gigglepot
2020-02-19, 05:27
Hello, here are the two logfiles you asked for:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-02-2020
Ran by Lillian (administrator) on DESKTOP-MNATPML (HP HP Pavilion Desktop 590-p0xxx) (18-02-2020 20:18:07)
Running from C:\Users\Lillian\Desktop
Loaded Profiles: Lillian (Available Profiles: Lillian)
Platform: Windows 10 Home Version 1809 17763.1039 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\MobiGame\aeg_launcher.exe
() [File not signed] C:\Program Files\MobiGame\MobiGameUpdater.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Gaijin Network LTD -> Gaijin Entertainment) C:\Users\Lillian\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtAudioServ.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Splinterware Software Solutions -> Splinterware Software Solutions) C:\Program Files (x86)\SystemScheduler\WScheduler.exe
(The Weather Network -> Pelmorex Media Inc.) C:\Users\Lillian\AppData\Local\The Weather Network\weathereye.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-12-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [1660760 2017-06-26] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [WScheduler] => C:\Program Files (x86)\SystemScheduler\WScheduler.exe [331168 2018-03-25] (Splinterware Software Solutions -> Splinterware Software Solutions)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [31606672 2020-02-18] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\Lillian\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2361600 2019-11-28] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Notifier] => "C:\Program Files\MobiGame\player\mobinotifier.exe"
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [WeatherEye] => C:\Users\Lillian\AppData\Local\The Weather Network\weathereye.exe [310920 2012-08-30] (The Weather Network -> Pelmorex Media Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {027B2618-3701-4A01-A814-BE34A1C3C3DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-11] (Adobe Inc. -> Adobe)
Task: {0CE59796-FE57-49CF-A450-EB794C4FB4C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {17DC42A2-F68C-4C6E-A685-B484C8ECF152} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {289EC535-ACBB-46C5-8599-0FD3667513C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {32DC0AC8-B274-49D7-B512-F88E67AEC293} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {416B6A34-7811-4B65-99F3-49D824D255BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [145272 2019-10-31] (HP Inc. -> HP Inc.)
Task: {48EE3F79-D85A-447B-B72A-9A070226625D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [277880 2019-11-22] (HP Inc. -> HP Inc.)
Task: {609C5D74-96CB-477D-B561-7717230B227C} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {67755C6A-AA4D-4382-97D8-2E2DE5861C36} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {7606036E-858C-4ED9-B14F-6B485B9BBA7D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-11] (Adobe Inc. -> Adobe)
Task: {8664DE82-3409-44EF-AC76-7A24804D3662} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {92B2DD11-4D28-46D0-A5CC-787D46F7BFED} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {99C64CCC-E267-439A-A447-D06ED6D58491} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {9D7AD1F7-4D88-4CD8-A3BB-D8F6A7158D9B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279544 2018-09-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {9F57CADA-CB76-426E-816A-BCE06E750A54} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.)
Task: {A3FB1060-736B-4136-9C44-A1762622D30A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {A88A8A69-15CD-4AC5-A49F-9EED0833C275} - System32\Tasks\HPCeeScheduleForLillian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2018-09-11] (HP Inc. -> HP Inc.)
Task: {B11C66B8-EB50-41DC-9AE6-C53023F17E37} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {B45E2B4C-BE40-44FF-9671-5A671C175CD8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1114488 2020-01-07] (HP Inc. -> HP Inc.)
Task: {CCD75ED5-CCA2-4B7B-9EA0-101A498F3C0E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {D1AA80F8-4A3A-49CB-BBE2-51B063F1CEF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {D23D75CF-B448-40EE-A832-1432ED87C6AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {D8F80293-64F2-4DAA-84AF-FDB8172F897A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {DA38A483-B158-4A7F-873E-898A2DFF1F71} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {DC43C091-23D3-431D-B6A7-A6C40FD84523} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1114488 2020-01-07] (HP Inc. -> HP Inc.)
