06] (McAfee, LLC -> McAfee, LLC.)
Task: {DD97FD2C-C168-4224-BC20-ED3965425688} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24702832 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE923C74-FCB0-48B8-84A3-58017D2B2C84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651632 2017-09-27] (HP Inc. -> HP Inc.)
Task: {EED6E666-6A5C-4D29-943C-36FB38CD5F45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FA5348E8-24A2-4C97-856B-DD5FAC1BC928} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.9.577\mcdatrep.exe [1826656 2019-12-12] (McAfee, Inc. -> McAfee, LLC.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-541829613-2727475704-1047741498-1001.job => C:\Users\Daniel\AppData\Local\GoToMeeting\17359\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-541829613-2727475704-1047741498-1001.job => C:\Users\Daniel\AppData\Local\GoToMeeting\17359\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{D4308C2F-E7B5-424E-98F9-2EBCD3AE793F}: [DhcpNameServer] 192.168.88.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-541829613-2727475704-1047741498-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-541829613-2727475704-1047741498-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-541829613-2727475704-1047741498-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-541829613-2727475704-1047741498-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
URLSearchHook: [S-1-5-21-541829613-2727475704-1047741498-1004] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-541829613-2727475704-1047741498-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-541829613-2727475704-1047741498-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Handler-x32: intu-help-qb11 - {5AFDE6E8-AD0F-450B-818F-21D1CDC2E3EE} - C:\Program Files (x86)\Intuit\QuickBooks 2018\HelpAsyncPluggableProtocol.dll [2020-04-22] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Windows -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-02-05] (McAfee, LLC. -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-02-05] (McAfee, LLC. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @wildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-541829613-2727475704-1047741498-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Daniel\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-22] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-541829613-2727475704-1047741498-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\Daniel\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-541829613-2727475704-1047741498-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\Daniel\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Daniel\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-04-24]

