PDA

View Full Version : PUP.Optional.Conduit



gpkenny
2020-04-11, 15:53
Hi, my PC is infected with a number of PUPs and running slowly. Id appreciate your time to help with this.
Unfortunately, I'm unable to download the aswMBR logs as my computer went to a blue screen when I tried

Many Thanks

Gary

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2020
Ran by Asus (administrator) on G751 (ASUSTeK COMPUTER INC. G751JT) (11-04-2020 13:40:20)
Running from C:\Users\Asus\Downloads
Loaded Profiles: Asus (Available Profiles: Asus)
Platform: Windows 10 Home Version 1903 18362.720 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Asus\AppData\Roaming\uTorrent\helper\helper.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Asus\AppData\Roaming\uTorrent\updates\3.5.5_45628\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Asus\AppData\Roaming\uTorrent\updates\3.5.5_45628\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Asus\AppData\Roaming\uTorrent\updates\3.5.5_45628\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.82.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(TEFINCOM S.A. -> NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Turnipsoft) C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.32.4.0_x64__ypmq2qh89vmny\Freda_W10.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [238512 2020-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Run: [uTorrent] => C:\Users\Asus\AppData\Roaming\uTorrent\uTorrent.exe [2072816 2020-04-08] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Run: [] => [X]
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4622280 2020-03-12] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraVPN.lnk [2019-09-18]
ShortcutTarget: UltraVPN.lnk -> C:\Program Files (x86)\UltraVPN\UltraVPN.exe (No File)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1089DAE2-B70A-4520-ADC7-C72F52229C4F} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [228368 2020-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {197254E7-B3F6-4087-8103-A071C78A1B22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2845934F-678F-497D-90EA-3F9F993EA8CD} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [27848432 2020-01-31] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG )
Task: {3E942A1F-35C7-4B21-844D-CD33FA238456} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)
Task: {58E91FF8-84E5-4BF1-BD70-51A6D659DF4F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task
Task: {7E61B81C-F63D-4655-BDC1-EA2D6750D722} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {92B5EA2A-A0AD-4055-9947-49C1431CF809} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_Plugin.exe [1458232 2020-03-11] (Adobe Inc. -> Adobe)
Task: {A0014F2C-8B12-4661-9506-B43AC7DBB876} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A0DFC932-23F2-44A6-B74F-FE36C16AD22E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {AB1B57D0-C67C-4DED-9CA8-B52CA12BA003} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2759304 2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B7EB2BBD-1394-4BDC-9AE2-D5D457147949} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DD895479-FB26-4567-9221-B79426525DF7} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {F5FEDB29-7A98-4A1F-8ACA-202B61DA57B4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ba438379-86f2-4ec3-b67b-89579a5ec09a}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-gb
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF DefaultProfile: 6fqedbzr.default
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\6fqedbzr.default [2019-09-18]
FF Extension: (Avira Password Manager) - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\6fqedbzr.default\Extensions\passwordmanager@avira.com [2019-09-17]
FF ProfilePath: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\27m3taej.default-release-1581420443565 [2020-04-11]
FF Extension: (Grammarly for Firefox) - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\27m3taej.default-release-1581420443565\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2020-02-11]
FF Extension: (AdBlock ? best ad blocker) - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\27m3taej.default-release-1581420443565\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2020-04-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1209856 2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537144 2020-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [485960 2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [485960 2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573760 2020-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [631944 2020-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989888 2020-01-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [382992 2020-03-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [242448 2020-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [151248 2020-02-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [529904 2019-01-17] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-09] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [236576 2020-04-03] (TEFINCOM S.A. -> )
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiCtlDrv; C:\WINDOWS\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel(R) Software -> Intel Corporation)
S3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [105384 2019-07-12] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [208360 2020-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [196560 2020-04-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [107208 2014-01-17] (Genesys Logic,INC. -> GenesysLogic)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [123544 2019-07-12] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [239608 2019-01-17] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [77992 2014-08-04] (Intel(R) Software -> Intel Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] (ASUSTeK Computer Inc. -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-02-28] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-03-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-04-09] (Malwarebytes Inc -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation - Intel? Management Engine Firmware -> Intel Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3587232 2018-12-07] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_1aae4f19e68d0780\nvlddmkm.sys [17003280 2017-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [28344 2016-05-12] (Nvidia Corporation -> Windows (R) Win 7 DDK provider)
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 PXGX112; C:\WINDOWS\system32\drivers\PXGX112.sys [23552 2011-07-29] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek Semiconductor Corp -> Realtek )
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [49152 2019-03-19] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel(R) Software -> Intel Corporation)
S3 cpuz136; \??\C:\Users\Asus\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-11 13:40 - 2020-04-11 13:40 - 000020196 _____ C:\Users\Asus\Downloads\FRST.txt
2020-04-11 13:39 - 2020-04-11 13:40 - 000000000 ____D C:\FRST
2020-04-11 13:39 - 2020-04-11 13:39 - 002281472 _____ (Farbar) C:\Users\Asus\Downloads\FRST64.exe
2020-04-11 13:38 - 2020-04-11 13:38 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-G751-Windows-10-Home-(64-bit).dat
2020-04-11 13:38 - 2020-04-11 13:38 - 000000000 ____D C:\Users\Asus\Documents\tweaking.com_registry_backup_portable
2020-04-11 13:38 - 2020-04-11 13:38 - 000000000 ____D C:\RegBackup
2020-04-11 13:07 - 2020-04-11 13:07 - 000100058 _____ C:\Users\Asus\Downloads\Important letter to view_ Your Account is overlimit, action required.pdf
