PDA

View Full Version : after a visit from microsoft, things have been sketchy...



rcb56
2019-08-02, 01:09
my scan results, but like before, the when i accepted yes to the vt question it crashed my pc. a few weeks ago i got ran over bt a supposed microsoft page who demanded i give access to my pc and pay them an amout to fix my pc...they alleged i was infecting the internet. i later contacted microsoft who said it was not them. i'm just needing to check and make sure everything is ok. thanks so much!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by ronny (administrator) on LAPTOP-7SS3QTOI (LENOVO 81DE) (01-08-2019 16:41:53)
Running from C:\Users\ronny\Desktop
Loaded Profiles: ronny & (Available Profiles: ronny)
Platform: Windows 10 Home Version 1809 17763.615 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe" "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19062.451.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_a7428663aca90897\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c59c7d36072c06c5\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.54.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Maxthon Technology Co, Ltd. -> Maxthon International ltd.) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(NAVIONICS S.P.A. -> ) C:\Program Files (x86)\Chart Installer\NavService.exe
(NCH Software Pty Ltd -> NCH Software) C:\Program Files (x86)\NCH Software\SoundTap\soundtap.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
Failed to access process -> audiodg.exe
Failed to access process -> CropAssistService.exe
Failed to access process -> CropAssistService.exe
Failed to access process -> CropAssistService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2177160 2019-03-02] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-29] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\ronny\AppData\Local\Vivaldi\Application\update_notifier.exe [1800776 2019-03-25] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Run: [Spotify] => C:\Users\ronny\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\MountPoints2: {95c26bcf-4867-11e9-adf4-364b50b7efda} - "D:\AutoRun.exe"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Run: [Vivaldi Update Notifier] => C:\Users\ronny\AppData\Local\Vivaldi\Application\update_notifier.exe [1800776 2019-03-25] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Run: [Spotify] => C:\Users\ronny\AppData\Roaming\Spotify\Spotify.exe [25591712 2019-07-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\MountPoints2: {95c26bcf-4867-11e9-adf4-364b50b7efda} - "D:\AutoRun.exe"
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Sound Recorder Update.lnk [2019-06-12]
ShortcutTarget: Free Sound Recorder Update.lnk -> C:\Program Files (x86)\Free Sound Recorder\Free Sound Recorder Update.exe (No File)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2019-05-06]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Logitech -> Leader Technologies/Logitech)
Startup: C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NavService.lnk [2019-05-25]
ShortcutTarget: NavService.lnk -> C:\Program Files (x86)\Chart Installer\NavService.exe (NAVIONICS S.P.A. -> )

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0303FC85-19E4-4A49-AFA4-CCFFF15FF8CC} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2563344569-153408547-261685501-1001 => C:\Users\ronny\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {0ADF630D-EDBE-4DCC-A006-37EA17B9829E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503584 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
Task: {114E7EE5-545C-45AC-BA13-722DFC466CFC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1C0AD44A-50C4-4548-957C-8229DA347CCD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-10] (Adobe Inc. -> Adobe)
Task: {257C9CCE-30AD-4C77-A472-0BB14D415035} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DC37D0C-EC74-45EE-9537-548B7E917E3C} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [170776 2019-03-13] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
Task: {318B57AE-5588-4035-81BE-BB34AD0B777B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {3B99BBFC-A865-42D0-BD65-6C30871250B4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-10] (Adobe Inc. -> Adobe)
Task: {716B90CE-A416-4784-BA18-242EC524DABE} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {8159801E-F8A6-47D8-8FE5-2333134A99E2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9ec37d1e-5f27-4782-b5a1-ab9616cfa683 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8ED2C411-7510-43C9-A180-9D84045CF0DC} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503584 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
Task: {95B1750E-4A58-473F-ACD4-DC8992772FEA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BE77526C-BEAF-4E49-86F6-D04BC84A3FF2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {C8CB119B-45DD-40AA-8460-12E0493DB950} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4668944 2018-10-14] (McAfee, Inc. -> McAfee, Inc.)
Task: {D7C8E03A-D3F0-49EC-A625-03B1EA12901F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8a7da069-74ce-4b4d-a6c2-8e0e649e9784 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {D8BC2351-5AC2-49A7-BE4E-A17B21659A15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-10] (Adobe Inc. -> Adobe)
Task: {DC8DAF3A-87FE-402C-891A-D14502AD7801} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8f75876a-56f0-4965-93d9-9dd3a11a88b8 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {EB786A8C-295A-4CF3-9F69-FBFF5A4723C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBF36B46-CBDF-45A6-B321-60F118CB9CC3} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {ED066DF5-E55B-4A40-B888-00144190843A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {EF9273EA-7B42-496B-A43D-3BE85B0E650A} - System32\Tasks\RogueKiller Anti-Malware => C:\Users\ronny\Desktop\RogueKiller\RogueKiller64.exe
Task: {FA6D3E51-BDBD-490F-B0FD-8CECC50F7079} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1503584 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0085c7a6-e7cf-4a1e-ac86-a99b1040af33}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{157c1c20-07a9-48f0-96eb-08b0ba15705c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3a3e94fa-5e9d-4423-87d2-7dde07d75df2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3c4437dd-9c7d-4241-a1ea-b136520b1063}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{7293e87c-e811-4b25-b612-c439bdf23e8a}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{b7a4ccd0-f88d-490b-949c-652a8e0776ce}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319 -> DefaultScope {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
SearchScopes: HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319 -> {1DE58705-3063-4F2A-835E-EB8A8011C103} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-29] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-29] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
Edge Session Restore: HKU\S-1-5-21-2563344569-153408547-261685501-1001 -> is enabled.
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-07-21]
Edge Extension: (Amazon Assistant) -> xxx_AmazoncomAmazonAssistant_343d40qqvtj1t => C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1806.9.0_neutral__343d40qqvtj1t [2019-07-21]

