rcb56
2019-08-02, 01:09
my scan results, but like before, the when i accepted yes to the vt question it crashed my pc. a few weeks ago i got ran over bt a supposed microsoft page who demanded i give access to my pc and pay them an amout to fix my pc...they alleged i was infecting the internet. i later contacted microsoft who said it was not them. i'm just needing to check and make sure everything is ok. thanks so much!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by ronny (administrator) on LAPTOP-7SS3QTOI (LENOVO 81DE) (01-08-2019 16:41:53)
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny & (Available Profiles: ronny)
Platform: Windows 10 Home Version 1809 17763.615 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19062.451.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.54.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(NAVIONICS S.P.A. -> ) C:\Program Files (x86)\Chart Installer\NavService.exe
(NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\SoundTap\soundtap.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
Failed to access process -> audiodg.exe
Failed to access process -> CropAssistService.exe
Failed to access process -> CropAssistService.exe
Failed to access process -> CropAssistService.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2177160 2019-03-02] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-29] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\ronny\AppData\Local\Vivaldi\Application\update_notifier.exe [1800776 2019-03-25] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Run: [Spotify] => C:\Users\ronny\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\MountPoints2: {95c26bcf-4867-11e9-adf4-364b50b7efda} - "D:\AutoRun.exe"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Run: [Vivaldi Update Notifier] => C:\Users\ronny\AppData\Local\Vivaldi\Application\update_notifier.exe [1800776 2019-03-25] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Run: [Spotify] => C:\Users\ronny\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\MountPoints2: {95c26bcf-4867-11e9-adf4-364b50b7efda} - "D:\AutoRun.exe"
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Sound Recorder Update.lnk [2019-06-12]
ShortcutTarget: Free Sound Recorder Update.lnk -> C:\Program Files (x86)\Free Sound Recorder\Free Sound Recorder Update.exe (No File)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-05-06]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NavService.lnk [2019-05-25]
ShortcutTarget: NavService.lnk -> C:\Program Files (x86)\Chart Installer\NavService.exe (NAVIONICS S.P.A. -> )
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0303FC85-19E4-4A49-AFA4-CCFFF15FF8CC} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2563344569-153408547-261685501-1001 => C:\Users\ronny\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503584 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
Task: {114E7EE5-545C-45AC-BA13-722DFC466CFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1C0AD44A-50C4-4548-957C-8229DA347CCD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-10] (Adobe Inc. -> Adobe)
Task: {257C9CCE-30AD-4C77-A472-0BB14D415035} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DC37D0C-EC74-45EE-9537-548B7E917E3C} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170776 2019-03-13] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {318B57AE-5588-4035-81BE-BB34AD0B777B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {3B99BBFC-A865-42D0-BD65-6C30871250B4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-10] (Adobe Inc. -> Adobe)
Task: {716B90CE-A416-4784-BA18-242EC524DABE} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {8159801E-F8A6-47D8-8FE5-2333134A99E2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9ec37d1e-5f27-4782-b5a1-ab9616cfa683 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503584 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
Task: {95B1750E-4A58-473F-ACD4-DC8992772FEA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {C8CB119B-45DD-40AA-8460-12E0493DB950} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4668944 2018-10-14] (McAfee, Inc. -> McAfee, Inc.)
Task: {D7C8E03A-D3F0-49EC-A625-03B1EA12901F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8a7da069-74ce-4b4d-a6c2-8e0e649e9784 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {D8BC2351-5AC2-49A7-BE4E-A17B21659A15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-10] (Adobe Inc. -> Adobe)
Task: {DC8DAF3A-87FE-402C-891A-D14502AD7801} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8f75876a-56f0-4965-93d9-9dd3a11a88b8 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {EB786A8C-295A-4CF3-9F69-FBFF5A4723C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {ED066DF5-E55B-4A40-B888-00144190843A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {EF9273EA-7B42-496B-A43D-3BE85B0E650A} - System32\Tasks\RogueKiller Anti-Malware => C:\Users\ronny\Desktop\RogueKiller\RogueKiller64.exe
Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503584 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0085c7a6-e7cf-4a1e-ac86-a99b1040af33}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{157c1c20-07a9-48f0-96eb-08b0ba15705c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3a3e94fa-5e9d-4423-87d2-7dde07d75df2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3c4437dd-9c7d-4241-a1ea-b136520b1063}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{7293e87c-e811-4b25-b612-c439bdf23e8a}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{b7a4ccd0-f88d-490b-949c-652a8e0776ce}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-29] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-29] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
Edge:
======
Edge Session Restore: HKU\S-1-5-21-2563344569-153408547-261685501-1001 -> is enabled.
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-07-21]
Edge Extension: (Amazon Assistant) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1806.9.0_neutral__343d40qqvtj1t [2019-07-21]
FireFox:
========
FF DefaultProfile: llfzwedj.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\llfzwedj.default [2019-07-24]
FF Homepage: Mozilla\Firefox\Profiles\llfzwedj.default -> hxxps://www.bing.com/?PC=JV01
FF Extension: (uBlock) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\llfzwedj.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2019-07-19]
FF Extension: (NoScript) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\llfzwedj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-07-19]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-07-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2019-03-13] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [197120 2017-07-13] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [176920 2019-03-13] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [266080 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [352808 2018-04-12] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTKVHD64.sys [6314848 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R3 JmUsbCcgp; C:\WINDOWS\system32\DRIVERS\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3236320 2017-11-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-05-11] (NCH Software Pty Ltd -> )
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-04-12] (Synaptics Incorporated -> Synaptics Incorporated)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-25] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-02] (Zemana Ltd. -> Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-08-01 16:41 - 2019-08-01 16:44 - 000029023 _____ C:\Users\ronny\Desktop\FRST.txt
2019-08-01 16:40 - 2019-08-01 16:40 - 002096128 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
2019-08-01 16:36 - 2019-08-01 16:36 - 000002329 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-08-01 16:35 - 2019-08-01 16:35 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup(2).exe
2019-08-01 16:33 - 2019-08-01 16:33 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup(1).exe
2019-08-01 15:34 - 2019-08-01 15:34 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-01 15:34 - 2019-08-01 15:34 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-01 15:34 - 2019-08-01 15:34 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-01 15:33 - 2019-08-01 15:33 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-01 15:32 - 2019-08-01 16:44 - 000064318 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-08-01 15:30 - 2019-08-01 15:30 - 000001366 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2019-08-01 15:30 - 2019-08-01 15:30 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
2019-08-01 15:30 - 2019-08-01 15:30 - 000001238 _____ C:\Users\Public\Desktop\SoundTap Streaming Audio Recorder.lnk
2019-08-01 15:30 - 2019-08-01 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2019-08-01 15:29 - 2019-08-01 15:29 - 000813120 _____ (NCH Software) C:\Users\ronny\Desktop\stsetup.exe
2019-08-01 01:37 - 2019-08-01 01:37 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-31 02:04 - 2019-07-31 02:04 - 004936704 _____ C:\Users\ronny\Documents\dwyco-backup-diff-f26998543478a9551774.sql
2019-07-29 22:49 - 2019-07-29 22:49 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-29 22:49 - 2019-07-29 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-29 22:48 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-07-29 22:42 - 2019-07-29 22:42 - 064760528 _____ (Malwarebytes ) C:\Users\ronny\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11764.exe
2019-07-28 01:04 - 2019-07-28 01:04 - 004919296 _____ C:\Users\ronny\Documents\dwyco-backup-diff-f26998543478a9551774.old.sql
2019-07-25 10:22 - 2019-07-25 10:21 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-07-25 02:51 - 2019-07-25 02:51 - 007988488 _____ C:\Users\ronny\Desktop\alien masks.mp4
2019-07-21 19:32 - 2019-07-29 22:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-07-19 03:06 - 2019-07-21 19:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-07-19 03:03 - 2019-07-26 10:08 - 000215431 _____ C:\Users\ronny\Desktop\lame_enc_x64_3.98_VC9SP1.zip
2019-07-19 02:57 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\Desktop\streamosaur.1.0.0.1
2019-07-19 01:15 - 2019-07-21 11:38 - 000000000 ____D C:\ProgramData\MAGIX
2019-07-19 01:15 - 2019-07-19 01:15 - 000000000 ____D C:\Program Files\SOUND FORGE