Task: {E1484769-8460-41D6-9417-47F41ED8EC69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {E8D7EFEC-96B8-4937-98F2-C0D40D639D6B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {F22D8845-F310-43DA-BDCC-5FD38D0AC0A1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForLillian.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 64.59.135.147 64.59.128.113
Tcpip\..\Interfaces\{1f27f15d-e56c-4b9c-9c8a-1b0bfa4ab60e}: [DhcpNameServer] 64.59.135.147 64.59.128.113
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-520046137-1738454763-4209218755-1001 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
FireFox:
========
FF DefaultProfile: zmh62i5e.default
FF ProfilePath: C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default [2020-02-18]
FF Homepage: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.kijiji.ca/
FF Notifications: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.youtube.com; hxxps://en.softonic.com; hxxps://www.facebook.com; hxxps://www.allrecipes.com; hxxps://www.teamviewer.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com
FF Extension: (Canadian English Dictionary) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\en-CA@dictionaries.addons.mozilla.org.xpi [2019-07-14]
FF Extension: (English (CA) Language Pack) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\langpack-en-CA@firefox.mozilla.org.xpi [2020-01-08]
FF Extension: (New Tab Override) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (Search Defender) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com.xpi [2019-08-05]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\sp@avast.com.xpi [2020-02-13]
FF Extension: (Avast Online Security) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\wrc@avast.com.xpi [2019-10-03] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (Greasemonkey) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2019-06-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default [2020-02-14]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.kijiji.ca/"
CHR Extension: (Slides) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-14]
CHR Extension: (Docs) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-14]
CHR Extension: (Google Drive) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-24]
CHR Extension: (YouTube) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-14]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-01-27]
CHR Extension: (Sheets) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-27]
CHR Extension: (Gmail) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegLauncher; C:\Program Files\MobiGame\aeg_launcher.exe [7183872 2020-02-09] () [File not signed]
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe [504832 2018-11-20] (Advanced Micro Devices, Inc. -> AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8413472 2020-02-05] (BattlEye Innovations e.K. -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [305664 2017-11-02] (Realtek Semiconductor Corp.) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803456 2019-11-01] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-05] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [361848 2019-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 MobiGameUpdater; C:\Program Files\MobiGame\MobiGameUpdater.exe [202240 2020-02-09] () [File not signed]
R2 RtkBtAudioServ; C:\WINDOWS\RtkBtAudioServ.exe [215992 2018-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [738712 2019-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1657136 2020-02-05] (WildTangent Inc -> )
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-12-04] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-12-04] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atikmdag.sys [47076864 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atikmpag.sys [587264 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2017-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 MobiVBoxDrv; C:\Program Files\MobiGame\vbox\MobiVBoxDrv.sys [314688 2020-02-04] (Iron Entertainment Inc. -> Oracle Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-11-20] (Realtek Semiconductor Corp. -> Realtek )
S3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [72160 2017-10-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [787232 2019-11-30] (WDKTestCert VSAuto,131800073559665678 -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-11-27] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [11722328 2019-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-02-18 20:18 - 2020-02-18 20:19 - 000035510 _____ C:\Users\Lillian\Desktop\FRST.txt
2020-02-18 20:17 - 2020-02-18 20:19 - 000000000 ____D C:\FRST
2020-02-18 20:16 - 2020-02-18 20:16 - 002279424 _____ (Farbar) C:\Users\Lillian\Desktop\FRST64.exe
2020-02-13 06:14 - 2020-02-12 17:35 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-02-13 06:14 - 2020-02-12 17:35 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-02-12 22:25 - 2020-02-12 22:25 - 000000000 ____D C:\ProgramData\ssh
2020-02-12 17:19 - 2020-02-12 17:19 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 024617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 023463424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 019020288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 013013504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 012306432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 008906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 007923712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 007870976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 006061056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 005436936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 004872704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 004658688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 004488192 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 003904000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 003550592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 003442176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 002942976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 002469432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 002323904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 002273080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001877168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001430672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001288856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001267216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-02-12 17:19 - 2020-02-12 17:19 - 001247560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 001229824 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001182720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2020-02-12 17:19 - 2020-02-12 17:19 - 001166336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2020-02-12 17:19 - 2020-02-12 17:19 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfrgui.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dfrgui.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000428544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapisrv.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\srrstr.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2020-02-12 17:19 - 2020-02-12 17:19 - 000212480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagSvc.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\recdisc.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000186880 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-02-12 17:19 - 2020-02-12 17:19 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWSD.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrTasks.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 022137336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 009669648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 007888896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 006943232 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 006546296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 006445568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 006318544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 005608328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 005528576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 005300736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 004588776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 004050944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 003874936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 003636736 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 003363848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002848256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002780296 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002770944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002699264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 002437344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 002348544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002292224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002280024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001963536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 001866240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001830928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001796920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-02-12 17:18 - 2020-02-12 17:18 - 001677088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001674688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001665720 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001647104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001590072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001486680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001479208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001360912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 001345984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-02-12 17:18 - 2020-02-12 17:18 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001262592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001222672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001219584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 001193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001056272 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001012736 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000879104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000876032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-02-12 17:18 - 2020-02-12 17:18 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000764216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000741376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000591376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000588600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000541472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000465424 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000431416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000252024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000156712 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWSD.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000128616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasphone.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasphone.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciwave.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 007701200 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 005577656 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 004417552 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 003577856 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 003334496 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 003329536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 003269632 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 003006464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 002928640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 002707456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 002634240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 002590736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 002015608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001677312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001538560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 001520232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001387512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001294488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001259832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 001258504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001054952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 001049400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000902344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000902144 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000888864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000872000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000856432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000758928 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000751632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000741688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000681416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000677144 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000662024 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000606224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000510264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000450912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000446480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000405520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000402584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000398416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000389920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000376568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000331104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000313000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000293856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000286520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000253256 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000213816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000203064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000189496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000169784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000147944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000105784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000103736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000095760 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Websocket.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Websocket.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciwave.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-02-07 15:55 - 2020-02-07 15:55 - 000000000 _____ C:\Users\Lillian\Desktop\umbrellas-coloring-260nw-570821461.heic
2020-01-25 07:57 - 2020-01-25 07:57 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\505 Games
2020-01-21 09:59 - 2020-01-30 20:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-19 18:46 - 2020-01-19 18:46 - 000000272 _____ C:\Users\Lillian\Desktop\Horace.url
2020-01-19 14:08 - 2020-01-19 14:08 - 000000000 ____D C:\Users\Public\CyberLink
2020-01-19 14:08 - 2020-01-19 14:08 - 000000000 ____D C:\Users\Lillian\Documents\CyberLink
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-02-18 20:15 - 2019-02-13 13:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-02-18 20:15 - 2018-09-15 00:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-18 17:25 - 2018-09-15 00:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-02-18 17:25 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-02-18 17:17 - 2019-07-11 05:39 - 000002812 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForLillian
2020-02-18 17:17 - 2019-07-11 05:39 - 000000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForLillian.job