FireFox:
========
FF DefaultProfile: llfzwedj.default
FF ProfilePath: C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\llfzwedj.default [2019-07-24]
FF Homepage: Mozilla\Firefox\Profiles\llfzwedj.default -> hxxps://www.bing.com/?PC=JV01
FF Extension: (uBlock) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\llfzwedj.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2019-07-19]
FF Extension: (NoScript) - C:\Users\ronny\AppData\Roaming\Mozilla\Firefox\Profiles\llfzwedj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2019-07-19]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-07-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-10] (Adobe Inc. -> )
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2019-03-13] (Solware IT Ltd -> Solware)
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\WINDOWS\System32\drivers\AdminService.exe [420472 2019-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [197120 2017-07-13] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [780600 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [718656 2018-10-02] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_0a3294d3216a4a83\jhi_service.exe [578752 2018-11-13] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [176920 2019-03-13] (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2019-03-07] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [266080 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [352808 2018-04-12] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 ApkbfiltrService; C:\WINDOWS\System32\drivers\Apkbfiltr.sys [31016 2015-07-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTKVHD64.sys [6314848 2018-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R3 JmUsbCcgp; C:\WINDOWS\system32\DRIVERS\jmccgp.sys [17136 2009-07-28] (JMicron Technology Corp. -> JMicron Technology Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 necbatt; C:\WINDOWS\System32\drivers\necbatt.sys [34880 2018-05-09] (NEC Personal Computers, Ltd. -> NEC Personal Computers, Ltd.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2372072 2019-03-07] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1138136 2019-02-20] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3236320 2017-11-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [48992 2019-01-23] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 stdriver; C:\WINDOWS\system32\DRIVERS\stdriverx64.sys [54664 2019-05-11] (NCH Software Pty Ltd -> )
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [61480 2018-04-12] (Synaptics Incorporated -> Synaptics Incorporated)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-25] (Microsoft Windows -> Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-02] (Zemana Ltd. -> Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-01 16:41 - 2019-08-01 16:44 - 000029023 _____ C:\Users\ronny\Desktop\FRST.txt
2019-08-01 16:40 - 2019-08-01 16:40 - 002096128 _____ (Farbar) C:\Users\ronny\Desktop\FRST64.exe
2019-08-01 16:36 - 2019-08-01 16:36 - 000002329 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-08-01 16:35 - 2019-08-01 16:35 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup(2).exe
2019-08-01 16:33 - 2019-08-01 16:33 - 005766144 _____ (Tweaking.com) C:\Users\ronny\Desktop\tweaking.com_registry_backup_setup(1).exe
2019-08-01 15:34 - 2019-08-01 15:34 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-01 15:34 - 2019-08-01 15:34 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-01 15:34 - 2019-08-01 15:34 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-01 15:33 - 2019-08-01 15:33 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-01 15:32 - 2019-08-01 16:44 - 000064318 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2019-08-01 15:30 - 2019-08-01 15:30 - 000001366 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2019-08-01 15:30 - 2019-08-01 15:30 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundTap Streaming Audio Recorder.lnk
2019-08-01 15:30 - 2019-08-01 15:30 - 000001238 _____ C:\Users\Public\Desktop\SoundTap Streaming Audio Recorder.lnk
2019-08-01 15:30 - 2019-08-01 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2019-08-01 15:29 - 2019-08-01 15:29 - 000813120 _____ (NCH Software) C:\Users\ronny\Desktop\stsetup.exe
2019-08-01 01:37 - 2019-08-01 01:37 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-07-31 02:04 - 2019-07-31 02:04 - 004936704 _____ C:\Users\ronny\Documents\dwyco-backup-diff-f26998543478a9551774.sql
2019-07-29 22:49 - 2019-07-29 22:49 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-29 22:49 - 2019-07-29 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-29 22:48 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-07-29 22:42 - 2019-07-29 22:42 - 064760528 _____ (Malwarebytes ) C:\Users\ronny\Desktop\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11764.exe
2019-07-28 01:04 - 2019-07-28 01:04 - 004919296 _____ C:\Users\ronny\Documents\dwyco-backup-diff-f26998543478a9551774.old.sql
2019-07-25 10:22 - 2019-07-25 10:21 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-07-25 02:51 - 2019-07-25 02:51 - 007988488 _____ C:\Users\ronny\Desktop\alien masks.mp4
2019-07-21 19:32 - 2019-07-29 22:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-07-19 03:06 - 2019-07-21 19:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-07-19 03:03 - 2019-07-26 10:08 - 000215431 _____ C:\Users\ronny\Desktop\lame_enc_x64_3.98_VC9SP1.zip
2019-07-19 02:57 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\Desktop\streamosaur.1.0.0.1
2019-07-19 01:15 - 2019-07-21 11:38 - 000000000 ____D C:\ProgramData\MAGIX
2019-07-19 01:15 - 2019-07-19 01:15 - 000000000 ____D C:\Program Files\SOUND FORGE
2019-07-19 01:12 - 2019-07-19 01:13 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Sony
2019-07-19 01:10 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\AppData\Roaming\MAGIX
2019-07-17 00:49 - 2019-07-17 00:49 - 004164575 _____ C:\Users\ronny\Desktop\Everybody Hurts.m4a
2019-07-17 00:23 - 2019-07-17 00:23 - 000000000 ____D C:\Users\ronny\AppData\Local\Meltytech
2019-07-16 14:01 - 2019-07-16 14:01 - 000000000 ____D C:\Users\ronny\AppData\Local\Wondershare
2019-07-16 13:57 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\Documents\Wondershare Filmora 9
2019-07-16 13:44 - 2019-07-21 11:38 - 000000000 ____D C:\Program Files\Shotcut
2019-07-16 00:42 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Apowersoft
2019-07-16 00:42 - 2019-07-16 00:42 - 000000000 ____D C:\Users\ronny\AppData\Local\Apowersoft
2019-07-16 00:17 - 2019-07-21 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 My MP3 4.2
2019-07-16 00:17 - 2019-07-21 11:38 - 000000000 ____D C:\Program Files (x86)\MP3 My MP3 4.2
2019-07-15 23:33 - 2019-07-19 02:58 - 006242348 _____ C:\Song001.wav
2019-07-15 23:30 - 2019-07-21 11:38 - 000000000 ____D C:\Users\ronny\Desktop\stream
2019-07-15 23:28 - 2019-07-15 23:28 - 000020999 _____ C:\Users\ronny\Desktop\streamosaur.1.0.0.1.zip
2019-07-14 23:14 - 2019-07-14 23:14 - 000000000 ____D C:\Users\ronny\Documents\iZotope
2019-07-14 23:01 - 2019-07-14 23:01 - 000787160 _____ (NCH Software) C:\Users\ronny\Desktop\soundtap-4-01-2017-09-28.exe
2019-07-14 22:50 - 2019-07-14 22:50 - 000813120 _____ (NCH Software) C:\Users\ronny\Downloads\stsetup.exe
2019-07-14 19:04 - 2019-07-14 19:04 - 000000000 ____D C:\Users\Public\Documents\Logishrd
2019-07-13 06:23 - 2019-07-14 22:29 - 000000000 ____D C:\WINDOWS\Minidump
2019-07-10 17:56 - 2019-07-10 17:56 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2563344569-153408547-261685501-1001
2019-07-10 17:55 - 2019-07-10 17:55 - 000002370 _____ C:\Users\ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-09 17:28 - 2019-07-09 17:28 - 007727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 005115384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 002469432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 002323688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 001266192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-09 17:28 - 2019-07-09 17:28 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000798736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-07-09 17:28 - 2019-07-09 17:28 - 000747568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000743216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000687896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000673520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2019-07-09 17:28 - 2019-07-09 17:28 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-07-09 17:28 - 2019-07-09 17:28 - 000092592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-09 17:27 - 2019-07-09 17:27 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 023454208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 019012096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 012938752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 012243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 008900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 007876096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 006545304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 005587976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 004880896 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 003738624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002714624 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002278784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-07-09 17:27 - 2019-07-09 17:27 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-07-09 17:27 - 2019-07-09 17:27 - 002013696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001465464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001427592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001159168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000964608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000828728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000804744 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000660032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-07-09 17:27 - 2019-07-09 17:27 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2019-07-09 17:27 - 2019-07-09 17:27 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
2019-07-09 17:27 - 2019-07-09 17:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-07-09 17:27 - 2019-07-09 17:27 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 022115472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 009683472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 006925312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 006308232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005566464 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005561312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005528064 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 005297664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 004351448 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003818416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 003636224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 003630592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003427328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 003081728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002982400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002871816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 002778760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002701000 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002693120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002626872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002073472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 002050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001966904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001837136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001794048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001721352 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001702088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-09 17:26 - 2019-07-09 17:26 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001477648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001472808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001345168 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-09 17:26 - 2019-07-09 17:26 - 001321784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001259520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001199616 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001162320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001125416 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001075712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001038336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000998928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000810504 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000807480 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000771584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000730936 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000652528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000637968 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000553992 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-07-09 17:26 - 2019-07-09 17:26 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000514136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000464912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000439096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000431416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000423480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-07-09 17:26 - 2019-07-09 17:26 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000397688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000351432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000333128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.shareexperience.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000279920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000219448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-09 17:26 - 2019-07-09 17:26 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000157024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000149232 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000137864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000121896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-09 17:26 - 2019-07-09 17:26 - 000071696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-09 17:26 - 2019-07-09 17:26 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 007687784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 003335216 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002766136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002593336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 002085376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001662480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 001208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 001052984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 001043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2019-07-09 17:25 - 2019-07-09 17:25 - 000987736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000895552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000871784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000865272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000850992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000799776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000770096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000768224 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000731104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000680176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000511504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000506408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000482104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2019-07-09 17:25 - 2019-07-09 17:25 - 000415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000310288 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000298296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000294000 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000241944 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2019-07-09 17:25 - 2019-07-09 17:25 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000197832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2019-07-09 17:25 - 2019-07-09 17:25 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000141216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000117720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-07-09 17:25 - 2019-07-09 17:25 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2019-07-09 17:25 - 2019-07-09 17:25 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2019-07-09 17:25 - 2019-07-09 17:25 - 000036360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-07-09 17:25 - 2019-07-09 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-01 16:44 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-01 16:41 - 2019-04-14 09:32 - 000000000 ____D C:\FRST
2019-08-01 16:36 - 2019-03-11 22:33 - 000066852 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-08-01 16:34 - 2019-03-20 12:30 - 000000000 ____D C:\Users\ronny\AppData\Roaming\MediaPlayer10
2019-08-01 15:38 - 2019-05-05 03:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2019-08-01 15:35 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-01 15:35 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-01 15:34 - 2019-02-02 14:06 - 000000000 __SHD C:\Users\ronny\IntelGraphicsProfiles
2019-08-01 15:33 - 2019-05-05 03:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-01 15:32 - 2019-02-02 12:50 - 000000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2019-08-01 15:32 - 2018-09-15 01:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-01 15:30 - 2019-02-07 10:56 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-08-01 07:15 - 2019-05-05 03:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-01 01:07 - 2019-02-18 23:54 - 000000000 ____D C:\Users\ronny\AppData\Roaming\audacity
2019-07-31 01:57 - 2019-04-18 11:33 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2019-07-31 01:57 - 2019-02-03 22:17 - 000000000 ____D C:\Users\Public\Logi
2019-07-29 22:52 - 2019-05-05 03:19 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-29 22:52 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
2019-07-29 22:31 - 2019-02-02 13:09 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-29 22:26 - 2019-02-18 10:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-25 20:52 - 2018-04-17 14:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-25 10:22 - 2019-03-18 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-07-25 10:22 - 2019-03-18 17:54 - 000000000 ____D C:\Program Files (x86)\Java
2019-07-24 23:09 - 2019-02-18 10:16 - 000000000 ____D C:\Users\ronny\AppData\LocalLow\Mozilla
2019-07-24 22:39 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-07-21 18:07 - 2019-05-05 03:08 - 000000000 ____D C:\Users\ronny
2019-07-21 11:38 - 2019-04-10 17:56 - 000000000 ____D C:\Users\ronny\AppData\Local\LenovoServiceBridge
2019-07-21 11:38 - 2019-03-23 15:52 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-21 11:38 - 2019-02-07 10:57 - 000000000 ____D C:\ProgramData\NCH Software
2019-07-21 11:38 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\appcompat
2019-07-21 11:38 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-07-21 11:08 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-21 11:08 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\registration
2019-07-21 11:07 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-21 04:18 - 2019-02-03 22:01 - 000000000 ____D C:\Users\ronny\AppData\Local\PlaceholderTileLogoFolder
2019-07-19 00:03 - 2019-03-24 16:47 - 000000000 ____D C:\Users\ronny\Documents\Sound recordings
2019-07-15 22:04 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-07-14 23:11 - 2019-02-07 10:56 - 000000000 ____D C:\Users\ronny\AppData\Roaming\NCH Software
2019-07-14 19:04 - 2019-02-01 23:25 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
2019-07-14 19:04 - 2019-02-01 23:22 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logitech
2019-07-14 19:02 - 2019-02-02 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-07-14 19:02 - 2019-02-02 12:33 - 000000000 ____D C:\ProgramData\LogiShrd
2019-07-14 19:02 - 2019-02-01 23:30 - 000000000 ____D C:\Program Files\Logitech
2019-07-14 19:01 - 2019-02-01 23:22 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Logishrd
2019-07-13 06:27 - 2019-06-21 10:13 - 000000000 ____D C:\Users\ronny\AppData\Local\Spotify
2019-07-13 06:27 - 2019-06-21 10:12 - 000000000 ____D C:\Users\ronny\AppData\Roaming\Spotify
2019-07-13 06:23 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-10 17:56 - 2019-02-01 23:15 - 000000000 ___RD C:\Users\ronny\OneDrive
2019-07-10 17:50 - 2019-02-02 14:06 - 000000000 ___RD C:\Users\ronny\3D Objects
2019-07-10 17:50 - 2018-04-17 14:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-10 17:47 - 2019-05-05 03:00 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-10 17:42 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-10 17:42 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-10 01:29 - 2019-05-05 03:34 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-10 00:29 - 2019-05-05 03:34 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-09 17:41 - 2018-09-15 02:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-09 17:39 - 2019-02-01 23:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-09 17:35 - 2019-02-01 23:40 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-09 16:49 - 2019-02-03 00:55 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-07-09 09:16 - 2019-02-02 14:02 - 000000000 ____D C:\Users\ronny\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories ================

