PDA

View Full Version : Premium Search Trojan



shumik
2020-07-19, 03:44
Hello, I got infected with Premium Search and I was able to remove most of it with Spybot. Now I am having trouble with certain apps that won't load due to missing .dll files. Here are the ones I know about:

Skype: missing - HID.DLL
eMClient: missing DLL libcef

I'm not sure what else may be going on but this computer is only a few months old and just seems to be acting weird! I have backups on an external drive that I could go back to if I must but there is an issue with that too. Dell has 6 partitions on my C: drive and 4 of them don't have drive letters and my backup program didn't like that so I haven't been backing up those partitions. Since I don't know what is on those partitions I'm hesitant to do a restore at this point in time. I'm using EaseUS Todo free version. But here is where I'm at right now.

Following the instructions on "Before you post" I backed up my registry, got the Farbar logs, and downloaded aswMBR. But twice now while attempting to run the aswmbr tool, when I click "Yes" at the prompt "The computer supports "Virtualization Technology" it shows the Microsoft reporting tool screen and does a restart. I'm afraid to try it a 3rd time because after the 2nd time all I had was a black screen and I had to do a manual restart. I don't know where to go from here. Can someone help me? Thank you.

Juliet
2020-07-19, 14:43
Don't worry about trying to run aswMBR again, my opinion is it's not compatible with your machine.

When trying to find some information about the name you have Trojan Premium Search, I think it says linked to android, such as a phone?
If you have tethered these two together or downloaded an app for your phone, find and delete that app.

I need to see the two logs created from Farbar Recovery tool
FRST.txt & Addition.txt should be on your Desktop. Copy the contents of both logs and paste in your next reply.

shumik
2020-07-19, 19:26
Don't worry about trying to run aswMBR again, my opinion is it's not compatible with your machine.

When trying to find some information about the name you have Trojan Premium Search, I think it says linked to android, such as a phone?
If you have tethered these two together or downloaded an app for your phone, find and delete that app.

I need to see the two logs created from Farbar Recovery tool
FRST.txt & Addition.txt should be on your Desktop. Copy the contents of both logs and paste in your next reply.

Hi Juliet and thank you for helping me.

As far as the android goes, the only thing that I can think of is an outdoor movie projector running android 7.1. I downloaded the phone app named "Nebula Connect" to my iPhone. Everything else in the house is iOS. I will delete that app for now but I need it to run the projector so I might need to re-install it later, if that's ok? Here are the files:

13244

shumik
2020-07-19, 20:03
Juliet, I was just looking at my routers previously connected devices and I saw what called "SmartInn Android Device Phone". I think it is related to the outdoor projector but I went ahead and blocked it anyways.

Juliet
2020-07-19, 23:54
If I'm right, even older items can still be found to have had access to your router....they might have been added to the rubbish bin a long time ago.

You zipped files, I can't use those.
If you can, please open the files, copy and paste in your next reply. If they are to large to fit in in one post, make multiple posts please.