2020-02-18 17:17 - 2019-02-13 13:28 - 000003750 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-02-18 17:17 - 2019-02-13 13:28 - 000003446 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-02-18 17:17 - 2019-02-13 13:28 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-18 17:17 - 2019-02-13 13:28 - 000003312 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B10F1A6A-E096-4CDE-9012-03BBEB909611}
2020-02-18 17:17 - 2019-02-13 13:28 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-18 17:17 - 2019-02-13 13:28 - 000002912 _____ C:\WINDOWS\system32\Tasks\DriverUpdate Scan
2020-02-18 17:17 - 2019-02-13 13:28 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-1001
2020-02-18 17:17 - 2019-02-13 13:28 - 000002856 _____ C:\WINDOWS\system32\Tasks\HPJumpStartLaunch
2020-02-18 17:17 - 2019-02-13 13:28 - 000002768 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2020-02-18 17:17 - 2019-02-13 13:28 - 000002552 _____ C:\WINDOWS\system32\Tasks\AutoPico Daily Restart
2020-02-18 17:17 - 2019-02-13 13:28 - 000002500 _____ C:\WINDOWS\system32\Tasks\HPEA3JOBS
2020-02-18 17:17 - 2019-02-13 13:28 - 000002440 _____ C:\WINDOWS\system32\Tasks\HPAudioSwitch
2020-02-18 17:17 - 2019-02-13 13:28 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2020-02-18 17:17 - 2019-02-13 13:28 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN
2020-02-18 17:17 - 2019-02-13 13:28 - 000002116 _____ C:\WINDOWS\system32\Tasks\StartDVR
2020-02-18 17:17 - 2019-02-13 13:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-02-18 12:17 - 2018-06-23 06:03 - 000000000 ____D C:\Users\Lillian\AppData\Local\D3DSCache
2020-02-18 06:40 - 2018-05-13 09:55 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\Mozilla
2020-02-18 06:32 - 2018-05-16 11:39 - 000000000 ____D C:\Users\Lillian\AppData\Local\WarThunder
2020-02-18 06:31 - 2018-06-22 04:55 - 000000000 ____D C:\Users\Lillian\AppData\Local\AVAST Software
2020-02-18 06:30 - 2018-05-22 05:01 - 000000000 ____D C:\Program Files (x86)\Steam
2020-02-18 06:30 - 2018-05-13 09:38 - 000000000 ____D C:\Users\Lillian\AppData\Local\VirtualStore
2020-02-17 20:18 - 2018-07-09 20:25 - 000000000 ____D C:\Users\Lillian\AppData\Local\CrashDumps
2020-02-17 19:06 - 2018-06-01 19:16 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\.minecraft
2020-02-17 07:44 - 2019-02-13 13:28 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-02-13 22:14 - 2018-12-20 22:31 - 000002033 _____ C:\WINDOWS\wininit.ini
2020-02-13 14:34 - 2018-06-01 19:30 - 000001438 _____ C:\Users\Lillian\Desktop\Roblox Player.lnk
2020-02-13 14:34 - 2018-06-01 19:28 - 000001253 _____ C:\Users\Lillian\Desktop\Roblox Studio.lnk
2020-02-13 14:34 - 2018-06-01 19:28 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-02-13 06:19 - 2019-02-13 13:19 - 000935056 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-02-13 06:19 - 2018-09-15 00:31 - 000000000 ____D C:\WINDOWS\INF
2020-02-13 06:16 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2020-02-13 06:16 - 2018-05-13 09:38 - 000000000 ___RD C:\Users\Lillian\3D Objects
2020-02-13 06:16 - 2017-10-05 16:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-02-13 06:13 - 2019-02-13 13:00 - 000449544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-02-13 06:13 - 2018-06-20 05:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-02-13 06:12 - 2019-02-13 13:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-02-12 22:27 - 2018-09-14 23:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-02-12 22:27 - 2018-02-10 01:44 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2020-02-12 22:26 - 2019-02-13 13:36 - 000000000 ____D C:\WINDOWS\holoshell
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-02-12 22:26 - 2018-09-14 23:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-02-12 22:26 - 2018-09-14 23:09 - 000000000 ____D C:\WINDOWS\servicing
2020-02-12 17:35 - 2018-09-15 00:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-02-12 17:32 - 2018-05-13 10:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-02-12 17:26 - 2018-05-13 10:27 - 120407888 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-02-11 06:22 - 2019-12-10 06:14 - 006350904 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2020-02-11 06:22 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-02-11 06:22 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-02-10 09:26 - 2019-02-13 13:05 - 000002376 _____ C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-02-10 09:26 - 2018-05-13 09:40 - 000000000 ___RD C:\Users\Lillian\OneDrive
2020-02-10 06:45 - 2019-09-06 10:12 - 000000000 ____D C:\Program Files\MobiGame
2020-02-10 06:44 - 2019-10-10 06:13 - 000002057 _____ C:\Users\Lillian\Desktop\Play Store.lnk
2020-02-06 16:11 - 2020-01-07 20:20 - 000001386 _____ C:\Users\Public\Desktop\Skype.lnk
2020-02-06 16:11 - 2020-01-07 20:20 - 000001386 _____ C:\ProgramData\Desktop\Skype.lnk
2020-02-06 16:11 - 2020-01-07 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-02-06 09:22 - 2018-05-16 10:15 - 000000000 ____D C:\Users\Lillian\Documents\Lillian
2020-02-06 09:03 - 2019-07-17 14:36 - 000000000 ____D C:\Users\Lillian\AppData\Local\BlueStacks
2020-02-03 12:58 - 2018-06-20 11:08 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\vlc
2020-01-30 20:45 - 2018-05-13 09:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-27 19:19 - 2018-12-13 18:40 - 000000000 ____D C:\Users\Lillian\BrawlhallaReplays
2020-01-24 15:04 - 2018-06-01 19:16 - 000000000 ____D C:\Program Files (x86)\Minecraft
2020-01-22 16:36 - 2018-05-14 05:02 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-21 09:59 - 2018-05-13 09:55 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-01-20 09:50 - 2018-05-16 05:16 - 000000419 _____ C:\WINDOWS\BRWMARK.INI
2020-01-19 16:56 - 2018-05-16 10:10 - 000000000 ____D C:\Program Files\Epic Games
==================== Files in the root of some directories ========
2018-05-14 10:44 - 2018-05-14 11:29 - 000026726 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (DOS).ADR
2018-05-14 11:24 - 2018-05-14 11:24 - 000026950 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (Windows).ADR
2018-05-13 09:38 - 2020-02-18 06:29 - 000628652 _____ () C:\Users\Lillian\AppData\Local\BTServer.log
2019-09-06 08:51 - 2019-09-06 08:51 - 000000017 _____ () C:\Users\Lillian\AppData\Local\resmon.resmoncfg
==================== FCheck ================================
(If an entry is included in the fixlist, the file/folder will be moved.)
FCheck: C:\WINDOWS\system32\eac_usermode_3175762292993092.dll [2019-05-31] <==== ATTENTION (zero byte File/Folder)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by Lillian (18-02-2020 20:20:42)
Running from C:\Users\Lillian\Desktop
Windows 10 Home Version 1809 17763.1039 (X64) (2019-02-13 20:30:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-520046137-1738454763-4209218755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-520046137-1738454763-4209218755-503 - Limited - Disabled)
Guest (S-1-5-21-520046137-1738454763-4209218755-501 - Limited - Disabled)
Lillian (S-1-5-21-520046137-1738454763-4209218755-1001 - Administrator - Enabled) => C:\Users\Lillian
WDAGUtilityAccount (S-1-5-21-520046137-1738454763-4209218755-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2018.1108.0217.4117 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FastStone Image Viewer 6.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.5 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.9.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.14.49.15 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{2282C4AC-ADFD-4CB7-962E-D700F62024E6}) (Version: 1.4.27 - HP Inc.)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0005 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
MobiGame (HKLM\...\{0CD5AE2D-BB58-4E35-8B5C-AFE995A80E1A}) (Version: 2.16.8.0 - MobiGame)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 72.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.2 (x64 en-US)) (Version: 72.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.80 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8536 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.105 - REALTEK Semiconductor Corp.)