2020-04-09 22:38 - 2020-04-09 22:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-04-09 21:21 - 2020-04-10 15:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-04-09 15:22 - 2020-04-09 15:22 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-04-09 10:54 - 2020-04-11 08:43 - 000000000 ____D C:\Users\Asus\AppData\LocalLow\uTorrent
2020-04-09 08:14 - 2020-04-09 08:14 - 000045205 _____ C:\Users\Asus\Downloads\Important_ Notice of Variation Withdrawal.pdf
2020-04-08 13:39 - 2020-04-08 13:47 - 000000000 ____D C:\Program Files (x86)\OSTotoSoft
2020-04-08 13:39 - 2020-04-08 13:39 - 000000000 ____D C:\ProgramData\PlugCache
2020-04-08 13:39 - 2020-04-08 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent
2020-04-08 13:33 - 2020-04-08 13:33 - 000023040 _____ C:\WINDOWS\system32\Drivers\JitDriver.sys
2020-04-08 13:33 - 2020-04-08 13:33 - 000000000 ____D C:\ProgramData\Driver Support
2020-04-08 13:32 - 2020-04-08 13:32 - 000255320 _____ (Asurvio, LP) C:\Users\Asus\Downloads\DSOne.exe
2020-04-08 12:57 - 2020-04-08 13:00 - 227287138 _____ C:\Users\Asus\Downloads\jimmy.kimmel.2020.04.07.ellen.degeneres.web.h264-trump[eztv].mkv
2020-04-08 12:56 - 2020-04-08 13:07 - 600996523 _____ C:\Users\Asus\Downloads\Jimmy.Fallon.2020.04.07.At.Home.Edition.Justin.Timberlake.WEB.x264-XLF[eztv.io].mkv
2020-04-08 12:56 - 2020-04-08 13:05 - 409855965 _____ C:\Users\Asus\Downloads\conan.2020.04.07.stephen.colbert.web.x264-xlf[eztv].mkv
2020-04-07 12:46 - 2020-04-07 12:46 - 008196784 _____ (Malwarebytes) C:\Users\Asus\Downloads\adwcleaner_8.0.4(1).exe
2020-04-07 09:09 - 2020-04-07 09:09 - 000397840 _____ C:\Users\Asus\Downloads\statement-2020-3-6(2).pdf
2020-04-06 08:20 - 2020-04-06 08:20 - 000397840 _____ C:\Users\Asus\Downloads\statement-2020-3-6.pdf
2020-04-06 08:20 - 2020-04-06 08:20 - 000397840 _____ C:\Users\Asus\Downloads\statement-2020-3-6(1).pdf
2020-04-05 10:52 - 2020-04-05 10:52 - 008196784 _____ (Malwarebytes) C:\Users\Asus\Downloads\adwcleaner_8.0.4.exe
2020-04-04 05:47 - 2020-04-04 05:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2020-04-04 05:47 - 2020-04-04 05:48 - 000000000 ____D C:\Program Files (x86)\NordVPN
2020-04-02 10:50 - 2020-04-02 10:50 - 008199856 _____ (Malwarebytes) C:\Users\Asus\Downloads\adwcleaner_8.0.3(3).exe
2020-04-02 09:42 - 2019-09-17 22:29 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20200402-094236.backup
2020-04-02 09:25 - 2020-04-02 09:25 - 001573568 _____ C:\Users\Asus\Downloads\SteamSetup(13).exe
2020-03-30 11:07 - 2020-03-30 11:09 - 008199856 _____ (Malwarebytes) C:\Users\Asus\Downloads\adwcleaner_8.0.3(2).exe
2020-03-30 10:11 - 2020-03-30 10:11 - 000000000 ____D C:\Users\Asus\AppData\Local\IsolatedStorage
2020-03-24 15:13 - 2020-03-24 15:14 - 022267336 _____ (Piriform Software Ltd) C:\Users\Asus\Downloads\ccsetup565.exe
2020-03-24 14:51 - 2020-03-24 14:51 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2020-03-24 14:48 - 2020-03-24 14:49 - 000000000 ____D C:\Users\Asus\AppData\Local\Blizzard Entertainment
2020-03-24 14:47 - 2020-03-24 14:47 - 004901872 _____ (Blizzard Entertainment) C:\Users\Asus\Downloads\World-of-Warcraft-Setup.exe
2020-03-24 14:47 - 2020-03-24 14:47 - 000000000 ____D C:\ProgramData\Battle.net
2020-03-24 14:00 - 2020-03-24 14:00 - 001573568 _____ C:\Users\Asus\Downloads\SteamSetup(12).exe
2020-03-24 14:00 - 2020-03-24 14:00 - 001573568 _____ C:\Users\Asus\Downloads\SteamSetup(11).exe
2020-03-22 12:27 - 2020-03-22 12:27 - 001573568 _____ C:\Users\Asus\Downloads\SteamSetup(10).exe
2020-03-21 15:00 - 2020-04-04 05:48 - 000000000 ____D C:\Users\Asus\AppData\Local\NordVPN
2020-03-21 15:00 - 2020-03-21 15:00 - 014075160 _____ (NordVPN) C:\Users\Asus\Downloads\NordVPNSetup.exe
2020-03-21 15:00 - 2020-03-21 15:00 - 000000000 ____D C:\ProgramData\NordVPN
2020-03-21 15:00 - 2020-03-21 15:00 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2020-03-21 14:24 - 2020-03-21 14:24 - 008199856 _____ (Malwarebytes) C:\Users\Asus\Downloads\adwcleaner_8.0.3(1).exe
2020-03-19 09:52 - 2020-03-19 09:52 - 001573568 _____ C:\Users\Asus\Downloads\SteamSetup(9).exe
2020-03-14 10:49 - 2020-03-14 10:49 - 008199856 _____ (Malwarebytes) C:\Users\Asus\Downloads\adwcleaner_8.0.3.exe
2020-03-13 01:24 - 2020-03-13 01:24 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-03-13 01:24 - 2020-03-13 01:24 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-03-13 01:24 - 2020-03-13 01:24 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-03-13 01:24 - 2020-03-13 01:24 - 006520776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-03-13 01:24 - 2020-03-13 01:24 - 004563416 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-03-13 01:24 - 2020-03-13 01:24 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-03-13 01:24 - 2020-03-13 01:24 - 001398584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-03-13 01:24 - 2020-03-13 01:24 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-03-13 01:24 - 2020-03-13 01:24 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-03-13 01:24 - 2020-03-13 01:24 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-03-13 01:24 - 2020-03-13 01:24 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-03-12 01:40 - 2020-03-12 01:40 - 011607552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-03-12 01:40 - 2020-03-12 01:40 - 009711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 025900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 022635008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 018027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 007905784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 007755776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 007259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 006436352 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 006084344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 005911040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 005112832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 004855808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 004622280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 004580352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 004471296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 004348408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 004140544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 004129648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 004048896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 003971808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 003819520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 003799552 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 003728896 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 003587896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 003552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 003488768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 003371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 003260928 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 003243296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 003143168 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 002956688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002875904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002870272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002808832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 002773568 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002768440 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-03-12 01:39 - 2020-03-12 01:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-03-12 01:39 - 2020-03-12 01:39 - 002740736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directml.