2019-07-19 01:12 - 2019-07-19 01:13 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sony
2019-07-19 01:10 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\AppData\Roaming\MAGIX
2019-07-17 00:49 - 2019-07-17 00:49 - 004164575 _____ C:\Users\ronny\Desktop\Everybody Hurts.m4a
2019-07-17 00:23 - 2019-07-17 00:23 - 000000000 ____D C:\Users\ronny\AppData\Local\Meltytech
2019-07-16 14:01 - 2019-07-16 14:01 - 000000000 ____D C:\Users\ronny\AppData\Local\Wondershare
2019-07-16 13:57 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\Documents\Wondershare Filmora 9
2019-07-16 13:44 - 2019-07-21 11:38 - 000000000 ____D C:\Program Files\Shotcut
2019-07-16 00:42 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Apowersoft
2019-07-16 00:42 - 2019-07-16 00:42 - 000000000 ____D C:\Users\ronny\AppData\Local\Apowersoft
2019-07-16 00:17 - 2019-07-21 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 My MP3 4.2
2019-07-16 00:17 - 2019-07-21 11:38 - 000000000 ____D C:\Program Files (x86)\MP3 My MP3 4.2
2019-07-15 23:33 - 2019-07-19 02:58 - 006242348 _____ C:\Song001.wav
2019-07-15 23:30 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\Desktop\stream
2019-07-15 23:28 - 2019-07-15 23:28 - 000020999 _____ C:\Users\ronny\Desktop\streamosaur.1.0.0.1.zip
2019-07-14 23:14 - 2019-07-14 23:14 - 000000000 ____D C:\Users\ronny\Documents\iZotope
2019-07-14 23:01 - 2019-07-14 23:01 - 000787160 _____ (NCH Software) C:\Users\ronny\Desktop\soundtap-4-01-2017-09-28.exe
2019-07-14 22:50 - 2019-07-14 22:50 - 000813120 _____ (NCH Software) C:\Users\ronny\Downloads\stsetup.exe
2019-07-14 19:04 - 2019-07-14 19:04 - 000000000 ____D C:\Users\Public\Documents\Logishrd
2019-07-13 06:23 - 2019-07-14 22:29 - 000000000 ____D C:\WINDOWS\Minidump
2019-07-10 17:56 - 2019-07-10 17:56 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2563344569-153408547-261685501-1001
2019-07-10 17:55 - 2019-07-10 17:55 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-09 17:28 - 2019-07-09 17:28 - 007727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 005115384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 002469432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 002323688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 001266192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-09 17:28 - 2019-07-09 17:28 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000798736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-07-09 17:28 - 2019-07-09 17:28 - 000747568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000743216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000687896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000673520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000092592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-09 17:27 - 2019-07-09 17:27 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 023454208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 019012096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 012938752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 012243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 008900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 007876096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 006545304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 005587976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 004880896 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 003738624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002714624 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002278784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-07-09 17:27 - 2019-07-09 17:27 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-07-09 17:27 - 2019-07-09 17:27 - 002013696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001465464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001427592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001159168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000964608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000828728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000804744 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000660032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-07-09 17:27 - 2019-07-09 17:27 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2019-07-09 17:27 - 2019-07-09 17:27 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 022115472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 009683472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 006925312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 006308232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005566464 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005561312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005528064 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005297664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 004351448 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003818416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 003636224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 003630592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003427328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 003081728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002982400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002871816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 002778760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002701000 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002693120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002626872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002073472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001966904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001837136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001794048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001721352 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001702088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-09 17:26 - 2019-07-09 17:26 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001477648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001472808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001345168 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-09 17:26 - 2019-07-09 17:26 - 001321784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001259520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001199616 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001162320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001125416 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001075712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001038336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000998928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000810504 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000807480 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000771584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000730936 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000652528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000637968 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000553992 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-07-09 17:26 - 2019-07-09 17:26 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000514136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000464912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000439096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000431416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000423480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-07-09 17:26 - 2019-07-09 17:26 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000397688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000351432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000333128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.shareexperience.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000279920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000219448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000157024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000149232 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000137864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000121896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000071696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 007687784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 003335216 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002766136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002593336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002085376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001662480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 001208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001052984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 001043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2019-07-09 17:25 - 2019-07-09 17:25 - 000987736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000895552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000871784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000865272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000850992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000799776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000770096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000768224 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000731104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000680176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000511504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000506408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000482104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2019-07-09 17:25 - 2019-07-09 17:25 - 000415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000310288 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000298296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000294000 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000241944 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2019-07-09 17:25 - 2019-07-09 17:25 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000197832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2019-07-09 17:25 - 2019-07-09 17:25 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000141216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000117720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-07-09 17:25 - 2019-07-09 17:25 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000036360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-08-01 16:44 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-01 16:41 - 2019-04-14 09:32 - 000000000 ____D C:\FRST