Chrome:
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2020-05-03]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.facebook.com
CHR Extension: (Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-22]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-22]
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-03-30]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-22]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-06]
CHR Extension: (Satellite & Earth Maps) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejoikpaoingpnebdnolankempckocjbj [2019-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (Cisco Webex Extension) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-04-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [239616 2013-09-11] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10626648 2020-04-10] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink Corp. -> CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink Corp. -> CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-17] (Malwarebytes Inc -> Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_1\McApExe.exe [758864 2020-02-05] (McAfee, LLC. -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-09] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-09] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1737992 2020-02-06] (McAfee, LLC -> McAfee, LLC.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1373912 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2018-04-27] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1537536 2018-04-27] (Intuit Inc.) [File not signed]
R3 QuickBooksDB28; C:\Program Files (x86)\Intuit\QuickBooks 2018\QBDBMgrN.exe [133904 2020-04-22] (SAP -> SAP SE or an SAP affiliate company)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.228\WsAppService.exe [493280 2017-07-28] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [12526592 2013-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [619008 2013-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75896 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131904 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-05-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-05-03] (Malwarebytes Inc -> Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [527272 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [380840 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85920 2020-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521128 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [997800 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [594360 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107960 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116856 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252328 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-01-31] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167232 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 mfeplk01; \Device\mfeplk01.sys [X]
S3 mfeplk02; \Device\mfeplk02.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-03 12:32 - 2020-05-03 12:34 - 000030486 _____ C:\Users\Daniel\Desktop\FRST.txt
2020-05-03 12:31 - 2020-05-03 12:33 - 000000000 ____D C:\FRST
2020-05-03 12:29 - 2020-05-03 12:29 - 000000944 _____ C:\Users\Daniel\Desktop\FRST64.exe - Shortcut.lnk
2020-05-03 12:25 - 2020-05-03 12:26 - 002283520 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2020-05-03 09:55 - 2020-05-03 09:55 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-05-03 09:54 - 2020-05-03 09:54 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-04-29 18:51 - 2018-06-22 17:08 - 000370424 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\wpcap.dll
2020-04-29 18:51 - 2018-06-22 17:08 - 000282360 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2020-04-29 18:51 - 2018-06-22 17:08 - 000107768 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Packet.dll
2020-04-29 18:51 - 2018-06-22 17:08 - 000098040 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\Packet.dll
2020-04-29 18:51 - 2018-01-31 12:16 - 000036600 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2020-04-24 13:52 - 2020-04-24 15:19 - 000000000 __SHD C:\Users\Daniel\Documents\cache
2020-04-24 13:51 - 2020-05-01 10:40 - 000000000 ____D C:\Users\Daniel\AppData\Local\WebEx
2020-04-24 13:51 - 2020-04-24 13:51 - 003650688 _____ (Cisco Webex LLC) C:\Users\Daniel\Downloads\Cisco_WebEx_Add-On.exe
2020-04-24 13:51 - 2020-04-24 13:51 - 002920768 _____ (Cisco Webex LLC) C:\Users\Daniel\Downloads\,coloradoevents,159351289979894045,1513114671,EC,00639802,SDJTSwAAAARQfINvPVwDSxEkY7bEyfeIbXHltVF_EpThEKppl0l7eQ2,1_webex.exe
2020-04-24 13:51 - 2020-04-24 13:51 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Mozilla
2020-04-24 09:53 - 2020-04-24 09:53 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\Daniel\Downloads\Zoom_a90e860ee85aa307 (1).exe
2020-04-24 09:39 - 2020-04-24 09:40 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\Daniel\Downloads\Zoom_a90e860ee85aa307.exe
2020-04-22 12:20 - 2020-04-22 12:20 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\Daniel\Downloads\Zoom_o42a8sofizku_7e0aee1f240f2478.exe
2020-04-22 12:19 - 2020-04-22 12:19 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\Daniel\Downloads\Zoom_o42a8sofizku_562edd8281a19674 (1).exe