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002715648 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 002698040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002522112 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002474496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002315680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002289152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002259872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002224952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002157056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002087376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002072664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 002021888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001999952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001985104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001972536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 001885184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001867816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001835128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001823232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001770552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-03-12 01:39 - 2020-03-12 01:39 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001665416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001657120 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001581056 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001555904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001513040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 001490640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001484600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001482040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 001481216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 001417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001396152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-03-12 01:39 - 2020-03-12 01:39 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001283600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-03-12 01:39 - 2020-03-12 01:39 - 001282944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001273856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001264128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001260480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001218632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001190912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 001108040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001092096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001088000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001071184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001054376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001031680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001007672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000983896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000945384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000935040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000929144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000908504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000877232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000833616 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000802304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000796904 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000776488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000769552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000757632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000741392 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000734720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetup.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbc32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000669496 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000668296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000661816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000642216 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000636848 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxs.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000627216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000605896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbc32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000551824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxs.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2020-03-12 01:39 - 2020-03-12 01:39 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000531768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-03-12 01:39 - 2020-03-12 01:39 - 000526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000522384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000510768 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000478792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-03-12 01:39 - 2020-03-12 01:39 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000457016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000429880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2020-03-12 01:39 - 2020-03-12 01:39 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Acx01000.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000320312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacEncoder.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcomapi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountCloudAP.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000260920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000250896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000248064 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacEncoder.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000234984 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000221200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000213984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000201744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000183608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000180232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000174392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000165504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000164776 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000151568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000141840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000136328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000133944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\profapi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000131896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000130112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000128312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000120560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000120048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GraphicsCapture.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000102760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profapi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2020-03-12 01:39 - 2020-03-12 01:39 - 000098104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000089616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000089568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000068408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceReactivation.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000066336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlrmdr.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000063288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmRes.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAProfileNotificationHandler.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000048256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000042336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000042296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afunix.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmprovhost.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2020-03-12 01:39 - 2020-03-12 01:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxstrace.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000029712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tbs.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxstrace.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Drivers\afunix.sys