2019-08-01 16:36 - 2019-03-11 22:33 - 000066852 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-08-01 16:34 - 2019-03-20 12:30 - 000000000 ____D C:\Users\ronny\AppData\Roaming\MediaPlayer10
2019-08-01 15:38 - 2019-05-05 03:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2019-08-01 15:35 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-01 15:35 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-01 15:34 - 2019-02-02 14:06 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2019-08-01 15:33 - 2019-05-05 03:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-01 15:32 - 2019-02-02 12:50 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2019-08-01 15:32 - 2018-09-15 01:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-01 15:30 - 2019-02-07 10:56 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-08-01 07:15 - 2019-05-05 03:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-01 01:07 - 2019-02-18 23:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\audacity
2019-07-31 01:57 - 2019-04-18 11:33 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2019-07-31 01:57 - 2019-02-03 22:17 - 000000000 ____D C:\Users\Public\Logi
2019-07-29 22:52 - 2019-05-05 03:19 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-29 22:52 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
2019-07-29 22:31 - 2019-02-02 13:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-29 22:26 - 2019-02-18 10:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-25 20:52 - 2018-04-17 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-25 10:22 - 2019-03-18 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-07-25 10:22 - 2019-03-18 17:54 - 000000000 ____D C:\Program Files (x86)\Java
2019-07-24 23:09 - 2019-02-18 10:16 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2019-07-24 22:39 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-07-21 18:07 - 2019-05-05 03:08 - 000000000 ____D C:\Users\ronny
2019-07-21 11:38 - 2019-04-10 17:56 - 000000000 ____D C:\Users\ronny\AppData\Local\LenovoServiceBridge
2019-07-21 11:38 - 2019-03-23 15:52 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-21 11:38 - 2019-02-07 10:57 - 000000000 ____D C:\ProgramData\NCH Software
2019-07-21 11:38 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\appcompat
2019-07-21 11:38 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-07-21 11:08 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-21 11:08 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\registration
2019-07-21 11:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-21 04:18 - 2019-02-03 22:01 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2019-07-19 00:03 - 2019-03-24 16:47 - 000000000 ____D C:\Users\ronny\Documents\Sound recordings
2019-07-15 22:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-07-14 23:11 - 2019-02-07 10:56 - 000000000 ____D C:\Users\ronny\AppData\Roaming\NCH Software
2019-07-14 19:04 - 2019-02-01 23:25 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
2019-07-14 19:04 - 2019-02-01 23:22 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logitech
2019-07-14 19:02 - 2019-02-02 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-07-14 19:02 - 2019-02-02 12:33 - 000000000 ____D C:\ProgramData\LogiShrd
2019-07-14 19:02 - 2019-02-01 23:30 - 000000000 ____D C:\Program Files\Logitech
2019-07-14 19:01 - 2019-02-01 23:22 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
2019-07-13 06:27 - 2019-06-21 10:13 - 000000000 ____D C:\Users\ronny\AppData\Local\Spotify
2019-07-13 06:27 - 2019-06-21 10:12 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Spotify
2019-07-13 06:23 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-10 17:56 - 2019-02-01 23:15 - 000000000 ___RD C:\Users\ronny\OneDrive
2019-07-10 17:50 - 2019-02-02 14:06 - 000000000 ___RD C:\Users\ronny\3D Objects
2019-07-10 17:50 - 2018-04-17 14:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-10 17:47 - 2019-05-05 03:00 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-10 17:42 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-10 01:29 - 2019-05-05 03:34 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-10 00:29 - 2019-05-05 03:34 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-09 17:41 - 2018-09-15 02:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-09 17:39 - 2019-02-01 23:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-09 17:35 - 2019-02-01 23:40 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-09 16:49 - 2019-02-03 00:55 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-07-09 09:16 - 2019-02-02 14:02 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
==================== Files in the root of some directories ================
2019-02-19 00:02 - 2011-12-26 04:34 - 000475648 _____ () C:\Program Files (x86)\lame.exe
2019-02-19 00:02 - 2011-12-26 04:34 - 000421888 _____ () C:\Program Files (x86)\lame_enc.dll
2019-02-19 00:02 - 2011-12-26 06:29 - 000001483 _____ () C:\Program Files (x86)\LICENSE.txt
2019-05-05 00:43 - 2019-05-05 00:43 - 000000726 _____ () C:\Program Files (x86)\LMIR15055001.tmp.bat
2019-05-05 00:43 - 2019-05-05 00:43 - 000000530 _____ () C:\Program Files (x86)\LMIR15055001.tmp_r.bat
2019-02-19 00:02 - 2019-02-19 00:02 - 000001019 _____ () C:\Program Files (x86)\unins000.dat
2019-02-19 00:02 - 2019-02-19 00:01 - 000715038 _____ () C:\Program Files (x86)\unins000.exe
2019-04-23 10:38 - 2019-04-23 10:38 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.1.txt
2019-02-10 22:19 - 2019-04-13 00:54 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.2.txt
2019-02-10 22:19 - 2019-04-13 00:44 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.3.txt
2019-02-10 22:19 - 2019-02-10 22:20 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.4.txt
2019-04-23 10:51 - 2019-04-23 10:51 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
2019-02-10 22:19 - 2019-04-23 10:51 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2019-05-11 22:08 - 2019-05-11 22:08 - 000016960 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\1eaadjc.dll
2019-05-11 22:06 - 2019-05-11 22:06 - 000218624 ____T (MultiMedia Soft) C:\Users\ronny\AppData\Roaming\Microsoft\AdjMmsVista.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000018724 ____T () C:\Users\ronny\AppData\Roaming\Microsoft\bass.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 001758720 ____T () C:\Users\ronny\AppData\Roaming\Microsoft\engine_vx.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000014392 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\kfgresk.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000014456 ____T () C:\Users\ronny\AppData\Roaming\Microsoft\mjcriu.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000010816 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\peaadje.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000028760 ____T ((: JOBnik! :) [Arthur Aminov, ISRAEL]) C:\Users\ronny\AppData\Roaming\Microsoft\qwadjb.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000015424 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\rsaadjd.dll
2019-07-19 01:19 - 2019-07-19 01:19 - 000098872 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\~DFK1cc7ad.tmp
2019-05-11 22:09 - 2019-05-11 22:09 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-04-14 01:52 - 2019-04-14 02:01 - 000007606 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by ronny (01-08-2019 16:45:59)
Running from C:\Users\ronny\Desktop
Windows 10 Home Version 1809 17763.615 (X64) (2019-05-05 08:36:55)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2563344569-153408547-261685501-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2563344569-153408547-261685501-503 - Limited - Disabled)
Guest (S-1-5-21-2563344569-153408547-261685501-501 - Limited - Disabled)
ronny (S-1-5-21-2563344569-153408547-261685501-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-2563344569-153408547-261685501-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Android Studio (HKLM\...\Android Studio) (Version: 3.3 - Google LLC)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Chart Installer (HKLM-x32\...\Chart Installer 1.0.0.116) (Version: 1.0.0.116 - Navionics)
Dolby Audio X2 Windows API SDK (HKLM\...\{F994125B-7BF5-4A38-A569-82833CEB24DC}) (Version: 0.8.4.83 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.)
Dwyco CDC-X version 2.19 (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
Dwyco CDC-X version 2.19 (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.525 - Gisburne Media)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Service Bridge (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Logitech Options (HKLM\...\LogiOptions) (Version: 7.12.43 - Logitech)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.123 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Media Player 10 (HKLM-x32\...\Media Player 10) (Version: 10.0.0 - CodeTechno)
Microsoft OneDrive (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 5.36 - NCH Software)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Firefox 67.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 67.0.1 (x64 en-US)) (Version: 67.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 67.0.1.7088 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.1000 - Maxthon International Limited)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 8.01 - NCH Software)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
Spotify (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Spotify) (Version: 1.1.10.540.gfcf0430f - Spotify AB)
Spotify (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Spotify) (Version: 1.1.10.540.gfcf0430f - Spotify AB)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 7.07 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Vivaldi (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Vivaldi) (Version: 2.4.1488.35 - Vivaldi Technologies AS.)