Roblox Player for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-studio) (Version: - Roblox Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype version 8.56 (HKLM-x32\...\Skype_is1) (Version: 8.56 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StudioTax 2017 (HKLM-x32\...\{99CAAE52-3DB3-4012-90A6-392CFE63BE51}) (Version: 13.0.5.0 - BHOK IT Consulting)
StudioTax 2018 (HKLM-x32\...\{B77DD0D3-CBDA-4A1B-BB14-1B8782DE95AF}) (Version: 14.0.4.0 - BHOK IT Consulting)
System Scheduler 5.12 (HKLM-x32\...\Windows Scheduler_is1) (Version: - Splinterware Software Solutions)
The Weather Network (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\The Weather Network) (Version: 6.0.2.5 - The Weather Network)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.100 (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.19 - WildTangent)
WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 1.0.0.396 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Packages:
=========
Candy Crush Jelly Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushJellySaga_2.34.41.0_x86__kgqvnymyfvs32 [2020-01-13] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1700.2.0_x86__kgqvnymyfvs32 [2020-02-12] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.157.400.0_x86__kgqvnymyfvs32 [2020-02-07] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.8.1.3_x86__h6adky7gbf63m [2020-02-13] (Gameloft.)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2019-11-15] (Dolby Laboratories)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-17] (Dropbox Inc.)
Floor Adjustment -> C:\Windows\SystemApps\RoomAdjustment_cw5n1h2txyewy [2019-08-13] (Microsoft Corporation)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.464.0_x86__v10z8vjag6ke6 [2018-02-10] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa [2020-01-29] (Apple Inc.) [Startup Task]
Learn Mixed Reality -> C:\Windows\SystemApps\MixedRealityLearning_cw5n1h2txyewy [2019-08-13] (Microsoft Corporation)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.6.0.11_x86__h6adky7gbf63m [2020-02-12] (Gameloft.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.35.20273.0_x64__8wekyb3d8bbwe [2020-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.3002.0_x64__8wekyb3d8bbwe [2020-02-12] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-21] (Netflix, Inc.)
New for You -> C:\Windows\SystemApps\WhatsNew_cw5n1h2txyewy [2019-08-13] (Microsoft Corporation)
Passthrough -> C:\Windows\SystemApps\passthrough_cw5n1h2txyewy [2019-02-13] (Microsoft Corporation)
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-01-26] (CYBERLINKCOM CORP)
Sign In -> C:\Windows\SystemApps\WebAuthBridgeInternet_cw5n1h2txyewy [2019-02-13] (ms-resource:PublisherDisplayName)
Sign In -> C:\Windows\SystemApps\WebAuthBridgeInternetSso_cw5n1h2txyewy [2019-02-13] (ms-resource:PublisherDisplayName)
Sign In -> C:\Windows\SystemApps\WebAuthBridgeIntranetSso_cw5n1h2txyewy [2019-02-13] (ms-resource:PublisherDisplayName)
The Weather Network -> C:\Program Files\WindowsApps\TheWeatherNetworkMeteoMed.TheWeatherNetwork_2.1.8297.0_x64__4synmnwyp9drt [2019-02-13] (The Weather Network)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.82.0_x64__qt5r5pa5dyg8m [2019-12-23] (WildTangent Games)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-520046137-1738454763-4209218755-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xC1A89939B6EBD3010E50F79C3DECD301020000002400000000000000 => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Lillian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2019-02-13 13:07 - 2019-02-13 13:07 - 008007680 _____ ( ) [File not signed] C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
2020-02-13 12:19 - 2020-02-13 12:19 - 000138240 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\9d55aa94f59cf0a059be10a9a84b52c4\Interop.IWshRuntimeLibrary.ni.dll
2018-05-16 05:15 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-05-16 10:06 - 2018-05-16 10:07 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-05-16 10:07 - 2018-05-16 10:07 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-05-16 10:07 - 2018-05-16 10:07 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 21:21 - 2018-04-24 21:21 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2005-09-07 11:03 - 2005-09-07 11:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\ScanSoft\PaperPort\blicectr.dll
2018-05-16 05:15 - 2012-06-05 14:59 - 000025299 ____R (Brother Industries, Ltd) [File not signed] C:\Program Files (x86)\Browny02\brlm03a.dll
2018-05-16 05:15 - 2008-08-18 17:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2018-05-16 05:15 - 2009-12-23 14:45 - 000327680 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-05-16 05:15 - 2009-12-25 14:08 - 000208896 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2018-05-16 05:15 - 2011-10-07 13:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2020-02-13 12:19 - 2020-02-13 12:19 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\4063ef6b26bda17cd749180e55e6407c\Hardcodet.Wpf.TaskbarNotification.ni.dll
2018-05-18 09:11 - 2018-04-30 05:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-02-13 12:19 - 2020-02-13 12:19 - 001585152 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\7805a4c726675f423fcd6038757263dd\NAudio.ni.dll
2020-02-13 12:16 - 2020-02-13 12:16 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\67e96d905b0ee480dadec8739f7ed467\Newtonsoft.Json.ni.dll
2018-02-10 01:46 - 2017-06-20 20:03 - 000289280 _____ (Realtek Semiconductor Corporation) [File not signed] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\StereoControl.dll
2020-02-13 12:19 - 2020-02-13 12:19 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\3fe906ad9a6cf5949e30a90b70a3a0e5\log4net.ni.dll