2020-03-12 01:39 - 2020-03-12 01:39 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000028936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msauserext.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000019768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpnotify.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msauserext.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MUILanguageCleanup.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LangCleanupSysprepAction.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmplpxy.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchTM.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchTM.exe
2020-03-12 01:39 - 2020-03-12 01:39 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCertResources.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUserRes.dll
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-03-12 01:39 - 2020-03-12 01:39 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-03-12 01:38 - 2020-03-12 01:39 - 000019984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelide.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000355000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000306696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2dp.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000224056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000222520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000208696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000199992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000056632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000030008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2020-03-12 01:38 - 2020-03-12 01:38 - 000016912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys
2020-03-12 01:33 - 2020-03-12 01:33 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-03-12 01:33 - 2020-03-12 01:33 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-11 13:40 - 2019-09-18 06:06 - 000000000 ____D C:\Users\Asus\AppData\Roaming\uTorrent
2020-04-11 13:36 - 2016-11-18 09:20 - 000000000 ____D C:\Users\Asus\AppData\LocalLow\Mozilla
2020-04-11 13:26 - 2019-09-18 10:23 - 000000000 ____D C:\Users\Asus\AppData\Roaming\vlc
2020-04-11 12:56 - 2019-09-17 22:30 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-11 12:56 - 2019-09-17 21:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-11 11:24 - 2019-09-17 22:29 - 000000000 ____D C:\WINDOWS\INF
2020-04-11 11:20 - 2019-09-18 06:06 - 000000897 _____ C:\Users\Asus\Desktop\?Torrent.lnk
2020-04-11 10:17 - 2019-09-18 06:06 - 000000000 ____D C:\Users\Asus\AppData\Local\BitTorrentHelper
2020-04-11 09:24 - 2019-09-17 22:04 - 000000000 ____D C:\Users\Asus\AppData\Local\PokerStars.UK
2020-04-11 08:50 - 2019-12-01 08:11 - 000000000 ____D C:\WINDOWS\Minidump
2020-04-11 08:50 - 2019-09-17 22:30 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-04-11 08:46 - 2019-09-17 21:48 - 000776296 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-11 08:42 - 2019-09-18 06:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-04-11 08:42 - 2019-09-17 21:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-11 08:42 - 2019-09-17 21:38 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-10 22:16 - 2019-09-17 22:30 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-10 22:16 - 2019-09-17 22:30 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-10 15:56 - 2019-09-17 21:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-10 15:56 - 2019-09-17 21:40 - 000000000 ____D C:\Users\Asus
2020-04-09 22:38 - 2019-09-17 21:52 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-04-09 15:21 - 2019-09-17 22:26 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-08 13:33 - 2019-09-17 21:58 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-08 13:29 - 2019-09-17 22:00 - 000196560 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2020-04-07 12:42 - 2019-12-24 11:45 - 000000000 ____D C:\Users\Asus\AppData\Local\CrashDumps
2020-04-07 04:03 - 2015-12-18 04:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2020-04-06 18:42 - 2020-01-29 19:42 - 000003550 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2020-04-02 11:02 - 2019-09-18 06:04 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-03-30 16:54 - 2019-09-17 22:00 - 000208360 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2020-03-28 10:15 - 2019-09-18 05:57 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-03-27 01:12 - 2019-09-17 22:26 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-03-25 17:29 - 2019-09-17 21:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-03-24 19:18 - 2019-09-29 13:05 - 000000000 ____D C:\Users\Asus\AppData\Local\D3DSCache
2020-03-23 22:19 - 2019-10-21 09:56 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-03-22 10:52 - 2019-09-17 21:49 - 000003356 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4202764557-1761152932-1492796901-1001
2020-03-22 10:52 - 2019-09-17 21:40 - 000002366 _____ C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-22 10:52 - 2015-03-06 15:34 - 000000000 ___RD C:\Users\Asus\OneDrive
2020-03-18 18:55 - 2019-11-04 15:39 - 000045056 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\phantomtap.sys
2020-03-13 08:37 - 2019-09-17 22:30 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-03-13 08:37 - 2019-09-17 22:30 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-03-12 02:31 - 2019-09-17 21:36 - 000258768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-03-12 02:31 - 2015-08-02 13:21 - 000000000 ___RD C:\Users\Asus\3D Objects
2020-03-12 02:31 - 2015-03-03 11:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-03-12 02:30 - 2019-09-17 22:30 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-03-12 02:30 - 2019-09-17 22:30 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-03-12 02:30 - 2019-09-17 22:30 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-03-12 02:30 - 2019-09-17 22:30 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-03-12 02:30 - 2019-09-17 22:30 - 000000000 ____D C:\WINDOWS\SystemResources
2020-03-12 02:30 - 2019-09-17 22:30 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-03-12 02:30 - 2019-09-17 22:30 - 000000000 ____D C:\WINDOWS\system32\setup
2020-03-12 02:30 - 2019-09-17 22:30 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-03-12 02:30 - 2019-09-17 22:30 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-03-12 02:30 - 2019-09-17 22:30 - 000000000 ____D C:\Program Files\Windows Defender
2020-03-12 02:30 - 2019-09-17 22:26 - 000000000 ____D C:\WINDOWS\servicing
2020-03-12 00:02 - 2019-09-17 23:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-03-12 00:01 - 2019-09-17 23:59 - 121542864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2020-02-27 13:15 - 2020-02-27 14:19 - 000000081 _____ () C:\Users\Asus\AppData\Local\.bidstack.fault