Vivaldi (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Vivaldi) (Version: 2.4.1488.35 - Vivaldi Technologies AS.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 9.01 - NCH Software)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Packages:
=========
9Zen Universal Locker -> C:\Program Files\WindowsApps\28852InspizenInc.9ZenUniversalLocker_2.6.6.0_x64__g9gz2pvpgk7nj [2019-07-21] (Inspizen Inc) [MS Ad]
ACG Player -> C:\Program Files\WindowsApps\41038AXILESOFT.ACGMEDIAPLAYER_1.15.17502.0_x64__wxjjre7dryqb6 [2019-07-21] (Axilesoft) [MS Ad]
AdBlock -> C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-07-21] (BetaFish)
Amazon Assistant -> C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1806.9.0_neutral__343d40qqvtj1t [2019-07-21] (Amazon.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220 [2019-07-21] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-07-21] (Fitbit)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.2.0.0_x64__8j3eq9eme6ctt [2019-07-21] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-24] (Apple Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-07-21] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-08-01] (LENOVO INC)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-07-21] (LinkedIn)
Mahjong Epic -> C:\Program Files\WindowsApps\KristanixStudiosAS.MahjongEpic_1.1.5.0_x64__nafbvgh473e28 [2019-07-21] (Kristanix Studios AS)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.9.0_x64__nfy108tqq3p12 [2019-07-21] (Thumbmunkeys Ltd) [MS Ad]
PicsArt - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PicsArt-PhotoStudio_8.6.1.0_x86__crhqpqs3x1ygc [2019-07-21] (PicsArt Inc.) [MS Ad]
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-07-21] (Adobe Systems Incorporated)
Screen Recorder Lite -> C:\Program Files\WindowsApps\YellowElephantProductions.ScreenRecorderLite_1.48.143.0_x64__p3e1zgp7z7szg [2019-07-21] (Yellow Elephant Productions)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2563344569-153408547-261685501-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\ronny\AppData\Local\Vivaldi\Application\2.4.1488.35\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\ronny\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nch.com.au/es/index.htm
==================== Loaded Modules (Whitelisted) ==============
2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2019-03-16 20:41 - 2018-08-12 20:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\LIBCURL.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\LIBEAY32.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\SSLEAY32.dll
2019-05-25 13:57 - 2019-05-08 11:01 - 001011712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Chart Installer\platforms\qwindows.dll
2019-05-25 13:57 - 2019-05-08 11:01 - 004628480 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Chart Installer\Qt5Core.dll
2019-05-25 13:57 - 2019-05-08 11:01 - 005014016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Chart Installer\Qt5Gui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20180626_061637.jpg
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20180626_061637.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\StartupFolder: => "Free Sound Recorder Update.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\StartupFolder: => "Free Sound Recorder Update.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\Run: => "Spotify"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{13BE66C3-79AA-4CF4-956A-30FB80D67A8A}C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe] => (Allow) C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe (CodeTechno) [File not signed]
FirewallRules: [TCP Query User{4F6385FE-AB6B-4221-B07A-2E0CC6D39AC4}C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe] => (Allow) C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe (CodeTechno) [File not signed]
FirewallRules: [{F9BD5922-EC6C-4830-945F-9BD9F8CF2816}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{91042DF4-8691-4161-AD71-F57432CB3C5F}] => (Allow) C:\Users\ronny\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{1D76E7C0-3191-4169-A1A0-7A5D431D3796}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{1E66B6DA-FEBF-436F-93BC-EE15608D34C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{5E13B8BB-86C2-4FEE-AC00-0746EE2A6CCE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D109E7B9-2199-4AEC-A7C4-9A549326E1DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{689283AB-5F2B-4CD5-AC28-0C4DBF972BC8}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{821AFEB3-FA53-4151-A52E-A5154C0CBEC4}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [TCP Query User{DE83D8F0-4DC3-4615-BC7C-E1552D8B6BA3}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{DFCB5FB7-1383-4289-964C-AB0E575FE84C}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [TCP Query User{5A17486F-38A5-4F75-A52C-D1418AC7BA32}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{9AE87BEB-DDC6-42FF-AE2A-CA4C15DBA486}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{75E5CCD8-E30F-4E98-A71E-48F24F33F450}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [{B6244532-8F31-485E-97AD-6131BC46AF7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [TCP Query User{1FD26D82-C054-4E18-A2EC-E6272C4408AA}C:\users\ronny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronny\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{D482860D-E70E-4C7B-808F-C546667CD8A6}C:\users\ronny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronny\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D5CC986A-F167-40AC-924F-8778D9D055AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11727.20244.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B4855CFE-3A74-48C1-A139-A6E26176CFFD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{68A0B5E2-8462-48F8-9D94-7A44FE94AB7E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7819E8A0-EBA8-4F1A-A0E1-9B6E950D94F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FCA110B2-06A5-4E41-9D3B-D1CD96E5492E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F008B2F1-45FB-400F-8CA9-9A351C603CFD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8691CB26-878A-4FFF-8D4D-66CB8F7A7E44}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{69AFD8A9-F109-4BE6-9AAB-243511A5EBD3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5A2822C5-8D0B-4B5B-92CE-75BF76867B91}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
==================== Restore Points =========================
24-07-2019 22:38:02 Windows Update
31-07-2019 23:36:23 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: Remote NDIS based Internet Sharing Device #2
Description: Remote NDIS based Internet Sharing Device
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: usbrndis6
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/01/2019 03:40:57 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-7SS3QTOI)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (08/01/2019 03:40:57 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (08/01/2019 03:34:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CropAssistService.exe, version: 1.0.419.0, time stamp: 0x5b2802f8
Faulting module name: igdrclneo32.dll, version: 0.0.0.0, time stamp: 0x5a96b06e
Exception code: 0xc0000005
Fault offset: 0x00165e86
Faulting process id: 0x17a8
Faulting application start time: 0x01d548a885104187
Faulting application path: C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igdrclneo32.dll
Report Id: 6a9529a7-85dc-44b0-8af3-ea00eb29bf16
Faulting package full name:
Faulting package-relative application ID:
Error: (08/01/2019 03:34:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CropAssistService.exe, version: 1.0.419.0, time stamp: 0x5b2802f8
Faulting module name: igdrclneo32.dll, version: 0.0.0.0, time stamp: 0x5a96b06e
Exception code: 0xc0000005
Fault offset: 0x00165e86
Faulting process id: 0x1a7c
Faulting application start time: 0x01d548a880247084
Faulting application path: C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igdrclneo32.dll
Report Id: 5abb3779-1ea4-4aa6-93a1-876c073f34a3
Faulting package full name:
Faulting package-relative application ID:
Error: (08/01/2019 03:34:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CropAssistService.exe, version: 1.0.419.0, time stamp: 0x5b2802f8
Faulting module name: igdrclneo32.dll, version: 0.0.0.0, time stamp: 0x5a96b06e
Exception code: 0xc0000005
Fault offset: 0x00165e86
Faulting process id: 0x174c
Faulting application start time: 0x01d548a86bdc23f0
Faulting application path: C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igdrclneo32.dll
Report Id: e8bd1685-3afe-4cef-93df-84d6a2e44a24
Faulting package full name:
Faulting package-relative application ID:
Error: (08/01/2019 03:33:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17763.557, time stamp: 0xb92cafe4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xc38
Faulting application start time: 0x01d548a85dca7f38
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: unknown
Report Id: 6362c5f3-ecd8-470a-a768-247ef9d9ca95
Faulting package full name:
Faulting package-relative application ID:
Error: (08/01/2019 03:00:48 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-7SS3QTOI)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (08/01/2019 03:00:47 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
System errors:
=============
Error: (08/01/2019 03:37:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/01/2019 03:37:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/01/2019 03:37:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/01/2019 03:34:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/01/2019 03:34:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/01/2019 03:34:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.
Error: (08/01/2019 03:00:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-7SS3QTOI)
Description: The server {0134A8B2-3407-4B45-AD25-E9F7C92A80BC} did not register with DCOM within the required timeout.
Error: (08/01/2019 02:55:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9PCMMNB260TX-E0469640.LenovoUtility.
Windows Defender:
===================================
Date: 2019-07-30 01:29:21.349
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {FFDF6145-0E43-4E73-975B-792B136F4E41}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-07-30 01:00:09.286
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {39A79B88-F2FE-4A48-A6CD-A4B951EDA030}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-07-20 23:25:13.204
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D0F07BE2-46E9-4FA6-BF79-CE35D35851A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-07-19 10:50:51.005
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6D6A7651-7D11-4B16-A6C5-D8E7537F1384}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-07-19 10:33:58.207
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {377A612B-C59F-48B9-B342-824BC98AD767}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-07-21 11:53:59.476
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.174.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-07-21 11:43:36.789
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Date: 2019-07-20 23:25:09.137
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.107.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-07-15 10:06:38.073
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.297.1097.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16100.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-07-13 22:35:27.198
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.297.997.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16100.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2019-06-02 10:50:25.004
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:45:24.999
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:40:25.145
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:35:25.030
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:30:24.996
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:26:25.708
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:25:25.003
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:20:30.036
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 8TCN51WW 12/08/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 86%
Total physical RAM: 4005.22 MB
Available physical RAM: 522.39 MB
Total Virtual: 6437.22 MB
Available Virtual: 1117.38 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:720.52 GB) NTFS
Drive d: (AT&T Velocity) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:442.75 GB) NTFS
\\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)
Partition: GPT.