shumik
2020-07-21, 00:34
I'm sorry Juliet, I saw that .zip was an acceptable format so I used it. This is FRST Reply Logs #1:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by shumi (administrator) on DESKTOP-AT4C6NI (Dell Inc. G5 5090) (18-07-2020 18:25:37)
Running from C:\Users\Mike\Desktop
Loaded Profiles: shumi & Mike
Platform: Windows 10 Home Version 1909 18363.959 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Background.Server.exe
(Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe
(Dell Inc) C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AWCC.exe
(Dell Inc) C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\GameLibrary\GameLibraryAppService.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe <3>
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.6.124.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_4\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Mike\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12007.1001.2.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.) C:\Windows\OEM05Mon.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_d270e5eea12c358c\Display.NvContainer\NVDisplay.Container.exe <2>
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1428\DSAPI.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe
(Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [881440 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWelcome.exe [345848 2019-06-20] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
HKLM-x32\...\Run: [OEM05Mon.exe] => C:\Windows\OEM05Mon.exe [36864 2007-05-09] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-11-12] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [35648 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [17600 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388304 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end (the data entry has 94 more characters).
HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [151552 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {055121b2-0927-4254-af0a-4f668e39e469} - no filepath
Task: {1AAAC944-980E-473F-8523-1A0FC55D45E9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1DB15D2E-B453-4B9E-8FDC-23E810D8642B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2cb54e1f-62d9-4c14-814c-955ef69c155b} - no filepath
Task: {2EB0846B-4CD0-4887-8831-95F49B3B9C08} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {30bdde01-accc-4d79-8aa1-44749ff27256} - no filepath
Task: {3369d6ed-ba7f-49d1-8833-d3a224675608} - no filepath
Task: {3497e3f2-c9b7-425a-9fec-440c2225f44b} - no filepath
Task: {385D36D3-3AD7-4387-8977-4142A596D556} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3993BE6A-2743-412C-B729-C32EAD59D2E0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3c2803c4-858e-4647-bcea-ae4e80f67684} - no filepath
Task: {3d72d2b4-03b7-4849-ab88-a5fff70cf3ca} - no filepath
Task: {3F1405DA-0745-4CFA-B413-F2F495732CE0} - System32\Tasks\NahimicTask64 => C:\Windows\system32\.\NahimicSvc64.exe [1057016 2019-06-18] (A-Volute -> Nahimic)
Task: {418c504c-83ed-4d71-969e-028375ff1e54} - no filepath
Task: {466899a2-6185-4d64-8104-d216ee4a894f} - no filepath
Task: {48EE3882-DA3C-44BF-BB45-A25F97D4D20D} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4185384 2020-05-15] (McAfee, LLC -> McAfee, LLC)
Task: {4eab12b2-4683-4f9c-bde8-2392a04f3864} - no filepath
Task: {4F340B10-30AF-4FE1-9EE3-6E5251C1A72E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7337200 2020-03-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {4FDD7CBC-2645-447D-AE36-0E9D1EAE4550} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1850776 2020-07-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {5b49af16-6ab4-45fc-9d9d-dcd31eed3710} - no filepath
Task: {5f143149-37b1-49a4-8891-7cd86fc9ae8b} - no filepath
Task: {5f6a4b10-041d-4264-83bb-02eaed7bb197} - no filepath
Task: {5FF006AF-4159-4149-A664-6B8E9EA53BD9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6192232A-F830-4F31-81DD-B19301E955AE} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {64253CA3-F8B8-4974-9130-1B2CB53BC978} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4592776 2020-05-15] (McAfee, LLC -> McAfee, LLC)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {69CCE445-F916-4131-88B0-2845873E702B} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1075528 2020-05-14] (McAfee, LLC -> McAfee, LLC)
Task: {71696419-4242-4FC3-9F34-CC8D3773A445} - System32\Tasks\NahimicTask32 => C:\Windows\system32\..\SysWOW64\NahimicSvc32.exe [787696 2019-06-18] (A-Volute -> Nahimic)
Task: {7CF3EFE3-768D-493A-B673-15E544A10E90} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {81d18dbf-731c-4226-8e85-44bda75e5bc7} - no filepath
Task: {872639B6-9AF3-4EDE-9F67-95202D1D5C40} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {88705944-A5C0-4D71-B4B1-EAC80CBDCC59} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23815032 2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8BBC14B8-74FE-48CE-97DE-8C52B69F89B4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [764640 2020-06-08] (McAfee, LLC -> McAfee, LLC)
Task: {8bc86d5f-5453-4d79-b4f2-dac073199006} - no filepath
Task: {8E014A58-DE32-42AD-AB9C-499813346BCA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1553880 2020-05-03] (Dell Inc. -> Dell Inc.)
Task: {8F32BDA6-7819-48C6-8840-73E912D1F49E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1075528 2020-05-14] (McAfee, LLC -> McAfee, LLC)
Task: {92BE591D-26ED-493D-A459-9127F1040AE1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23815032 2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {9553b533-d4c8-4a4d-a7a9-beecf3652c25} - no filepath
Task: {964ea2cc-52f0-4e92-957f-8c54d1145996} - no filepath
Task: {9e5834c3-5a31-45d9-8652-74df9bb6aea7} - no filepath
Task: {A1D9C246-3D7D-4355-818E-78406D29D57C} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1057016 2019-06-18] (A-Volute -> Nahimic)
Task: {a687a4ff-47a3-4310-a426-fa53bba6280a} - no filepath
Task: {AD7D15C5-D95E-4868-999C-6B5180C26D39} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [787696 2019-06-18] (A-Volute -> Nahimic)
Task: {BBBD58FE-B34B-4FC1-8103-592C128E5CB4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6166736 2020-03-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {BE88915C-2E57-4B46-B71A-DC0BF34F0AF3} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.9.577\mcdatrep.exe [1826656 2020-03-28] (McAfee, Inc. -> McAfee, LLC.)
Task: {d0815cd0-a575-4fde-82fb-9a3e8c9b4c24} - no filepath
Task: {d7bc42e8-f1a0-44dd-a2e6-96ed36ff930f} - no filepath
Task: {E1074DC0-A698-4A19-9566-62E5CE6DF870} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [170856 2020-07-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {e8c27b85-79f2-4f76-99e2-433d872ae0cf} - no filepath
Task: {ECDAA5FD-EDBF-4097-8AD0-35377637E1FA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EF7E138F-4FB5-4B9E-AE85-FA6129B91238} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [170856 2020-07-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE418BE1-B272-4D93-8246-26D35BA8FA89} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6772d706-e188-4efa-8c4e-cf8cfea44e65}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE
HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-07-16] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-04-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation -> Zeon Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-07-16] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)