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2020
Ran by Asus (11-04-2020 13:41:12)
Running from C:\Users\Asus\Downloads
Windows 10 Home Version 1903 18362.720 (X64) (2019-09-17 20:46:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4202764557-1761152932-1492796901-500 - Administrator - Disabled)
Asus (S-1-5-21-4202764557-1761152932-1492796901-1001 - Administrator - Enabled) => C:\Users\Asus
DefaultAccount (S-1-5-21-4202764557-1761152932-1492796901-503 - Limited - Disabled)
Guest (S-1-5-21-4202764557-1761152932-1492796901-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4202764557-1761152932-1492796901-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-4202764557-1761152932-1492796901-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

?Torrent (HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\uTorrent) (Version: 3.5.5.45628 - BitTorrent Inc.)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.344 - Adobe)
Avira (HKLM-x32\...\{59215620-90F4-474B-AB7F-C6FD9CE4CC71}) (Version: 1.2.144.30330 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{7ff7e40a-a321-45a2-a6d4-2ab2ae8ce908}) (Version: 1.2.144.30330 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2004.1828 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.32.2.34115 - Avira Operations GmbH & Co. KG)
Avira Privacy Pal (HKLM-x32\...\{F2BC8305-DFBE-4C02-A906-9BBD8EE299A3}_is1) (Version: 2.2.0.1945 - Avira Operations GmbH & Co. KG)
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.0.26.9000 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{B1F4C85F-D3BD-4672-934B-1E10AEB5E50F}) (Version: 2.0.6.27476 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.4.1.10871 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.65 - Piriform)
Free Stopwatch (HKLM-x32\...\{A1FAC1AF-5615-47FE-B5C8-5E981EC8522B}_is1) (Version: 4.0.0.0 - Comfort Software Group)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6168.8 - Waves Audio Ltd.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Firefox 75.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 75.0 (x64 en-GB)) (Version: 75.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla)
NordVPN (HKLM-x32\...\{61912B8D-78D2-4C3A-B566-F72B189F9E30}) (Version: 6.28.13 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.28.13) (Version: 6.28.13 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version: - PokerStars.uk)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)