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 4E80EAC4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by ronny (administrator) on LAPTOP-7SS3QTOI (LENOVO 81DE) (01-08-2019 16:41:53)
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny & (Available Profiles: ronny)
Platform: Windows 10 Home Version 1809 17763.615 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19062.451.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.54.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(NAVIONICS S.P.A. -> ) C:\Program Files (x86)\Chart Installer\NavService.exe
(NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\SoundTap\soundtap.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
Failed to access process -> audiodg.exe
Failed to access process -> CropAssistService.exe
Failed to access process -> CropAssistService.exe
Failed to access process -> CropAssistService.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2177160 2019-03-02] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-29] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\ronny\AppData\Local\Vivaldi\Application\update_notifier.exe [1800776 2019-03-25] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Run: [Spotify] => C:\Users\ronny\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\MountPoints2: {95c26bcf-4867-11e9-adf4-364b50b7efda} - "D:\AutoRun.exe"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Run: [Vivaldi Update Notifier] => C:\Users\ronny\AppData\Local\Vivaldi\Application\update_notifier.exe [1800776 2019-03-25] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Run: [Spotify] => C:\Users\ronny\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\MountPoints2: {95c26bcf-4867-11e9-adf4-364b50b7efda} - "D:\AutoRun.exe"
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Sound Recorder Update.lnk [2019-06-12]
ShortcutTarget: Free Sound Recorder Update.lnk -> C:\Program Files (x86)\Free Sound Recorder\Free Sound Recorder Update.exe (No File)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-05-06]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NavService.lnk [2019-05-25]
ShortcutTarget: NavService.lnk -> C:\Program Files (x86)\Chart Installer\NavService.exe (NAVIONICS S.P.A. -> )
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0303FC85-19E4-4A49-AFA4-CCFFF15FF8CC} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2563344569-153408547-261685501-1001 => C:\Users\ronny\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503584 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
Task: {114E7EE5-545C-45AC-BA13-722DFC466CFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1C0AD44A-50C4-4548-957C-8229DA347CCD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-10] (Adobe Inc. -> Adobe)
Task: {257C9CCE-30AD-4C77-A472-0BB14D415035} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DC37D0C-EC74-45EE-9537-548B7E917E3C} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170776 2019-03-13] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {318B57AE-5588-4035-81BE-BB34AD0B777B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {3B99BBFC-A865-42D0-BD65-6C30871250B4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-10] (Adobe Inc. -> Adobe)
Task: {716B90CE-A416-4784-BA18-242EC524DABE} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {8159801E-F8A6-47D8-8FE5-2333134A99E2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9ec37d1e-5f27-4782-b5a1-ab9616cfa683 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503584 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
Task: {95B1750E-4A58-473F-ACD4-DC8992772FEA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {C8CB119B-45DD-40AA-8460-12E0493DB950} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4668944 2018-10-14] (McAfee, Inc. -> McAfee, Inc.)
Task: {D7C8E03A-D3F0-49EC-A625-03B1EA12901F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8a7da069-74ce-4b4d-a6c2-8e0e649e9784 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {D8BC2351-5AC2-49A7-BE4E-A17B21659A15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-10] (Adobe Inc. -> Adobe)
Task: {DC8DAF3A-87FE-402C-891A-D14502AD7801} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8f75876a-56f0-4965-93d9-9dd3a11a88b8 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {EB786A8C-295A-4CF3-9F69-FBFF5A4723C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {ED066DF5-E55B-4A40-B888-00144190843A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {EF9273EA-7B42-496B-A43D-3BE85B0E650A} - System32\Tasks\RogueKiller Anti-Malware => C:\Users\ronny\Desktop\RogueKiller\RogueKiller64.exe
Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503584 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0085c7a6-e7cf-4a1e-ac86-a99b1040af33}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{157c1c20-07a9-48f0-96eb-08b0ba15705c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3a3e94fa-5e9d-4423-87d2-7dde07d75df2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3c4437dd-9c7d-4241-a1ea-b136520b1063}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{7293e87c-e811-4b25-b612-c439bdf23e8a}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{b7a4ccd0-f88d-490b-949c-652a8e0776ce}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-29] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-29] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
Edge:
======
Edge Session Restore: HKU\S-1-5-21-2563344569-153408547-261685501-1001 -> is enabled.
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-07-21]
Edge Extension: (Amazon Assistant) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1806.9.0_neutral__343d40qqvtj1t [2019-07-21]
FireFox:
========
FF DefaultProfile: llfzwedj.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\llfzwedj.default [2019-07-24]
FF Homepage: Mozilla\Firefox\Profiles\llfzwedj.default -> hxxps://www.bing.com/?PC=JV01
FF Extension: (uBlock) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\llfzwedj.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2019-07-19]
FF Extension: (NoScript) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\llfzwedj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-07-19]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-07-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2019-03-13] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [197120 2017-07-13] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [176920 2019-03-13] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [266080 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [352808 2018-04-12] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTKVHD64.sys [6314848 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R3 JmUsbCcgp; C:\WINDOWS\system32\DRIVERS\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3236320 2017-11-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-05-11] (NCH Software Pty Ltd -> )
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-04-12] (Synaptics Incorporated -> Synaptics Incorporated)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-25] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-02] (Zemana Ltd. -> Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-08-01 16:41 - 2019-08-01 16:44 - 000029023 _____ C:\Users\ronny\Desktop\FRST.txt
2019-08-01 16:40 - 2019-08-01 16:40 - 002096128 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
2019-08-01 16:36 - 2019-08-01 16:36 - 000002329 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-08-01 16:35 - 2019-08-01 16:35 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup(2).exe
2019-08-01 16:33 - 2019-08-01 16:33 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup(1).exe
2019-08-01 15:34 - 2019-08-01 15:34 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-01 15:34 - 2019-08-01 15:34 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-01 15:34 - 2019-08-01 15:34 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-01 15:33 - 2019-08-01 15:33 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-01 15:32 - 2019-08-01 16:44 - 000064318 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-08-01 15:30 - 2019-08-01 15:30 - 000001366 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2019-08-01 15:30 - 2019-08-01 15:30 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
2019-08-01 15:30 - 2019-08-01 15:30 - 000001238 _____ C:\Users\Public\Desktop\SoundTap Streaming Audio Recorder.lnk
2019-08-01 15:30 - 2019-08-01 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2019-08-01 15:29 - 2019-08-01 15:29 - 000813120 _____ (NCH Software) C:\Users\ronny\Desktop\stsetup.exe
2019-08-01 01:37 - 2019-08-01 01:37 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-31 02:04 - 2019-07-31 02:04 - 004936704 _____ C:\Users\ronny\Documents\dwyco-backup-diff-f26998543478a9551774.sql
2019-07-29 22:49 - 2019-07-29 22:49 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-29 22:49 - 2019-07-29 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-29 22:48 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-07-29 22:42 - 2019-07-29 22:42 - 064760528 _____ (Malwarebytes ) C:\Users\ronny\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11764.exe
2019-07-28 01:04 - 2019-07-28 01:04 - 004919296 _____ C:\Users\ronny\Documents\dwyco-backup-diff-f26998543478a9551774.old.sql
2019-07-25 10:22 - 2019-07-25 10:21 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-07-25 02:51 - 2019-07-25 02:51 - 007988488 _____ C:\Users\ronny\Desktop\alien masks.mp4
2019-07-21 19:32 - 2019-07-29 22:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-07-19 03:06 - 2019-07-21 19:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-07-19 03:03 - 2019-07-26 10:08 - 000215431 _____ C:\Users\ronny\Desktop\lame_enc_x64_3.98_VC9SP1.zip
2019-07-19 02:57 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\Desktop\streamosaur.1.0.0.1
2019-07-19 01:15 - 2019-07-21 11:38 - 000000000 ____D C:\ProgramData\MAGIX
2019-07-19 01:15 - 2019-07-19 01:15 - 000000000 ____D C:\Program Files\SOUND FORGE
2019-07-19 01:12 - 2019-07-19 01:13 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sony
2019-07-19 01:10 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\AppData\Roaming\MAGIX
2019-07-17 00:49 - 2019-07-17 00:49 - 004164575 _____ C:\Users\ronny\Desktop\Everybody Hurts.m4a