2019-02-19 00:02 - 2011-12-26 04:34 - 000475648 _____ () C:\Program Files (x86)\lame.exe
2019-02-19 00:02 - 2011-12-26 04:34 - 000421888 _____ () C:\Program Files (x86)\lame_enc.dll
2019-02-19 00:02 - 2011-12-26 06:29 - 000001483 _____ () C:\Program Files (x86)\LICENSE.txt
2019-05-05 00:43 - 2019-05-05 00:43 - 000000726 _____ () C:\Program Files (x86)\LMIR15055001.tmp.bat
2019-05-05 00:43 - 2019-05-05 00:43 - 000000530 _____ () C:\Program Files (x86)\LMIR15055001.tmp_r.bat
2019-02-19 00:02 - 2019-02-19 00:02 - 000001019 _____ () C:\Program Files (x86)\unins000.dat
2019-02-19 00:02 - 2019-02-19 00:01 - 000715038 _____ () C:\Program Files (x86)\unins000.exe
2019-04-23 10:38 - 2019-04-23 10:38 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.1.txt
2019-02-10 22:19 - 2019-04-13 00:54 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.2.txt
2019-02-10 22:19 - 2019-04-13 00:44 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.3.txt
2019-02-10 22:19 - 2019-02-10 22:20 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.4.txt
2019-04-23 10:51 - 2019-04-23 10:51 - 000001167 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt
2019-02-10 22:19 - 2019-04-23 10:51 - 000000000 _____ () C:\Users\ronny\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2019-05-11 22:08 - 2019-05-11 22:08 - 000016960 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\1eaadjc.dll
2019-05-11 22:06 - 2019-05-11 22:06 - 000218624 ____T (MultiMedia Soft) C:\Users\ronny\AppData\Roaming\Microsoft\AdjMmsVista.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000018724 ____T () C:\Users\ronny\AppData\Roaming\Microsoft\bass.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 001758720 ____T () C:\Users\ronny\AppData\Roaming\Microsoft\engine_vx.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000014392 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\kfgresk.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000014456 ____T () C:\Users\ronny\AppData\Roaming\Microsoft\mjcriu.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000010816 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\peaadje.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000028760 ____T ((: JOBnik! :) [Arthur Aminov, ISRAEL]) C:\Users\ronny\AppData\Roaming\Microsoft\qwadjb.dll
2019-05-11 22:08 - 2019-05-11 22:08 - 000015424 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\rsaadjd.dll
2019-07-19 01:19 - 2019-07-19 01:19 - 000098872 ____T (Un4seen Developments) C:\Users\ronny\AppData\Roaming\Microsoft\~DFK1cc7ad.tmp
2019-05-11 22:09 - 2019-05-11 22:09 - 000003584 _____ () C:\Users\ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-04-14 01:52 - 2019-04-14 02:01 - 000007606 _____ () C:\Users\ronny\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by ronny (01-08-2019 16:45:59)
Running from C:\Users\ronny\Desktop
Windows 10 Home Version 1809 17763.615 (X64) (2019-05-05 08:36:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2563344569-153408547-261685501-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2563344569-153408547-261685501-503 - Limited - Disabled)
Guest (S-1-5-21-2563344569-153408547-261685501-501 - Limited - Disabled)
ronny (S-1-5-21-2563344569-153408547-261685501-1001 - Administrator - Enabled) => C:\Users\ronny
WDAGUtilityAccount (S-1-5-21-2563344569-153408547-261685501-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Android Studio (HKLM\...\Android Studio) (Version: 3.3 - Google LLC)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Chart Installer (HKLM-x32\...\Chart Installer 1.0.0.116) (Version: 1.0.0.116 - Navionics)
Dolby Audio X2 Windows API SDK (HKLM\...\{F994125B-7BF5-4A38-A569-82833CEB24DC}) (Version: 0.8.4.83 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.)
Dwyco CDC-X version 2.19 (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
Dwyco CDC-X version 2.19 (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Dwyco CDC-X_is1) (Version: 2.19 - Dwyco, Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Karaoke Builder Player 5.0 (HKLM-x32\...\{A9DDC2FC-2028-47E9-847C-0CFA77181C83}_is1) (Version: 5.0.0.525 - Gisburne Media)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Service Bridge (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Logitech Options (HKLM\...\LogiOptions) (Version: 7.12.43 - Logitech)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.123 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Media Player 10 (HKLM-x32\...\Media Player 10) (Version: 10.0.0 - CodeTechno)
Microsoft OneDrive (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 5.36 - NCH Software)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Firefox 67.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 67.0.1 (x64 en-US)) (Version: 67.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 67.0.1.7088 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.2.7.1000 - Maxthon International Limited)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 8.01 - NCH Software)
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 6.03 - NCH Software)
Spotify (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Spotify) (Version: 1.1.10.540.gfcf0430f - Spotify AB)
Spotify (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Spotify) (Version: 1.1.10.540.gfcf0430f - Spotify AB)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 7.07 - NCH Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Vivaldi (HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\Vivaldi) (Version: 2.4.1488.35 - Vivaldi Technologies AS.)
Vivaldi (HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\Vivaldi) (Version: 2.4.1488.35 - Vivaldi Technologies AS.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 9.01 - NCH Software)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22589 - Microsoft Corporation)