Packages:
=========
BT Sport -> C:\Program Files\WindowsApps\BRITISHTELECOMMUNICATIONS.232108916781E_1.8.0.0_x64__p4cqfe0ssz2sj [2019-09-19] (BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY)
freda epub ebook reader -> C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.32.4.0_x64__ypmq2qh89vmny [2020-03-13] (Turnipsoft) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-02-27] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-26] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-18] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-04-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-03-13 01:16 - 2020-03-13 01:16 - 052530176 _____ () [File not signed] C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.32.4.0_x64__ypmq2qh89vmny\Freda_W10.dll
2020-03-27 20:39 - 2020-03-27 20:39 - 000913920 _____ (ServiceStack) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ServiceStack.Text\522aeaee8c19c7104b15b25bc1271e82\ServiceStack.Text.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7941 more sites.

IE trusted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\123simsen.com -> www.123simsen.com

There are 7941 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-09-17 22:30 - 2019-09-17 22:29 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Asus\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{675D2D74-1FD6-4C0A-9865-A2676697843B}C:\users\asus\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\asus\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{645DD9C1-9179-48B9-B601-18BD04E36D2C}C:\users\asus\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\asus\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E643E92B-837A-4814-8E54-CAE02B67E22F}] => (Block) C:\users\asus\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6CAD3FB3-5A77-402E-B98B-03369523643C}] => (Block) C:\users\asus\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C36CAE76-8BBE-45B3-A6F2-CBFA35561332}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A2C4F438-CDE6-40BF-9568-8AFED5D3EE6F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EA8BB482-C4DE-44FA-97F9-EF82C522D5B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{8A4B912B-A418-4019-A11E-D0A16001E10B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{80FA5F7C-8769-437C-9062-9FD079499F19}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{92991828-6328-4C79-978B-C6139DA0BEF3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{8B15BA60-2EB1-4406-BF11-E6EAAD92BC2F}] => (Allow) C:\Program Files (x86)\UltraVPN\ovpn\openvpn.exe No File
FirewallRules: [{60B42C04-0536-43E8-8A6D-8B5BE2767277}] => (Allow) C:\Program Files (x86)\UltraVPN\ovpn\openvpn.exe No File
FirewallRules: [{C87EB44B-27F6-4777-84BA-85967F1A06A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016 Test App\fm.exe No File
FirewallRules: [{ABF94669-5352-4943-92AA-3C4C920EE58C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2016 Test App\fm.exe No File
FirewallRules: [{95F0BF5D-2732-45D6-809D-9848B040CC44}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{F6F72518-628C-47E8-9C06-491901587ABB}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{14E935A3-9489-4A6B-A14B-D809DD6F72EE}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:117.35 GB) (Free:69.5 GB) (59%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/11/2020 01:33:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12892,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/11/2020 01:03:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13900,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/11/2020 12:30:41 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7472,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/11/2020 12:05:29 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4976,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/11/2020 11:31:03 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10792,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/11/2020 11:19:18 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4952,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/11/2020 11:10:35 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3164,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/11/2020 10:53:30 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8384,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (04/11/2020 12:21:25 PM) (Source: DCOM) (EventID: 10000) (User: G751)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/11/2020 11:24:57 AM) (Source: DCOM) (EventID: 10000) (User: G751)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/11/2020 10:45:49 AM) (Source: DCOM) (EventID: 10000) (User: G751)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/11/2020 10:33:38 AM) (Source: DCOM) (EventID: 10000) (User: G751)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/11/2020 10:05:43 AM) (Source: DCOM) (EventID: 10000) (User: G751)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/11/2020 09:58:32 AM) (Source: DCOM) (EventID: 10000) (User: G751)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/11/2020 08:50:29 AM) (Source: DCOM) (EventID: 10000) (User: G751)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (04/11/2020 08:42:07 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xffffa48395947060, 0xffff8108d783ec00, 0xffffa483a8e924b0). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: b0cc4eea-0c78-4fd9-9469-067d321a1a5b.