2018-05-16 10:06 - 2018-05-16 10:06 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-11-08 02:15 - 2018-11-08 02:15 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000109568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 069968896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Lillian\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 06:46 - 2019-01-04 07:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\hp backgrounds\backgrounddefault.jpg
DNS Servers: 64.59.135.147 - 64.59.128.113
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1B090072-D72C-4914-B8C9-9D9A26FA4A34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{06D5C739-7ACC-43EE-8F07-1E38D0D5BE67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{4EBA5F59-C476-4904-8C44-A4DB352AFC77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\Bendy and the Ink Machine.exe () [File not signed]
FirewallRules: [{4ED688BF-B168-4EC6-855E-736F27B811CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\Bendy and the Ink Machine.exe () [File not signed]
FirewallRules: [{8B6D9B25-1ABF-46A2-8532-115380E404FE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A82FF69B-E60F-42A5-86CE-6AFC3F2B2E27}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{080A2033-3A08-4918-BE97-DD2B29CBEB44}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{CCEAFC71-8A09-4E6E-A300-8534C3553843}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{7DA01A3C-AD80-4F97-8321-E662685012FA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{145F1E86-196B-4219-B47D-D3DE46FEBFEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{739DAB6A-0A14-4A53-B1DA-E4649647ED66}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A282D93A-88F9-4BEE-9939-6DF15CA0ECC0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{663A09A8-AF78-4C2B-9C12-FD64CCF49274}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3FD1DC98-62C7-4397-B45C-4396DBF10EA1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9C15C379-0EB7-4386-A6C5-8B31BA37FDD5}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{E1984601-82AB-4C30-884C-68A37BCB7CDB}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [TCP Query User{015F26C2-E325-4FD7-9473-190C9260816B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{A4C0B2CF-F920-484B-A846-2DEAA6A80254}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1C57984-9AF8-4631-94B8-E6EA35589919}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5D5DB9C-2DB8-43BC-A621-FBBA1E3217AA}] => (Allow) LPort=2869
FirewallRules: [{442EA53B-328F-468E-BA66-5C0B3F9E505A}] => (Allow) LPort=1900
FirewallRules: [{E33734E5-18B0-432B-9A17-0698CFAF239F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{EB442B57-B2D2-47B8-9CB4-5C291B47EDA9}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{EE4FB49A-B46D-4EF0-A775-04C9F2E4C16D}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{2B2DF538-3464-4353-A095-F38666806596}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F8F4CC7E-6A61-48B1-B633-90E80F268983}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{9C925323-83CD-4472-98F9-5ECE8FE30DFA}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{0FD6D81B-41AA-470C-928A-43E59B71F8BE}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{B2CD05EC-C850-4522-B3A2-E76CB737C574}C:\users\lillian\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{80401D63-0F2A-4E08-A1CC-E24E0ECF5CE7}C:\users\lillian\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{91186E26-32E1-4A30-BA24-70E3FA18EDDB}C:\users\lillian\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{7E3772D9-B71D-4525-91BC-6A5B9D5EDE0C}C:\users\lillian\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{30B03208-4CDE-4292-9D8F-47475C5DF172}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6C7E75F2-E59B-4040-80B3-5D70B3BDA12A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6B0F6E54-AB92-48DF-B4FD-82BD74203E7D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{0954DE90-F8DD-41AF-B47D-7B9EF580A312}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D8071043-EA7C-4EE7-AD9C-D4C571FC522F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe () [File not signed]
FirewallRules: [{8362C1A9-2DC8-4DB7-98EC-ED011B360C17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe () [File not signed]
FirewallRules: [{4E3D0006-9134-40EB-8406-54C313143A56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Worlds\LEGO_Worlds.exe (Travellers Tales (UK) Limited -> )
FirewallRules: [{6DD1278C-1E2D-4389-B0B9-7837DCF0681E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Worlds\LEGO_Worlds.exe (Travellers Tales (UK) Limited -> )
FirewallRules: [{1AB2CD83-2AFF-466E-ADAE-E5664EA8CF24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\BATIM.exe No File
FirewallRules: [{42292E58-D1FB-4645-A378-AD1E47D6632A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\BATIM.exe No File