Packages:
=========
9Zen Universal Locker -> C:\Program Files\WindowsApps\28852InspizenInc.9ZenUniversalLocker_2.6.6.0_x64__g9gz2pvpgk7nj [2019-07-21] (Inspizen Inc) [MS Ad]
ACG Player -> C:\Program Files\WindowsApps\41038AXILESOFT.ACGMEDIAPLAYER_1.15.17502.0_x64__wxjjre7dryqb6 [2019-07-21] (Axilesoft) [MS Ad]
AdBlock -> C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-07-21] (BetaFish)
Amazon Assistant -> C:\Program Files\WindowsApps\Amazon.com.AmazonAssistant_10.1806.9.0_neutral__343d40qqvtj1t [2019-07-21] (Amazon.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220 [2019-07-21] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-07-21] (Fitbit)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.2.0.0_x64__8j3eq9eme6ctt [2019-07-21] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa [2019-07-24] (Apple Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-07-21] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.54.0_x64__5grkq8ppsgwt4 [2019-08-01] (LENOVO INC)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-07-21] (LinkedIn)
Mahjong Epic -> C:\Program Files\WindowsApps\KristanixStudiosAS.MahjongEpic_1.1.5.0_x64__nafbvgh473e28 [2019-07-21] (Kristanix Studios AS)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation) [MS Ad]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.11727.20244.0_x86__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation)
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_2.2.9.0_x64__nfy108tqq3p12 [2019-07-21] (Thumbmunkeys Ltd) [MS Ad]
PicsArt - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PicsArt-PhotoStudio_8.6.1.0_x86__crhqpqs3x1ygc [2019-07-21] (PicsArt Inc.) [MS Ad]
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-07-21] (Adobe Systems Incorporated)
Screen Recorder Lite -> C:\Program Files\WindowsApps\YellowElephantProductions.ScreenRecorderLite_1.48.143.0_x64__p3e1zgp7z7szg [2019-07-21] (Yellow Elephant Productions)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2563344569-153408547-261685501-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\ronny\AppData\Local\Vivaldi\Application\2.4.1488.35\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\ronny\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nch.com.au/es/index.htm