Windows Defender:
===================================
Date: 2020-04-07 13:27:10.577
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E6BDD135-D258-465D-BBCA-70B556E5A1C0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-24 14:24:15.304
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {84CE9CF3-DD26-4072-914A-089CF086485C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-22 12:40:37.631
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {AEEE89F6-F55E-4F20-B30C-8A63AA485CF0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-21 09:25:48.556
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {67A26EF6-0AE0-461F-B48B-BFA398F5ED06}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-16 18:40:29.404
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D2BAA11D-2305-4044-B093-7E172DF67978}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2020-04-11 08:42:04.363
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 08:42:04.316
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-10 15:56:50.516
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-10 15:56:50.459
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-09 15:22:08.088
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-09 15:22:08.013
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-08 16:07:19.316
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-08 16:07:19.263
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. G751JT.202 09/10/2014
Motherboard: ASUSTeK COMPUTER INC. G751JT
Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 31%
Total physical RAM: 16333.1 MB
Available physical RAM: 11161.97 MB
Total Virtual: 18765.1 MB
Available Virtual: 13046.66 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:117.35 GB) (Free:69.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data1) (Fixed) (Total:455.75 GB) (Free:397.36 GB) NTFS
Drive e: (Data2) (Fixed) (Total:455.75 GB) (Free:454.93 GB) NTFS

\\?\Volume{4c59311a-d340-4fea-92c8-bd15b1ad0d8d}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.51 GB) NTFS
\\?\Volume{509ef456-8956-4f61-9b0d-10629df599b9}\ () (Fixed) (Total:0.79 GB) (Free:0.19 GB) NTFS
\\?\Volume{1c27a6c4-000e-4499-bf2a-9e4de4645b20}\ (Restore) (Fixed) (Total:20.01 GB) (Free:9.89 GB) NTFS
\\?\Volume{b2f9285a-58e9-44be-b928-0ae4bfa60c51}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 8FFEFB6B)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 82EB289F)

Partition: GPT.

==================== End of Addition.txt =======================

Juliet
2020-04-12, 15:08
I see you have peer-to-peer (P2P) file sharing software installed on your computer (BitTorrent). I advise you avoid P2P file sharing programs; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programs.


~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Run: [] => [X]
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4622280 2020-03-12] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
ShortcutTarget: UltraVPN.lnk -> C:\Program Files (x86)\UltraVPN\UltraVPN.exe (No File)
Task: {DD895479-FB26-4567-9221-B79426525DF7} - \CCleanerSkipUAC -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 cpuz136; \??\C:\Users\Asus\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--RogueKiller--



Download & SAVE to your Desktop Download RogueKiller (https://www.bleepingcomputer.com/download/roguekiller/)

Quit all programs that you may have started.

Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or above, right-click the program file and select "Run as Administrator"

Accept the user agreements.

Execute the scan and wait until it has finished.

If a Windows opens to explain what [PUM's] are, read about it.
Click the RoguKiller icon on your taksbar to return to the report.


Click open the Report
Click Export TXT button

Save the file as ReportRogue.txt

Click the Remove button to delete the items in RED


Click Finish and close the program.


Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.



=============================

This scan may take an hour or two. Execute it when you know you will not need the computer.

ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here (http://www.bleepingcomputer.com/forums/topic114351.html).





Download esetsmartinstaller_enu.exe (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save it to your Desktop.

Double click the icon.


Check YES, I accept the Terms of Use.

Click the Start button.
Accept any security warnings from your browser.
Then select: "Enable detection of potentially unwanted applications" - Yes.
Click Advanced settings.

Check the following items.


Enable detection of potentially unwanted applications

Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Click Change next to Current scan targets:

Place a check mark in any additional drive you wish to scan then click OK.

Click Start.

ESET will then download updates and begin scanning your computer.

If no threats are found simply click Uninstall application on close and hit Finish.

If threats are found click List of found threats.



Click Export to text file.

Save the file on your Desktop as ESET.txt.

Click Back.

Check Uninstall application on close and Delete quarantined files.


Click Finish.
Close the ESET Online Scanner window.

Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.



Don't forget to re-enable your antivirus when finished!
=====================================

gpkenny
2020-04-12, 19:22
Hi Juliet...many thanks for your reply. ESET scan wouldn't run and I received an error message.. unexpected error 101.