2020-04-22 12:01 - 2020-04-22 12:01 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\Daniel\Downloads\Zoom_o42a8sofizku_562edd8281a19674.exe
2020-04-22 11:20 - 2020-04-22 11:20 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-04-22 11:15 - 2020-04-22 11:15 - 000777965 _____ C:\Users\Daniel\Downloads\Grand Foundation Electric Utility Grant App.pdf
2020-04-22 09:57 - 2020-04-22 09:58 - 000239199 _____ C:\Users\Daniel\Downloads\EDITEDJacksonCounty-SBGF-App-1.pdf
2020-04-16 11:47 - 2020-03-31 00:23 - 001368080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2020-04-16 11:47 - 2020-03-30 23:57 - 007362512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 11:47 - 2020-03-30 23:42 - 001737520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-16 11:47 - 2020-03-30 22:49 - 001500888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 11:47 - 2020-03-30 22:47 - 025754624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-16 11:47 - 2020-03-30 22:31 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-16 11:47 - 2020-03-30 22:22 - 000580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-16 11:47 - 2020-03-30 22:11 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-16 11:47 - 2020-03-30 22:10 - 005499904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-04-16 11:47 - 2020-03-30 22:08 - 020290048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 11:47 - 2020-03-30 21:59 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 11:47 - 2020-03-30 21:52 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 11:47 - 2020-03-30 21:43 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 11:47 - 2020-03-30 21:42 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2020-04-16 11:47 - 2020-03-30 21:35 - 015468544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-04-16 11:47 - 2020-03-30 21:34 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2020-04-16 11:47 - 2020-03-30 21:23 - 001756672 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 11:47 - 2020-03-30 21:22 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2020-04-16 11:47 - 2020-03-30 21:20 - 004859392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-16 11:47 - 2020-03-30 21:20 - 004112384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-04-16 11:47 - 2020-03-30 21:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2020-04-16 11:47 - 2020-03-30 21:17 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2020-04-16 11:47 - 2020-03-30 21:14 - 013854720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-04-16 11:47 - 2020-03-30 21:10 - 001493504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 11:47 - 2020-03-30 21:09 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-04-16 11:47 - 2020-03-30 20:59 - 004387328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 11:47 - 2020-03-30 20:58 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-04-16 11:47 - 2020-03-30 20:56 - 001332224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-04-16 11:47 - 2020-03-30 20:54 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-04-16 11:47 - 2020-03-27 08:25 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-16 11:47 - 2020-03-27 06:41 - 001680896 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 11:47 - 2020-03-23 18:29 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 11:47 - 2020-03-18 23:26 - 000374008 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2020-04-16 11:47 - 2020-03-18 22:11 - 000316152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2020-04-16 11:47 - 2020-03-18 21:53 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-16 11:47 - 2020-03-18 21:17 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 11:47 - 2020-03-11 18:40 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 11:47 - 2020-03-10 02:09 - 001764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 11:47 - 2020-03-10 01:57 - 001135904 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-16 11:47 - 2020-03-10 01:22 - 001489728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 11:47 - 2020-03-10 00:27 - 000860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 11:47 - 2020-03-10 00:08 - 003727360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-16 11:47 - 2020-03-09 23:57 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-16 11:47 - 2020-03-09 23:42 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 11:47 - 2020-03-07 23:20 - 000217400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 11:47 - 2020-03-07 22:31 - 000136816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-16 11:47 - 2020-03-07 22:03 - 000955640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 11:47 - 2020-03-07 21:44 - 000166248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 11:47 - 2020-03-07 21:22 - 000788096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 11:47 - 2020-03-07 20:45 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-16 11:47 - 2020-03-07 20:03 - 001479680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-16 11:47 - 2020-03-07 19:39 - 001335808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 11:47 - 2020-03-07 19:39 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-16 11:47 - 2020-03-07 19:37 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-16 11:47 - 2020-03-07 19:33 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-16 