==================== Loaded Modules (Whitelisted) ==============

2018-08-29 14:57 - 2018-08-29 14:57 - 000144896 _____ () [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\libssh2.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000077824 _____ () [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\zlib.dll
2019-03-16 20:41 - 2018-08-12 20:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000355840 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\LIBCURL.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\LIBEAY32.dll
2018-08-29 14:57 - 2018-08-29 14:57 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Common Files\Logishrd\LAClient\SSLEAY32.dll
2019-05-25 13:57 - 2019-05-08 11:01 - 001011712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Chart Installer\platforms\qwindows.dll
2019-05-25 13:57 - 2019-05-08 11:01 - 004628480 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Chart Installer\Qt5Core.dll
2019-05-25 13:57 - 2019-05-08 11:01 - 005014016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Chart Installer\Qt5Gui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 18:38 - 2018-04-11 18:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-2563344569-153408547-261685501-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20180626_061637.jpg
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\Control Panel\Desktop\\Wallpaper -> C:\Users\ronny\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20180626_061637.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\StartupFolder: => "Free Sound Recorder Update.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2563344569-153408547-261685501-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\StartupFolder: => "Free Sound Recorder Update.lnk"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2563344569-153408547-261685501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08012019153359319\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{13BE66C3-79AA-4CF4-956A-30FB80D67A8A}C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe] => (Allow) C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe (CodeTechno) [File not signed]
FirewallRules: [TCP Query User{4F6385FE-AB6B-4221-B07A-2E0CC6D39AC4}C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe] => (Allow) C:\program files (x86)\codetechno\mediaplayer10\mediaplayer10.exe (CodeTechno) [File not signed]
FirewallRules: [{F9BD5922-EC6C-4830-945F-9BD9F8CF2816}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{91042DF4-8691-4161-AD71-F57432CB3C5F}] => (Allow) C:\Users\ronny\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{1D76E7C0-3191-4169-A1A0-7A5D431D3796}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{1E66B6DA-FEBF-436F-93BC-EE15608D34C2}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{5E13B8BB-86C2-4FEE-AC00-0746EE2A6CCE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D109E7B9-2199-4AEC-A7C4-9A549326E1DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{689283AB-5F2B-4CD5-AC28-0C4DBF972BC8}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [{821AFEB3-FA53-4151-A52E-A5154C0CBEC4}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe (Maxthon Technology Co, Ltd. -> Maxthon International ltd.)
FirewallRules: [TCP Query User{DE83D8F0-4DC3-4615-BC7C-E1552D8B6BA3}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{DFCB5FB7-1383-4289-964C-AB0E575FE84C}C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\onedrive\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [TCP Query User{5A17486F-38A5-4F75-A52C-D1418AC7BA32}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [UDP Query User{9AE87BEB-DDC6-42FF-AE2A-CA4C15DBA486}C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe] => (Allow) C:\users\ronny\documents\dwyco\cdc-x\cdcx.exe (Dwyco, Inc. -> )
FirewallRules: [{75E5CCD8-E30F-4E98-A71E-48F24F33F450}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [{B6244532-8F31-485E-97AD-6131BC46AF7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File
FirewallRules: [TCP Query User{1FD26D82-C054-4E18-A2EC-E6272C4408AA}C:\users\ronny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronny\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{D482860D-E70E-4C7B-808F-C546667CD8A6}C:\users\ronny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronny\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D5CC986A-F167-40AC-924F-8778D9D055AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.11727.20244.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B4855CFE-3A74-48C1-A139-A6E26176CFFD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{68A0B5E2-8462-48F8-9D94-7A44FE94AB7E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7819E8A0-EBA8-4F1A-A0E1-9B6E950D94F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FCA110B2-06A5-4E41-9D3B-D1CD96E5492E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F008B2F1-45FB-400F-8CA9-9A351C603CFD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8691CB26-878A-4FFF-8D4D-66CB8F7A7E44}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{69AFD8A9-F109-4BE6-9AAB-243511A5EBD3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5A2822C5-8D0B-4B5B-92CE-75BF76867B91}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12096.3.41072.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