2019-07-17 00:23 - 2019-07-17 00:23 - 000000000 ____D C:\Users\ronny\AppData\Local\Meltytech
2019-07-16 14:01 - 2019-07-16 14:01 - 000000000 ____D C:\Users\ronny\AppData\Local\Wondershare
2019-07-16 13:57 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\Documents\Wondershare Filmora 9
2019-07-16 13:44 - 2019-07-21 11:38 - 000000000 ____D C:\Program Files\Shotcut
2019-07-16 00:42 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Apowersoft
2019-07-16 00:42 - 2019-07-16 00:42 - 000000000 ____D C:\Users\ronny\AppData\Local\Apowersoft
2019-07-16 00:17 - 2019-07-21 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 My MP3 4.2
2019-07-16 00:17 - 2019-07-21 11:38 - 000000000 ____D C:\Program Files (x86)\MP3 My MP3 4.2
2019-07-15 23:33 - 2019-07-19 02:58 - 006242348 _____ C:\Song001.wav
2019-07-15 23:30 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\Desktop\stream
2019-07-15 23:28 - 2019-07-15 23:28 - 000020999 _____ C:\Users\ronny\Desktop\streamosaur.1.0.0.1.zip
2019-07-14 23:14 - 2019-07-14 23:14 - 000000000 ____D C:\Users\ronny\Documents\iZotope
2019-07-14 23:01 - 2019-07-14 23:01 - 000787160 _____ (NCH Software) C:\Users\ronny\Desktop\soundtap-4-01-2017-09-28.exe
2019-07-14 22:50 - 2019-07-14 22:50 - 000813120 _____ (NCH Software) C:\Users\ronny\Downloads\stsetup.exe
2019-07-14 19:04 - 2019-07-14 19:04 - 000000000 ____D C:\Users\Public\Documents\Logishrd
2019-07-13 06:23 - 2019-07-14 22:29 - 000000000 ____D C:\WINDOWS\Minidump
2019-07-10 17:56 - 2019-07-10 17:56 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2563344569-153408547-261685501-1001
2019-07-10 17:55 - 2019-07-10 17:55 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-09 17:28 - 2019-07-09 17:28 - 007727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 005115384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 002469432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 002323688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 001266192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-09 17:28 - 2019-07-09 17:28 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000798736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-07-09 17:28 - 2019-07-09 17:28 - 000747568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000743216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000687896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000673520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000092592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-09 17:27 - 2019-07-09 17:27 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 023454208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 019012096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 012938752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 012243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 008900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 007876096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 006545304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 005587976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 004880896 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 003738624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002714624 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002278784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-07-09 17:27 - 2019-07-09 17:27 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-07-09 17:27 - 2019-07-09 17:27 - 002013696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001465464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001427592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001159168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000964608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000828728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000804744 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000660032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-07-09 17:27 - 2019-07-09 17:27 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2019-07-09 17:27 - 2019-07-09 17:27 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 022115472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 009683472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 006925312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 006308232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005566464 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005561312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005528064 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005297664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 004351448 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003818416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 003636224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 003630592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003427328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 003081728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002982400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002871816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 002778760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002701000 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002693120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002626872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002073472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001966904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001837136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001794048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001721352 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001702088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-09 17:26 - 2019-07-09 17:26 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001477648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001472808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001345168 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-09 17:26 - 2019-07-09 17:26 - 001321784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001259520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001199616 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001162320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001125416 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001075712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001038336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000998928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000810504 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000807480 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000771584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000730936 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000652528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000637968 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000553992 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-07-09 17:26 - 2019-07-09 17:26 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000514136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000464912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000439096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000431416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000423480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-07-09 17:26 - 2019-07-09 17:26 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000397688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000351432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000333128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.shareexperience.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000279920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000219448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000157024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000149232 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000137864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000121896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000071696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 007687784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 003335216 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002766136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002593336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002085376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001662480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 001208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001052984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 001043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2019-07-09 17:25 - 2019-07-09 17:25 - 000987736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000895552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000871784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000865272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000850992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000799776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000770096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000768224 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000731104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000680176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000511504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000506408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000482104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2019-07-09 17:25 - 2019-07-09 17:25 - 000415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000310288 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000298296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000294000 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000241944 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2019-07-09 17:25 - 2019-07-09 17:25 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000197832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2019-07-09 17:25 - 2019-07-09 17:25 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000141216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000117720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-07-09 17:25 - 2019-07-09 17:25 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000036360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-08-01 16:44 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-01 16:41 - 2019-04-14 09:32 - 000000000 ____D C:\FRST