11:47 - 2020-03-07 19:29 - 003718144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-16 11:47 - 2020-03-07 19:24 - 000606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-16 11:47 - 2020-03-07 19:23 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-16 11:47 - 2020-03-07 19:21 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-16 11:47 - 2020-03-07 19:19 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 11:47 - 2020-03-07 17:25 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 11:47 - 2020-03-07 17:25 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 11:47 - 2020-02-13 02:01 - 000989648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-16 11:47 - 2020-02-08 14:03 - 000162416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-16 11:47 - 2020-02-05 08:20 - 001717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-16 11:47 - 2020-02-05 08:20 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-16 11:15 - 2020-04-16 11:15 - 000323092 _____ C:\Users\Daniel\Downloads\Cratex Rubber Brochure.pdf
2020-04-16 11:14 - 2020-04-16 11:15 - 002014108 _____ C:\Users\Daniel\Downloads\Spedecut Catalog.pdf
2020-04-14 08:20 - 2020-04-14 08:20 - 000687256 _____ (HP Inc., LP) C:\WINDOWS\system32\HPWia2Drv.dll
2020-04-14 08:19 - 2020-04-14 08:19 - 004944424 _____ (HP Inc.) C:\WINDOWS\system32\HPScanTEDrv_x64.dll
2020-04-14 08:19 - 2020-04-14 08:19 - 003573320 _____ (HP Inc.) C:\WINDOWS\SysWOW64\HPScanTEDrv.dll
2020-04-14 08:19 - 2020-04-14 08:19 - 001354600 _____ (HP Inc.) C:\WINDOWS\system32\HPScanTEDrv_x64_DiscoveryLibDyn.dll
2020-04-14 08:19 - 2020-04-14 08:19 - 000989032 _____ (HP Inc.) C:\WINDOWS\SysWOW64\DiscoveryLibDyn.dll
2020-04-09 13:43 - 2020-04-09 13:43 - 000004974 _____ C:\Users\Daniel\Downloads\5b538b1717af4c76b1c795409b7390c8 (1).pdf
2020-04-09 13:38 - 2020-04-09 13:39 - 000004237 _____ C:\Users\Daniel\Downloads\5b538b1717af4c76b1c795409b7390c8.pdf
2020-04-06 15:02 - 2020-04-06 15:02 - 000364472 _____ (LogMeIn, Inc.) C:\Users\Daniel\Downloads\GoToMeeting Opener.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-03 12:26 - 2018-03-22 19:16 - 000003596 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-541829613-2727475704-1047741498-1001
2020-05-03 12:19 - 2018-03-21 18:07 - 000000000 ___DO C:\Users\Daniel\SkyDrive
2020-05-03 12:17 - 2014-07-02 23:15 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-05-03 12:00 - 2018-03-21 18:06 - 000003922 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{75B7D421-5167-49AC-A59C-D7F49F36E418}
2020-05-03 11:36 - 2020-03-23 11:54 - 000000558 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-541829613-2727475704-1047741498-1001.job
2020-05-03 10:45 - 2018-03-23 12:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2020-05-03 10:38 - 2018-11-10 16:01 - 000000000 ____D C:\Users\Daniel\AppData\Local\Spotify
2020-05-03 10:38 - 2018-11-10 16:00 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Spotify
2020-05-03 09:54 - 2013-08-22 08:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-03 09:53 - 2013-08-22 07:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2020-05-03 09:51 - 2018-06-27 14:10 - 000000090 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2020-05-03 09:44 - 2013-08-22 07:36 - 000000000 ____D C:\WINDOWS\Inf
2020-05-03 09:41 - 2013-08-22 07:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2020-05-01 21:28 - 2013-08-22 09:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-05-01 14:55 - 2018-03-22 19:19 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-01 14:55 - 2018-03-22 19:19 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-05-01 14:55 - 2018-03-22 19:19 - 000002210 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-05-01 10:32 - 2018-07-27 15:28 - 000000000 ____D C:\Program Files (x86)\Brother
2020-04-24 15:38 - 2018-03-21 18:05 - 000000000 ____D C:\Users\Daniel\AppData\Local\Packages
2020-04-24 15:24 - 2019-04-24 11:20 - 000000000 ____D C:\Users\Daniel\Documents\Danny
2020-04-24 09:43 - 2019-07-27 10:45 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-04-22 11:20 - 2020-04-01 10:20 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Zoom
2020-04-21 10:46 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\rescache
2020-04-21 09:50 - 2013-08-22 09:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-21 09:47 - 2014-07-02 23:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-04-18 12:57 - 2013-08-22 08:44 - 000512336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-18 12:49 - 2018-04-02 01:21 - 000000000 ___SD C:\WINDOWS\system32\CompatTel
2020-04-15 09:45 - 2018-06-24 11:18 - 000003172 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-541829613-2727475704-1047741498-1001
2020-04-15 09:44 - 2019-05-12 11:47 - 000002345 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2020-04-07 14:38 - 2020-03-23 11:54 - 000003652 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-541829613-2727475704-1047741498-1001
2020-04-07 14:38 - 2020-03-23 11:54 - 000003556 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-541829613-2727475704-1047741498-1001
2020-04-07 14:38 - 2020-03-23 11:54 - 000000654 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-541829613-2727475704-1047741498-1001.job
2020-04-07 14:38 - 2020-03-23 11:54 - 000000000 ____D C:\Users\Daniel\AppData\Local\GoToMeeting