24-07-2019 22:38:02 Windows Update
31-07-2019 23:36:23 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Remote NDIS based Internet Sharing Device #2
Description: Remote NDIS based Internet Sharing Device
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: usbrndis6
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2019 03:40:57 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-7SS3QTOI)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (08/01/2019 03:40:57 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (08/01/2019 03:34:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CropAssistService.exe, version: 1.0.419.0, time stamp: 0x5b2802f8
Faulting module name: igdrclneo32.dll, version: 0.0.0.0, time stamp: 0x5a96b06e
Exception code: 0xc0000005
Fault offset: 0x00165e86
Faulting process id: 0x17a8
Faulting application start time: 0x01d548a885104187
Faulting application path: C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igdrclneo32.dll
Report Id: 6a9529a7-85dc-44b0-8af3-ea00eb29bf16
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2019 03:34:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CropAssistService.exe, version: 1.0.419.0, time stamp: 0x5b2802f8
Faulting module name: igdrclneo32.dll, version: 0.0.0.0, time stamp: 0x5a96b06e
Exception code: 0xc0000005
Fault offset: 0x00165e86
Faulting process id: 0x1a7c
Faulting application start time: 0x01d548a880247084
Faulting application path: C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igdrclneo32.dll
Report Id: 5abb3779-1ea4-4aa6-93a1-876c073f34a3
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2019 03:34:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CropAssistService.exe, version: 1.0.419.0, time stamp: 0x5b2802f8
Faulting module name: igdrclneo32.dll, version: 0.0.0.0, time stamp: 0x5a96b06e
Exception code: 0xc0000005
Fault offset: 0x00165e86
Faulting process id: 0x174c
Faulting application start time: 0x01d548a86bdc23f0
Faulting application path: C:\Program Files\Logitech\Collaboration\Services\Video\cropAssistAPI\CropAssistService.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igdrclneo32.dll
Report Id: e8bd1685-3afe-4cef-93df-84d6a2e44a24
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2019 03:33:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17763.557, time stamp: 0xb92cafe4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xc38
Faulting application start time: 0x01d548a85dca7f38
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: unknown
Report Id: 6362c5f3-ecd8-470a-a768-247ef9d9ca95
Faulting package full name:
Faulting package-relative application ID:

Error: (08/01/2019 03:00:48 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: LAPTOP-7SS3QTOI)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (08/01/2019 03:00:47 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (08/01/2019 03:37:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/01/2019 03:37:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/01/2019 03:37:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/01/2019 03:34:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/01/2019 03:34:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/01/2019 03:34:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.

Error: (08/01/2019 03:00:35 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-7SS3QTOI)
Description: The server {0134A8B2-3407-4B45-AD25-E9F7C92A80BC} did not register with DCOM within the required timeout.

Error: (08/01/2019 02:55:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9PCMMNB260TX-E0469640.LenovoUtility.


Windows Defender:
===================================
Date: 2019-07-30 01:29:21.349
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {FFDF6145-0E43-4E73-975B-792B136F4E41}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-30 01:00:09.286
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {39A79B88-F2FE-4A48-A6CD-A4B951EDA030}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-20 23:25:13.204
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D0F07BE2-46E9-4FA6-BF79-CE35D35851A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-19 10:50:51.005
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6D6A7651-7D11-4B16-A6C5-D8E7537F1384}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-19 10:33:58.207
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {377A612B-C59F-48B9-B342-824BC98AD767}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-21 11:53:59.476
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.174.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-07-21 11:43:36.789
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

Date: 2019-07-20 23:25:09.137
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.107.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-07-15 10:06:38.073
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.297.1097.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16100.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-07-13 22:35:27.198
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.297.997.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16100.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-06-02 10:50:25.004
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-02 10:45:24.999
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-02 10:40:25.145
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-02 10:35:25.030
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-02 10:30:24.996
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-02 10:26:25.708
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-02 10:25:25.003
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-02 10:20:30.036
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\rlls64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 8TCN51WW 12/08/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 86%
Total physical RAM: 4005.22 MB
Available physical RAM: 522.39 MB
Total Virtual: 6437.22 MB
Available Virtual: 1117.38 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:720.52 GB) NTFS
Drive d: (AT&T Velocity) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:465.76 GB) (Free:442.75 GB) NTFS

\\?\Volume{eae77724-da1d-47c7-8a1a-90516e452771}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{58b722d2-9514-4e02-a23f-e06dd61b5c39}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 346005D8)

Partition: GPT.

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 4E80EAC4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Juliet
2019-08-02, 04:15
few weeks ago i got ran over bt a supposed microsoft page who demanded i give access to my pc and pay them an amout to fix my pc...they alleged i was infecting the internet. i later contacted microsoft who said it was not them. i'm just needing to check and make sure everything is ok. thanks so much!
Don't fall for that. Did you allow them to remote into to your computer or did you get out?

Make it a point to change passwords for all delicate web sites (banking or other financial transactions) from a known clean computer. This is a good security measure to follow when someone may have had access to your computer.

~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



~~~~~~~~~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply


created by Aura
~~~~~~~~~~~~~~~~~~~`

you're already running Malwarebytes 3 then open Malwarebytes and check for updates.
Then click on the Scan tab and select Threat Scan and click on Start Scan button.

Then click on the Scan tab and select Threat Scan and click on Start Scan button.

If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the Reports tab.
Double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

~~~~~~~~~~~~~~

Post these 3 logs when finished.

rcb56
2019-08-02, 08:23
no juliet i did not. i pulled up task mgr and killed my browser. i felt like that was the end of it but, i also felt if something can be so aggressive and take over my browser could it have notleft something. i did a new install of 10 at microsoft's advice and help since i was under warranty. i've just had some recent bizzare stuff go on. today my curser starts just blinking all over my screen, i had no control. i thought it was deleting icons but they were just rearranged

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/1/19
Scan Time: 2:31 AM
Log File: 5abc5cd2-b42e-11e9-96f6-00f48ddc7000.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11802
License: Premium

-System Information-
OS: Windows 10 (Build 17763.615)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 278027
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-07-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-02-2019
# Duration: 00:00:40
# OS: Windows 10 Home
# Scanned: 35810
# Detected: 16


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

AdvancedSystemRepairPro C:\Windows\System32\drivers\asrdmon.sys

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController
Preinstalled.LenovoServiceBridge


AdwCleaner[S00].txt - [2752 octets] - [01/08/2019 23:39:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

RogueKiller Anti-Malware V13.3.2.0 (x64) [Jul 15 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : ronny [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190801_090458, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/01 23:48:38 (Duration : 00:25:00)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.AdvancedSystemRepair (Potentially Malicious)] (file) asrdmon.sys -- (Microsoft Windows) C:\Windows\System32\drivers\asrdmon.sys -> Found
[PUP.AdvancedSystemRepair (Potentially Malicious)] (file) asrdmon.sys.1 -- (Microsoft Windows) C:\Windows\System32\drivers\asrdmon.sys.1 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


RogueKiller Anti-Malware V13.3.2.0 (x64) [Jul 15 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : ronny [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190801_090458, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/01 23:48:38 (Duration : 00:25:00)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.AdvancedSystemRepair (Potentially Malicious)] (file) asrdmon.sys -- (Microsoft Windows) C:\Windows\System32\drivers\asrdmon.sys -> Found
[PUP.AdvancedSystemRepair (Potentially Malicious)] (file) asrdmon.sys.1 -- (Microsoft Windows) C:\Windows\System32\drivers\asrdmon.sys.1 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Juliet
2019-08-02, 12:54
i did a new install of 10 at microsoft's advice and help since i was under warranty.

That was good.

Let's try this for your mouse.

could be related to the hardware acceleration of your PC, to avoid the issue please turn off the hardware acceleration.

Choose Start > Control Panel.
Double-click Display.
Click the Settings tab.
Click Advanced.
Click the Troubleshoot tab.
Move the Hardware Acceleration slider to None.
Click Apply and then click OK to accept the new setting and close the dialog box.