2019-08-01 16:36 - 2019-03-11 22:33 - 000066852 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-08-01 16:34 - 2019-03-20 12:30 - 000000000 ____D C:\Users\ronny\AppData\Roaming\MediaPlayer10
2019-08-01 15:38 - 2019-05-05 03:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2019-08-01 15:35 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-01 15:35 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-01 15:34 - 2019-02-02 14:06 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2019-08-01 15:33 - 2019-05-05 03:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-01 15:32 - 2019-02-02 12:50 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2019-08-01 15:32 - 2018-09-15 01:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-01 15:30 - 2019-02-07 10:56 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-08-01 07:15 - 2019-05-05 03:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-01 01:07 - 2019-02-18 23:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\audacity
2019-07-31 01:57 - 2019-04-18 11:33 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2019-07-31 01:57 - 2019-02-03 22:17 - 000000000 ____D C:\Users\Public\Logi
2019-07-29 22:52 - 2019-05-05 03:19 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-29 22:52 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
2019-07-29 22:31 - 2019-02-02 13:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-29 22:26 - 2019-02-18 10:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-25 20:52 - 2018-04-17 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-25 10:22 - 2019-03-18 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-07-25 10:22 - 2019-03-18 17:54 - 000000000 ____D C:\Program Files (x86)\Java
2019-07-24 23:09 - 2019-02-18 10:16 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2019-07-24 22:39 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-07-21 18:07 - 2019-05-05 03:08 - 000000000 ____D C:\Users\ronny
2019-07-21 11:38 - 2019-04-10 17:56 - 000000000 ____D C:\Users\ronny\AppData\Local\LenovoServiceBridge
2019-07-21 11:38 - 2019-03-23 15:52 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-21 11:38 - 2019-02-07 10:57 - 000000000 ____D C:\ProgramData\NCH Software
2019-07-21 11:38 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\appcompat
2019-07-21 11:38 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-07-21 11:08 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-21 11:08 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\registration
2019-07-21 11:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-21 04:18 - 2019-02-03 22:01 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2019-07-19 00:03 - 2019-03-24 16:47 - 000000000 ____D C:\Users\ronny\Documents\Sound recordings
2019-07-15 22:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-07-14 23:11 - 2019-02-07 10:56 - 000000000 ____D C:\Users\ronny\AppData\Roaming\NCH Software
2019-07-14 19:04 - 2019-02-01 23:25 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
2019-07-14 19:04 - 2019-02-01 23:22 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logitech
2019-07-14 19:02 - 2019-02-02 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-07-14 19:02 - 2019-02-02 12:33 - 000000000 ____D C:\ProgramData\LogiShrd
2019-07-14 19:02 - 2019-02-01 23:30 - 000000000 ____D C:\Program Files\Logitech
2019-07-14 19:01 - 2019-02-01 23:22 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
2019-07-13 06:27 - 2019-06-21 10:13 - 000000000 ____D C:\Users\ronny\AppData\Local\Spotify
2019-07-13 06:27 - 2019-06-21 10:12 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Spotify
2019-07-13 06:23 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-10 17:56 - 2019-02-01 23:15 - 000000000 ___RD C:\Users\ronny\OneDrive
2019-07-10 17:50 - 2019-02-02 14:06 - 000000000 ___RD C:\Users\ronny\3D Objects
2019-07-10 17:50 - 2018-04-17 14:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-10 17:47 - 2019-05-05 03:00 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-10 17:42 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-10 01:29 - 2019-05-05 03:34 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-10 00:29 - 2019-05-05 03:34 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-09 17:41 - 2018-09-15 02:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-09 17:39 - 2019-02-01 23:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-09 17:35 - 2019-02-01 23:40 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-09 16:49 - 2019-02-03 00:55 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-07-09 09:16 - 2019-02-02 14:02 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics
==================== Files in the root of some directories ================
2019-02-19 00:02 - 2011-12-26 04:34 - 000475648 _____ () C:\Program Files (x86)\lame.exe
2019-02-19 00:02 - 2011-12-26 04:34 - 000421888 _____ () C:\Program Files (x86)\lame_enc.dll
2019-02-19 00:02 - 2011-12-26 06:29 - 000001483 _____ () C:\Program Files (x86)\LICENSE.txt
2019-05-05 00:43 - 2019-05-05 00:43 - 000000726 _____ () C:\Program Files (x86)\LMIR15055001.tmp.bat
2019-05-05 00:43 - 2019-05-05 00:43 - 000000530 _____ () C:\Program Files (x86)\LMIR15055001.tmp_r.bat
2019-02-19 00:02 - 2019-02-19 00:02 - 000001019 _____ () C:\Program Files (x86)\unins000.dat
2019-02-19 00:02 - 2019-02-19 00:01 - 000715038 _____ () C:\Program Files (x86)\unins000.exe
2019-04-23 10:38 - 2019-04-23 10:38 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.1.txt
2019-02-10 22:19 - 2019-04-13 00:54 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.2.txt
2019-02-10 22:19 - 2019-04-13 00:44 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.3.txt
2019-02-10 22:19 - 2019-02-10 22:20 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.4.txt
2019-04-23 10:51 - 2019-04-23 10:51 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
2019-02-10 22:19 - 2019-04-23 10:51 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2019-05-11 22:08 - 2019-05-11 22:08 - 000016960 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\1eaadjc.dll
2019-05-11 22:06 - 2019-05-11 22:06 - 000218624 ____T (MultiMedia Soft) C:\Users\ronny\AppData\Roaming\Microsoft\AdjMmsVista.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000018724 ____T () C:\Users\ronny\AppData\Roaming\Microsoft\bass.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 001758720 ____T () C:\Users\ronny\AppData\Roaming\Microsoft\engine_vx.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000014392 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\kfgresk.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000014456 ____T () C:\Users\ronny\AppData\Roaming\Microsoft\mjcriu.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000010816 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\peaadje.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000028760 ____T ((: JOBnik! :) [Arthur Aminov, ISRAEL]) C:\Users\ronny\AppData\Roaming\Microsoft\qwadjb.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000015424 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\rsaadjd.dll
2019-07-19 01:19 - 2019-07-19 01:19 - 000098872 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\~DFK1cc7ad.tmp
2019-05-11 22:09 - 2019-05-11 22:09 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-04-14 01:52 - 2019-04-14 02:01 - 000007606 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by ronny (01-08-2019 16:45:59)
Running from C:\Users\ronny\Desktop
Windows 10 Home Version 1809 17763.615 (X64) (2019-05-05 08:36:55)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2563344569-153408547-261685501-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2563344569-153408547-261685501-503 - Limited - Disabled)
Guest (S-1-5-21-2563344569-153408547-261685501-501 - Limited - Disabled)
ronny (S-1-5-21-2563344569-153408547-261685501-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-2563344569-153408547-261685501-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Android Studio (HKLM\...\Android Studio) (Version: 3.3 - Google LLC)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Chart Installer (HKLM-x32\...\Chart Installer 1.0.0.116) (Version: 1.0.0.116 - Navionics)
Dolby Audio X2 Windows API SDK (HKLM\...\{F994125B-7BF5-4A38-A569-82833CEB24DC}) (Version: 0.8.4.83 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.)
Dwyco CDC-X version 2.19 (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
Dwyco CDC-X version 2.19 (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.525 - Gisburne Media)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Service Bridge (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Logitech Options (HKLM\...\LogiOptions) (Version: 7.12.43 - Logitech)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.123 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Media Player 10 (HKLM-x32\...\Media Player 10) (Version: 10.0.0 - CodeTechno)
Microsoft OneDrive (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 5.36 - NCH Software)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Firefox 67.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 67.0.1 (x64 en-US)) (Version: 67.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 67.0.1.7088 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.1000 - Maxthon International Limited)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 8.01 - NCH Software)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
Spotify (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Spotify) (Version: 1.1.10.540.gfcf0430f - Spotify AB)
Spotify (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Spotify) (Version: 1.1.10.540.gfcf0430f - Spotify AB)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 7.07 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Vivaldi (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Vivaldi) (Version: 2.4.1488.35 - Vivaldi Technologies AS.)