FirewallRules: [TCP Query User{B06C0B1C-2AAF-4F3C-8F1F-ACA2E7A33103}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{60AD65A8-D6CB-48D1-B44E-12A2DA8F7534}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{B2154E67-8F8A-4418-A1A5-3D8944D63381}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{2D6318AC-87DB-427E-B300-F04D15121BC0}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{95EFB40F-83E3-4236-B2D7-8A5DCC73CDE0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{DA5B1AA0-D1D9-4FFF-A017-93B219D02ACD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{5496ADFC-BF8F-4172-9BD1-26054AFD7BC4}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [UDP Query User{76689C82-F7CC-4390-BA79-99FC25AFA603}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [{DAF553A4-B5E2-48C2-B9E8-1C42DCC8D53E}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{151B702B-2C5C-496B-A0D3-0147834910DD}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{A86D0904-5AF1-4DE7-B203-C4EFB2FEA45D}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{5CA60DBE-5099-432B-BBC5-833788F4D077}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{4B362E53-F249-4B5D-975B-11810A0A6604}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{140FCF15-D11E-48F3-A4A0-C228B55EB906}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{D303FC5B-CA57-4203-A0C3-58F21B67958C}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [{4868C638-C017-4D06-8149-9EAA55C6D5D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{98041F33-D7DD-4A8A-ADA6-7B99E03552EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{0C3C5C1A-B086-48A3-B4B1-703F7967300D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardLife\launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{943D344B-3E04-43A8-8FE6-29A6DD3F70FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardLife\launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{5885EC60-B2A7-4878-BCCC-EFD2F87FA3B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B81B95C4-1E56-4C2E-A1E7-88D5926D5897}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{736E2C56-058F-4A22-ADC6-7212212C9D4D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C883817-C07E-4B4D-B0F7-2BA95C38F1DF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BB692EA8-73BA-4C58-8200-52FD9FB7116F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2526A805-3805-43D3-B766-A59B2D6506D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BD060EB0-CC00-46EB-B54E-7BB3915D394F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3206F8C7-88A7-46E0-A6EA-1C8AD850EA25}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D00672CA-C7F5-43BD-8E13-510AE40F9240}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DDAB89C8-5E21-4314-A561-CA40DF9CEC99}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9D50C610-26B4-4F54-AFDF-9F2F5B2AEF05}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DCA45DB9-AEC1-434F-959D-9FE2F74750EF}] => (Allow) C:\Program Files\MobiGame\player\mobiplayer.exe (Game Player) [File not signed]
FirewallRules: [{984B1E2F-DAC5-43F6-B2C9-971B773FF329}] => (Allow) C:\Program Files\MobiGame\vbox\vboxheadless.exe (Iron Entertainment Inc. -> Oracle Corporation)
FirewallRules: [{34372731-C76B-4BE0-AA67-ED59CB31374A}] => (Allow) LPort=1688
FirewallRules: [{A63B5132-EB84-4241-A6EF-C0190897C6D3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12430.20264.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
08-02-2020 17:00:15 Scheduled Checkpoint
12-02-2020 16:52:38 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/18/2020 06:22:28 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.Exception: StartProcessAsCurrentUser: GetSessionUserToken failed.
at _HPCommRecovery.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible)
at _HPCommRecovery.HPAHAgent.CallAgent()
at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
at _HPCommRecovery.HPAHLogger.NewSession()
at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).
Error: (02/18/2020 06:22:28 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode)
at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
at _HPCommRecovery.Tools.Signtool.Verify(String arg)
at _HPCommRecovery.HPAHAgent.CallAgent()
at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
at _HPCommRecovery.HPAHLogger.NewSession()
at _HPCommRecovery.....
Error: (02/17/2020 10:03:46 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.Exception: StartProcessAsCurrentUser: GetSessionUserToken failed.
at _HPCommRecovery.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible)
at _HPCommRecovery.HPAHAgent.CallAgent()
at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
at _HPCommRecovery.HPAHLogger.NewSession()
at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).
Error: (02/17/2020 08:18:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 10.13.0.0, time stamp: 0x5e445d82
Faulting module name: ntdll.dll, version: 10.0.17763.1039, time stamp: 0x4dc06dfc
Exception code: 0xc0000005
Fault offset: 0x000000000004df23
Faulting process id: 0x1af4
Faulting application start time: 0x01d5e60a19b8afb5
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: cf92a5af-1243-42d6-a121-635522e1c2aa
Faulting package full name:
Faulting package-relative application ID:
Error: (02/17/2020 07:22:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PaintStudio.View.exe, version: 0.0.0.0, time stamp: 0x5d30f560
Faulting module name: twinapi.appcore.dll, version: 10.0.17763.973, time stamp: 0x0d83a788
Exception code: 0xc000027b
Fault offset: 0x00000000000bd578
Faulting process id: 0xe5c
Faulting application start time: 0x01d5e601b96dc590
Faulting application path: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
Report Id: 602c3775-da43-40b7-a1e1-fbd434d46401
Faulting package full name: Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MSPaint
Error: (02/17/2020 08:13:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 10.13.0.0, time stamp: 0x5e445d82
Faulting module name: ntdll.dll, version: 10.0.17763.1039, time stamp: 0x4dc06dfc
Exception code: 0xc0000005
Fault offset: 0x000000000004df23
Faulting process id: 0x18a0
Faulting application start time: 0x01d5e5a4c7fdb14c
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0f56bb82-500c-4e8f-a861-e6f5df88b4a9
Faulting package full name:
Faulting package-relative application ID:
Error: (02/17/2020 07:40:40 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.Exception: StartProcessAsCurrentUser: GetSessionUserToken failed.