~~~~
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;

rcb56
2019-08-03, 09:06
it doesn't show that in my control panel.

Emsisoft Emergency Kit - Version 2019.6
Last update: 8/3/2019 12:52:21 AM
User account: LAPTOP-7SS3QTOI\ronny
Computer name: LAPTOP-7SS3QTOI
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 8/3/2019 12:52:51 AM

Scanned 81453
Found 0

Scan end: 8/3/2019 1:05:11 AM
Scan time: 0:12:20

Juliet
2019-08-03, 14:51
it doesn't show that in my control panel.
Did it show anything related to turning it off?

Doing a re-install might have thrown your computer back to original drivers that at this time might need to be updated, just a guess but with the flickering it sounds like graphics is an issue here.


update device drivers on Windows 10
https://www.windowscentral.com/how-properly-update-device-drivers-windows-10
read over the above link for tips on how to look and check for updates for these drivers.

rcb56
2019-08-04, 04:43
juliet from what i'm seeing at microsoft and anywhere else credible is that opening the hardware acceleration in windows 10 now is unpossible. the route you gave me didn't show the same, one suggested at microsoft to right click on desktop and select personalization but the next key in the address on my pc wasn't the same. i searched my pc for it and it only gave web results which i'd follow but about the second click in the address went to something different and not what theirs had. theirs would allow them to open a troubleshooter mine wont. best i could do was open device mgr and display adapters and update driver which i did but i think it still has not started.

rcb56
2019-08-04, 05:00
in device mgr i select display adaptors and it shows intel(r) uhd graphics 620. i select properties and under the events tab it shows this under the most recent date and time so i guess that is running right?

Driver Management concluded the process to install driver iigd_dch.inf_amd64_c59c7d36072c06c5 for Device Instance ID PCI\VEN_8086&DEV_5917&SUBSYS_396517AA&REV_07\3&11583659&1&10 with the following status: 0x0.

rcb56
2019-08-04, 06:47
ok microsoft pointed me to intel's site to d'load their driver device which i did and it scanned for any drivers out of date. the one for the display adapter, so do i need to instal it by doing it in device mgr? or did it intall itself?

Juliet
2019-08-05, 00:48
ok microsoft pointed me to intel's site to d'load their driver device which i did and it scanned for any drivers out of date. the one for the display adapter, so do i need to instal it by doing it in device mgr? or did it intall itself?

if it says you have drivers out of date (intel's site), would be best to download and install to see if it makes a difference.
It's best to go through Intel then Microsoft.

rcb56
2019-08-05, 21:37
Ok, i agree but can you help me out a sec...i d'loaded intel's driver tool which says my graphics card needs new drivers. do you know if these tools install new drivers if needed or do i d'load the driver myself? everything is a lot better now.

rcb56
2019-08-06, 00:34
ok i've got it, sorry juliet but drivers have always confused me. some install and some don't. mine are intel drivers that lenovo customized and the d'load from lenovo keeps failing so i'll see them about that.

Juliet
2019-08-06, 12:44
I tend to send people here for issues like this
https://forums.whatthetech.com/index.php?showforum=126

rcb56
2019-08-07, 08:25
ok i understand and i was there before and the guy wanted me to install windows 10 without ever saying why, i could tell it was above me to do that i knew nothing about alloting space and all. the main thing tho was it hit right in thew middle of me moving. i didn't want to attempt anything major like that going on. i excused myself from the thread, but about 2 days later something pointed me to microsoft. i thought i need to go anyway and check on the browser hijack thing. that's when the tech suggested a link he shared and it did all that was needed to reinstall win10. since it had worked fine until this cursor went nuts. well i don't know why but it's running fine now. if you are finished with me then i'll let someone else have this chair. is there a cleaner i can remove that stuff with or can i just uninstall? thanks juliet

Juliet
2019-08-07, 12:42
well i don't know why but it's running fine now. if you are finished with me then i'll let someone else have this chair. is there a cleaner i can remove that stuff with or can i just uninstall? thanks juliet
Sometimes we ain't ever gonna know why things do what they do but, we except it quickly and say hallelujah, thats over.

tools and quarantine folders?


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

***********

rcb56
2019-08-12, 21:17
ok, thanks juliet. sorry i was in Ft. Worth all weekend visiting grandsons. one more thing...a file on my desktop named bin64 is a leftover from the emisoft. it wont delete. it says cannot be deleted because it is in use by another program. how can i get rid of it?

Juliet
2019-08-13, 02:39
file on my desktop named bin64
Look for and if found delete C:\EEK
Then try to delete it again.

rcb56
2019-08-19, 19:56
ok, juliet is there nothing else to try here? last night this thing started crashing everything, open task manager, i click on it in the menu that pulls up and it takes like a minute...really, to open. in it it will show microsoft edge open in like 6 or 7 windows yet it's not open. any browser i open is very erratic, very slow. if i have 3 window or tabs open, just to switch tabs and it either crashes or takes forever. is there nothing else? maybe i missed something? something is wrong. microsoft called me yesterday telling me the fee i paid...i didn't...they could no longer help with my pc as it was infected and i was getting a refund for payment made but i didn't make one. not sure if that was legit or bs.