Vivaldi (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Vivaldi) (Version: 2.4.1488.35 - Vivaldi Technologies AS.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 9.01 - NCH Software)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)
Packages:
=========
9Zen Universal Locker -> C:\Program Files\WindowsApps\28852InspizenInc.9ZenUniversalLocker_2.6.6.0_x64__g9gz2pvpgk7nj [2019-07-21] (Inspizen Inc) [MS Ad]
ACG Player -> C:\Program Files\WindowsApps\41038AXILESOFT.ACGMEDIAPLAYER_1.15.17502.0_x64__wxjjre7dryqb6 [2019-07-21] (Axilesoft) [MS Ad]
AdBlock -> C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-07-21] (BetaFish)
Amazon Assistant -> C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1806.9.0_neutral__343d40qqvtj1t [2019-07-21] (Amazon.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220 [2019-07-21] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-07-21] (Fitbit)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.2.0.0_x64__8j3eq9eme6ctt [2019-07-21] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-24] (Apple Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-07-21] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-08-01] (LENOVO INC)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-07-21] (LinkedIn)
Mahjong Epic -> C:\Program Files\WindowsApps\KristanixStudiosAS.MahjongEpic_1.1.5.0_x64__nafbvgh473e28 [2019-07-21] (Kristanix Studios AS)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.9.0_x64__nfy108tqq3p12 [2019-07-21] (Thumbmunkeys Ltd) [MS Ad]
PicsArt - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PicsArt-PhotoStudio_8.6.1.0_x86__crhqpqs3x1ygc [2019-07-21] (PicsArt Inc.) [MS Ad]
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-07-21] (Adobe Systems Incorporated)
Screen Recorder Lite -> C:\Program Files\WindowsApps\YellowElephantProductions.ScreenRecorderLite_1.48.143.0_x64__p3e1zgp7z7szg [2019-07-21] (Yellow Elephant Productions)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2563344569-153408547-261685501-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\ronny\AppData\Local\Vivaldi\Application\2.4.1488.35\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\ronny\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nch.com.au/es/index.htm
==================== Loaded Modules (Whitelisted) ==============
2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2019-03-16 20:41 - 2018-08-12 20:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\LIBCURL.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\LIBEAY32.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\SSLEAY32.dll
2019-05-25 13:57 - 2019-05-08 11:01 - 001011712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Chart Installer\platforms\qwindows.dll
2019-05-25 13:57 - 2019-05-08 11:01 - 004628480 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Chart Installer\Qt5Core.dll
2019-05-25 13:57 - 2019-05-08 11:01 - 005014016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Chart Installer\Qt5Gui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20180626_061637.jpg
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20180626_061637.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\StartupFolder: => "Free Sound Recorder Update.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\StartupFolder: => "Free Sound Recorder Update.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\Run: => "Spotify"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{13BE66C3-79AA-4CF4-956A-30FB80D67A8A}C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe] => (Allow) C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe (CodeTechno) [File not signed]
FirewallRules: [TCP Query User{4F6385FE-AB6B-4221-B07A-2E0CC6D39AC4}C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe] => (Allow) C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe (CodeTechno) [File not signed]
FirewallRules: [{F9BD5922-EC6C-4830-945F-9BD9F8CF2816}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{91042DF4-8691-4161-AD71-F57432CB3C5F}] => (Allow) C:\Users\ronny\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{1D76E7C0-3191-4169-A1A0-7A5D431D3796}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{1E66B6DA-FEBF-436F-93BC-EE15608D34C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{5E13B8BB-86C2-4FEE-AC00-0746EE2A6CCE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D109E7B9-2199-4AEC-A7C4-9A549326E1DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{689283AB-5F2B-4CD5-AC28-0C4DBF972BC8}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{821AFEB3-FA53-4151-A52E-A5154C0CBEC4}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [TCP Query User{DE83D8F0-4DC3-4615-BC7C-E1552D8B6BA3}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{DFCB5FB7-1383-4289-964C-AB0E575FE84C}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [TCP Query User{5A17486F-38A5-4F75-A52C-D1418AC7BA32}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{9AE87BEB-DDC6-42FF-AE2A-CA4C15DBA486}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{75E5CCD8-E30F-4E98-A71E-48F24F33F450}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [{B6244532-8F31-485E-97AD-6131BC46AF7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [TCP Query User{1FD26D82-C054-4E18-A2EC-E6272C4408AA}C:\users\ronny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronny\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{D482860D-E70E-4C7B-808F-C546667CD8A6}C:\users\ronny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronny\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D5CC986A-F167-40AC-924F-8778D9D055AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11727.20244.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B4855CFE-3A74-48C1-A139-A6E26176CFFD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{68A0B5E2-8462-48F8-9D94-7A44FE94AB7E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7819E8A0-EBA8-4F1A-A0E1-9B6E950D94F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FCA110B2-06A5-4E41-9D3B-D1CD96E5492E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F008B2F1-45FB-400F-8CA9-9A351C603CFD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8691CB26-878A-4FFF-8D4D-66CB8F7A7E44}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{69AFD8A9-F109-4BE6-9AAB-243511A5EBD3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5A2822C5-8D0B-4B5B-92CE-75BF76867B91}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
==================== Restore Points =========================
24-07-2019 22:38:02 Windows Update
31-07-2019 23:36:23 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: Remote NDIS based Internet Sharing Device #2
Description: Remote NDIS based Internet Sharing Device
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: usbrndis6
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/01/2019 03:40:57 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-7SS3QTOI)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (08/01/2019 03:40:57 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (08/01/2019 03:34:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CropAssistService.exe, version: 1.0.419.0, time stamp: 0x5b2802f8
Faulting module name: igdrclneo32.dll, version: 0.0.0.0, time stamp: 0x5a96b06e
Exception code: 0xc0000005
Fault offset: 0x00165e86
Faulting process id: 0x17a8
Faulting application start time: 0x01d548a885104187
Faulting application path: C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igdrclneo32.dll
Report Id: 6a9529a7-85dc-44b0-8af3-ea00eb29bf16
Faulting package full name:
Faulting package-relative application ID:
Error: (08/01/2019 03:34:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CropAssistService.exe, version: 1.0.419.0, time stamp: 0x5b2802f8
Faulting module name: igdrclneo32.dll, version: 0.0.0.0, time stamp: 0x5a96b06e
Exception code: 0xc0000005
Fault offset: 0x00165e86
Faulting process id: 0x1a7c
Faulting application start time: 0x01d548a880247084
Faulting application path: C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igdrclneo32.dll
Report Id: 5abb3779-1ea4-4aa6-93a1-876c073f34a3
Faulting package full name:
Faulting package-relative application ID:
Error: (08/01/2019 03:34:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CropAssistService.exe, version: 1.0.419.0, time stamp: 0x5b2802f8
Faulting module name: igdrclneo32.dll, version: 0.0.0.0, time stamp: 0x5a96b06e
Exception code: 0xc0000005
Fault offset: 0x00165e86
Faulting process id: 0x174c
Faulting application start time: 0x01d548a86bdc23f0
Faulting application path: C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igdrclneo32.dll
Report Id: e8bd1685-3afe-4cef-93df-84d6a2e44a24
Faulting package full name:
Faulting package-relative application ID:
Error: (08/01/2019 03:33:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17763.557, time stamp: 0xb92cafe4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xc38
Faulting application start time: 0x01d548a85dca7f38
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: unknown
Report Id: 6362c5f3-ecd8-470a-a768-247ef9d9ca95
Faulting package full name:
Faulting package-relative application ID:
Error: (08/01/2019 03:00:48 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-7SS3QTOI)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (08/01/2019 03:00:47 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
System errors:
=============
Error: (08/01/2019 03:37:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/01/2019 03:37:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/01/2019 03:37:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/01/2019 03:34:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/01/2019 03:34:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/01/2019 03:34:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.
Error: (08/01/2019 03:00:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-7SS3QTOI)
Description: The server {0134A8B2-3407-4B45-AD25-E9F7C92A80BC} did not register with DCOM within the required timeout.
Error: (08/01/2019 02:55:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9PCMMNB260TX-E0469640.LenovoUtility.
Windows Defender:
===================================
Date: 2019-07-30 01:29:21.349
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {FFDF6145-0E43-4E73-975B-792B136F4E41}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-07-30 01:00:09.286
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {39A79B88-F2FE-4A48-A6CD-A4B951EDA030}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-07-20 23:25:13.204
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D0F07BE2-46E9-4FA6-BF79-CE35D35851A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-07-19 10:50:51.005
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6D6A7651-7D11-4B16-A6C5-D8E7537F1384}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-07-19 10:33:58.207
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {377A612B-C59F-48B9-B342-824BC98AD767}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-07-21 11:53:59.476
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.174.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-07-21 11:43:36.789
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Date: 2019-07-20 23:25:09.137
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.107.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-07-15 10:06:38.073
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.297.1097.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16100.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2019-07-13 22:35:27.198
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.297.997.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16100.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2019-06-02 10:50:25.004
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:45:24.999
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:40:25.145
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:35:25.030
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:30:24.996
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:26:25.708
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:25:25.003
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-02 10:20:30.036
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 8TCN51WW 12/08/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 86%
Total physical RAM: 4005.22 MB
Available physical RAM: 522.39 MB
Total Virtual: 6437.22 MB
Available Virtual: 1117.38 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:720.52 GB) NTFS
Drive d: (AT&T Velocity) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:442.75 GB) NTFS
\\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)
Partition: GPT.
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 4E80EAC4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================