at _HPCommRecovery.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible)
at _HPCommRecovery.HPAHAgent.CallAgent()
at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
at _HPCommRecovery.HPAHLogger.NewSession()
at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).
Error: (02/17/2020 07:40:37 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode)
at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
at _HPCommRecovery.Tools.Signtool.Verify(String arg)
at _HPCommRecovery.HPAHAgent.CallAgent()
at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
at _HPCommRecovery.HPAHLogger.NewSession()
at _HPCommRecovery.....
System errors:
=============
Error: (02/18/2020 05:01:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2020 05:00:58 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2020 05:00:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2020 02:52:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2020 02:52:33 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2020 02:52:33 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2020 06:42:16 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/18/2020 06:42:15 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2019-05-17 07:08:46.400
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1510.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-05-17 07:08:46.399
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1510.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-05-17 07:08:46.398
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1510.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-05-17 07:08:46.382
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1510.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-05-17 07:08:46.382
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1510.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2020-02-14 10:51:17.196
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-14 10:51:17.192
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-14 10:51:17.043
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-14 10:51:17.038
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-14 10:51:17.006
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-14 10:51:16.997
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-14 10:51:16.824
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-02-14 10:51:16.820
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.05 01/29/2018
Motherboard: HP 8433
Processor: AMD A12-9800 RADEON R7, 12 COMPUTE CORES 4C+8G
Percentage of memory in use: 34%
Total physical RAM: 15788.77 MB
Available physical RAM: 10391.83 MB
Total Virtual: 18220.77 MB
Available Virtual: 11242.2 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:915.17 GB) (Free:470.41 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.1 GB) (Free:1.75 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{15888f61-fc32-4387-9ceb-4a16a8a4cf76}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.53 GB) NTFS
\\?\Volume{70f7596f-bd69-4bba-9479-6592ca6c93bd}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)
Partition: GPT.
==================== End of Addition.txt =======================
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)
highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Highlight the entire content of the quote box below and select Copy.
Start::
CloseProcesses:
CreateRestorePoint:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {8664DE82-3409-44EF-AC76-7A24804D3662} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com
FF Extension: (Search Defender) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com.xpi [2019-08-05]
FF Extension: (Search Defender) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com.xpi [2019-08-05]
FCheck: C:\WINDOWS\system32\eac_usermode_3175762292993092.dll [2019-05-31] <==== ATTENTION (zero byte File/Folder)
CustomCLSID: HKU\S-1-5-21-520046137-1738454763-4209218755-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xC1A89939B6EBD3010E50F79C3DECD301020000002400000000000000 => No File
ShortcutWithArgument: C:\Users\Lillian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
AlternateDataStreams: C:\Users\Lillian\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
FirewallRules: [{9C15C379-0EB7-4386-A6C5-8B31BA37FDD5}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{E1984601-82AB-4C30-884C-68A37BCB7CDB}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{6B0F6E54-AB92-48DF-B4FD-82BD74203E7D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{0954DE90-F8DD-41AF-B47D-7B9EF580A312}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{1AB2CD83-2AFF-466E-ADAE-E5664EA8CF24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\BATIM.exe No File
FirewallRules: [{42292E58-D1FB-4645-A378-AD1E47D6632A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\BATIM.exe No File
FirewallRules: [TCP Query User{B06C0B1C-2AAF-4F3C-8F1F-ACA2E7A33103}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{60AD65A8-D6CB-48D1-B44E-12A2DA8F7534}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{5496ADFC-BF8F-4172-9BD1-26054AFD7BC4}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [UDP Query User{76689C82-F7CC-4390-BA79-99FC25AFA603}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [{D303FC5B-CA57-4203-A0C3-58F21B67958C}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
EmptyTemp:
C:\Windows\Temp\*.*
End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download and run AdwCleaner
Download AdwCleaner from here (https://downloads.malwarebytes.com/file/adwcleaner) and save it to your desktop.
run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.
===================================================
Run Malwarebytes Anti-Malware
You may have Malwarebytes Anti-Malware installed but if not, you can download it from here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/):
run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard
Logs to include with the next post:
Fixlog.txt
AdwCleaner log
Mbam.txt