Juliet
2019-08-20, 00:17
Let's try this

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.


also, since things seem to be mixed up, try the below

https://support.microsoft.com/en-us/help/4026529/windows-10-using-system-file-checker

DISM.exe and sfc /scannow

rcb56
2019-08-20, 04:51
ok juliet and thanks, mbar scanning now and itself is acting screwy, it said done then showed running. everything i click spins and says not responding, anything at all is forever.

rcb56
2019-08-20, 08:20
ok juliet the mbar finished and stated there was no malware and cleanup not needed. at the other link i ran it as said through command prompt. as it finished i was reading what it said what was found and i noticed the address in windows but command prompt just closed! poof! it was gone. i tried to and found the address of the log i'm posting but you'll have to tell me what it says. it seems to be running smoother and faster...thanks well in posting it i'm prompted the entity is too large

Juliet
2019-08-20, 13:52
A computer that stops responding or freezes can be caused by many different problems. For example, a software or hardware conflict, lack of system resources, a bug, or a software or driver error can cause Windows to stop responding.

Driver Corruption or Errors. Similar to overheating, hardware failure can cause a system freeze. Drivers are pieces of software that allow hardware devices to communicate with other hardware devices and the operating system.

Let's try
Disabling your antivirus, try booting into safe mode (with networking) and follow instructions for DISM.exe and sfc /scannow

If we can't get anything to work, options are running out.

rcb56
2019-08-20, 22:01
ok juliet first let me add i've noticed this since this started and it just happened again as i did a search in edge. the search redirected to goparadiskus and malwarebytes stopped page from loading. i was searching for an app in the microsoft store, this happened a few times the last few days. i'm reading this is a virus and thought you should know. also my f8 doesnt do safe mode and i don't know the other way. thanks.

Juliet
2019-08-20, 23:08
Let's do this and see if it helps.

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.


Clear your web browser's cache, cookies and history.

Microsoft Edge
http://www.thewindowsclub.com/delete-browsing-history-cookies-data-edge

Internet Explorer
https://kb.wisc.edu/page.php?id=15141

Mozilla Firefox
https://kb.wisc.edu/helpdesk/page.php?id=17504

Google Chrome
https://support.google.com/accounts/answer/32050?hl=en
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`



Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)

~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Reset browsers back to default

Internet Explorer
https://support.microsoft.com/en-us/help/17441/windows-internet-explorer-change-reset-settings

Microsoft Edge
https://www.howtogeek.com/237527/how-to-reset-microsoft-edge-in-windows-10/

Firefox
Click on Help / Troubleshooting Information then click on the Refresh Firefox button.

Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.
https://support.google.com/chrome/answer/3296214?hl=en

See if this helps when needing to boot into safe mode.
https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode

rcb56
2019-08-22, 07:38
arrrghhhhh! juliet i'm trying...my problem now is when it goes to login under safe mode it asks for my password. i've had it set to login with my pin and don't remember the pw. i've got a question in at microsoft on how to. i need to change the windows pw not microsoft. i'm sorry...

Juliet
2019-08-22, 14:05
You dont need safe mode to reset all of your browsers back to defaults.
Instructions were given for later use if needed.

Also, I think you need to Harden/secure your web browser.


uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)

If later you don't like the extensions you can remove them.

rcb56
2019-08-22, 21:28
ok done that...it is running smoother today. yesterday not so. so the safe mode isn't a worry?

Juliet
2019-08-23, 02:30
so the safe mode isn't a worry?
yes and no

There will or could be a couple of times when its necessary to boot into safe mode.
Keep those instructions I posted in the event it should come up.

rcb56
2019-08-23, 19:01
ok i will, very frustrating when microsoft decides to kill F8 or move system restore. i think those people are the same one's when cleaning house they put tee shirts in the kitchen cabinet and put cookies :oreo: :clown: in the sock drawer! i think i may just have Lenovo do a restore on here with it still under warranty, then start new with the add ons here and all...thanks again, it is running so much better.

Juliet
2019-08-23, 23:08
LOL
Your a hoot now!

I can't explain how or why Microsoft does things the way they do, sometimes don't think plans are well thought out but, ..


i think i may just have Lenovo do a restore on here with it still under warranty, then start new with the add ons here and all...thanks again, it is running so much better.
Glad it's running better.

rcb56
2019-08-28, 04:07
well dog gone it! i don't know what has happened to my browsers. both edge and firefox are nuts. both lag unreal. if i click in a box to type it doesn't show until i'm through typing. like to post on facebook it might show one post then the rest of it is just blank. to scroll is the same way. that circle just spins away. everything is in not responding mode, even task mgr. last night i tried a fresh windows 10 instal and it failed. no given reason. i tried that from settings/update-security/recovery.

rcb56
2019-08-28, 04:09
also i just noticed these and i retried and again failed

2019-08 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 (KB4512192) - Error 0x80004002

Microsoft .NET Framework 4.8 for Windows 10 Version 1809 for x64 (KB4486153) - Error 0x80004002

Juliet
2019-08-28, 14:22
also i just noticed these and i retried and again failed

2019-08 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 (KB4512192) - Error 0x80004002
Microsoft .NET Framework 4.8 for Windows 10 Version 1809 for x64 (KB4486153) - Error 0x80004002
In my mind this is all related to Microsoft trying to do windows updates.
The above refers to computer language pack, why it's throwing out errors....I don't know.

Let's try a couple of things relate to Microsoft updates:

Troubleshoot Windows Update Problems in Windows 10 Using These Five Tips
https://windows10.help/blogs/entry/23-troubleshoot-windows-update-problems-in-windows-10-using-these-five-tips/

https://www.laptopmag.com/articles/update-windows-10
How to Manually Update Windows 10

Error Code 0x80004002 when trying to update
https://answers.microsoft.com/en-us/windows/forum/all/error-code-0x80004002-when-trying-to-update/3a1a9c33-e52f-4c24-b8ab-964a024d0d3a

.NET Framework 4.8 Language Pack can be downloaded from here
https://support.microsoft.com/en-us/help/4087642/microsoft-net-framework-4-8-language-pack-on-windows-10-version-1809-w

rcb56
2019-09-04, 06:59
well i still get the error on updates and it says it will try again. i guess i'll be trying the mauel d'load offered and see how it does. my main concern is one is a windows security update. other than that it all seems again to be running fine. sorry to be slow but been moving again here.

Juliet
2019-09-04, 12:25
So many things could be responsible for this, might already have the update....don't know.
Lets give it a bit and see if it can work itself out, miracles happen sometimes...

rcb56
2019-09-07, 09:34
i agree. i'll keep an eye on things and let you know. seems now, again...it's running good as it has. i guess if it ain't broke don't fix it! :confused::shrug::thanks::thanks::thanks:

Juliet
2019-09-07, 15:35
I think it's safe to remove tools and quarantine folders.


Please download DelFix (https://www.bleepingcomputer.com/download/delfix/) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

**********