==================== Files in the root of some directories ========

2018-06-29 12:48 - 2018-06-29 12:49 - 000053498 _____ () C:\Users\Daniel\AppData\Roaming\QBFileDrTool.log
2018-06-29 13:11 - 2019-05-18 15:16 - 000483992 _____ () C:\Users\Daniel\AppData\Roaming\QBFileDrTool_HOMEPC.log
2019-05-04 15:53 - 2019-06-04 12:12 - 000344220 _____ () C:\Users\Daniel\AppData\Local\ars.cache
2019-05-04 15:54 - 2019-06-04 12:13 - 000951294 _____ () C:\Users\Daniel\AppData\Local\census.cache
2019-05-04 15:17 - 2019-05-04 15:17 - 000000036 _____ () C:\Users\Daniel\AppData\Local\housecall.guid.cache
2019-09-27 11:57 - 2019-09-27 11:57 - 000007607 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
2019-05-04 15:24 - 2019-06-04 10:08 - 000000010 _____ () C:\Users\Daniel\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-05-01 11:43
==================== End of FRST.txt ========================

Attached Files

Addition.txt (67.0 KB)

So, I've been having problems with my computer for a few years now. Those problems are that my settings are being changed for ANY program I'm using without my knowledge.

I think I have a RAT on my computer, and I am unable to remove it myself. I tried scanning for viruses with my AV, no results.

Please help me, this is driving me insane.

So, I need help getting rid of some really stubborn malware. The last time I tried this, the technician told me I was running an obsolete OS. I hope everything is fine now.

This is a new thread on the problem mentioned here.
https://www.techsupportforum.com/for...s-1242252.html

I performed all the actions to be taken as mentioned in one of the reply and hence creating a new thread because it was mentioned in the reply.

Describing the problem once again.

It started since October 2019.

I got suspicious because I started to get Russian ads on Google.
Then Google would start giving me options to translate my web pages to russian.

Then I checked my Google Maps. Under 'Your Places' I saw that one of the places I visited was Moscow.
Regardless to say I have never been to Moscow.

I changed my google password multiple times. Initially the ads didn't stopped.
In december I replaced my computer and bought a new laptop.
And the problem didn't occur in the new laptop although I had the same google account in both the machines.

But today again I got a russian ad.
I checked my google maps and I could again see Moscow as one of the places I have visited in May 2020.

I checked thoroughly and and realized google maps shows I was in russia in oct,nov,dec of 2019 and april and may of 2020.


There is only one specific address it shows where I have visited.
"Ulitsa Generala Dorokhova, 6 строение 22"

Screenshot of timeline with visits is attached.


When I had the problem in old pc, the old pc was very slow. But speed hasn't slowed in this new laptop.

Also, I changed my password today and added 2 step verification.



Now,

when I tried to add frst.txt to the post I got this error.
"The following errors occurred with your submission:
The text that you have entered is too long (141266 characters). Please shorten it to 100000 characters long."

So I will add frst.txt in reply in next post.

Attached Thumbnails

   

BRIEF DESCRIPTION OF MY ISSUE
I took my laptop out to work remotely using my phone as a tether. The tethered connected worked just fine, but my laptop could not pick up the signal for some reason and so my phone was not detected as one of the internet access points. I spent time with it but still could not get my phone to show up as one of the internet access points.

When I got back home, it looked like I lost all of my Word files, downloads, everything. I haven't been able to access these files for over a week now. I think, I hope that it's just a case of malware hiding my files from me. Step by step, can you help me with a reliable, tried and true procedure to recover my files?

All of my former Word 2013 docs are missing. The file itself exists on this “shell” of an OS as do the other MS suites. But they’re not populated. All of the documents I’ve accumulated over the last 6 years are missing. Ditto for all of my downloads. The download file exists; it’s just that it’s not populated with the stuff I’ve saved over the same period. It goes without saying that I need both my Word docs and my downloads.

See attachments.

Attached Files

	Addition.txt (46.6 KB)
	FRST.txt (151.5 KB)

Dell 5558 win 8.1 up to date.

I visited what I thought was a passed safe site to download manuals using Firefox. I got a screen that stated that Windows defender found the sight was malicious at to call a 800 number. I disconnect Ed from the internet.

The PC mem and disk went to 100 utilization and would not accept commands or very slow . The hard power button would not shut down with disk still running . I didn't try removing the battery. I would appreciate any help in resolving.

I am running Avira free, mbam free, registry backup Tweeking reg.