Other logs:

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-04-2020
Ran by Asus (12-04-2020 13:43:21) Run:1
Running from C:\Users\Asus\Downloads
Loaded Profiles: Asus (Available Profiles: Asus)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Run: [] => [X]
HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4622280 2020-03-12] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
ShortcutTarget: UltraVPN.lnk -> C:\Program Files (x86)\UltraVPN\UltraVPN.exe (No File)
Task: {DD895479-FB26-4567-9221-B79426525DF7} - \CCleanerSkipUAC -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 cpuz136; \??\C:\Users\Asus\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\" => removed successfully
"HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\Software\Microsoft\Windows\CurrentVersion\Run\" => removed successfully
"HKU\S-1-5-21-4202764557-1761152932-1492796901-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"C:\Program Files (x86)\UltraVPN\UltraVPN.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD895479-FB26-4567-9221-B79426525DF7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD895479-FB26-4567-9221-B79426525DF7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\System\CurrentControlSet\Services\cpuz136 => removed successfully
cpuz136 => service removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\avira_antivirus_setup.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5272346 B
Java, Flash, Steam htmlcache => 49094223 B
Windows/system/drivers => 0 B
Edge => 33280 B
Chrome => 0 B
Firefox => 76365247 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5110128 B
Asus => 95630108 B

RecycleBin => 0 B
EmptyTemp: => 227.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:43:35 ====

RogueKiller Anti-Malware V14.4.0.0 (x64) [Apr 1 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : Asus [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200410_123333, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2020/04/12 13:53:54 (Duration : 00:05:09)
Switches : -minimize

???????????????????????? Delete ????????????????????????
[PUP.DriverTalent (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\OSTotoSoft -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] HKEY_USERS\S-1-5-21-4202764557-1761152932-1492796901-1001\Software\OSTotoSoft -- -> Deleted
[PUP.DriverTalent (Potentially Malicious)] Driver Talent.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\Driver Talent\Driver Talent.lnk (lnk => C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe []) -> Deleted
[PUP.DriverTalent (Potentially Malicious)] Uninstall Driver Talent.lnk -- %programdata%\Microsoft\Windows\Start Menu\Programs\Driver Talent\Uninstall Driver Talent.lnk (lnk => C:\Program Files (x86)\OSTotoSoft\DriverTalent\Uninstall.exe []) -> Deleted
[PUP.DriverTalent (Potentially Malicious)] OSTotoSoft -- %programfiles(x86)%\OSTotoSoft -> Deleted

Juliet
2020-04-13, 14:09
Let's see if we can get this scanner to work. Might have to temporarily disable your antivirus to run, don't forget tot turn it back on when finished.

http://i.imgur.com/G0tu5D9.pngEmsisoft Emergency Kit - Fix Mode
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it. From there, click on the Install button to extract the program in the EEK folder;
Once the extraction is complete, the EEK folder will open. Right-click on http://i.imgur.com/G0tu5D9.pngstart emergency kit scanner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, open EEK again (in the C:\EEK folder);
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;
Save the log on your desktop, then open it, and copy/paste its content in your next reply;


How is the computer now?

gpkenny
2020-04-13, 17:10
Thanks a million, my machine is running much better now

Emsisoft Emergency Kit - Version 2020.4
Last update: 13/04/2020 15:07:24
My own G751\Asus
G751
Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: ON
Scan archives: OFF
Scan mail archives: OFF
ADS Scan: ON
File extension filter: OFF
Direct disk access: OFF

Scan start: 13/04/2020 15:07:39
C:\Users\Asus\Downloads\chesstitans.exe detected: Application.AdSearch (A) [302417]

Scanned 78206
Found 1

Scan end: 13/04/2020 15:08:49
Scan time: 0:01:10

C:\Users\Asus\Downloads\chesstitans.exe Application.AdSearch (A)

Quarantined 1

Juliet
2020-04-13, 22:41
Thanks a million, my machine is running much better now
Good deal.
You have Malwarebytes version 4.1.0.56, this is the most current version, update it often and run periodical scans and you should be in good shape.

I think we're ready to remove tools and quarantine folders.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Use this tool to remove quarantined items:

Please download KpRm (https://toolslib.net/downloads/viewdownload/951-kprm) by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.


Vista/Windows 7/8/10 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).

Put a check mark next to these items:


- Delete tools

Click the "Run" button.

When the tool has finished, it will create and open a log report and delete itself.


~~~~~~~~~~~~~~~~~~~~~

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bundled software in programme installers; helping you avoid adware and PUPs.