Edge:
======
DownloadDir: D:\shumi\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001 -> hxxp://yahoo.com/
Edge HomeButtonPage: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007 -> hxxps://www.yahoo.com/
Edge Extension: (No Name) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.50.1.0_neutral__qq0fmhteeht3j [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\shumi\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-18]
Edge DownloadDir: D:\shumi\Downloads
Edge HomePage: Default -> hxxp://yahoo.com/
Edge StartupUrls: Default -> "hxxps://www.yahoo.com/"

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-07-16] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2020-07-05] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-06-08] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-04-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-06-08] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-04-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation -> Zeon Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AWCCService; C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe [15424 2020-03-26] (Dell Inc -> Dell Technologies)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10574712 2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [248376 2020-01-22] (Dell Technologies Inc. -> Dell Technologies Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3359288 2020-01-22] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [271416 2020-01-22] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [38096 2020-01-24] (Dell Inc -> )
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1428\DSAPI.exe [965104 2020-05-05] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [308424 2019-09-25] (Dell Inc -> Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36544 2020-04-17] (Dell Inc -> )
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40104 2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [1731592 2019-10-22] (Rivet Networks LLC -> Rivet Networks)
R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2649608 2019-10-22] (Rivet Networks LLC -> Rivet Networks)
R3 Killer Wifi Optimization Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73720 2019-10-22] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [946256 2020-07-16] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_4\McApExe.exe [768256 2020-06-08] (McAfee, LLC -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [460704 2019-08-14] (McAfee, LLC. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.6.124.0\\McCSPServiceHost.exe [2726312 2020-05-28] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-03-27] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-03-27] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-03-27] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1742272 2020-05-15] (McAfee, LLC -> McAfee, LLC)
R2 NahimicService; C:\Windows\system32\NahimicService.exe [1305840 2019-06-18] (A-Volute -> Nahimic)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77336 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4212808 2020-05-26] (McAfee, LLC -> McAfee, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892080 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4741680 2020-03-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38360 2020-05-03] (Dell Inc. -> Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S2 xTendSoftAPService; C:\Windows\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [73728 2019-10-22] (Rivet Networks LLC -> Rivet Networks, LLC.)
R2 xTendUtilityService; C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [73736 2019-10-22] (Rivet Networks LLC -> Rivet Networks, LLC.)
S3 XTU3SERVICE; C:\Windows\SysWOW64\XtuService.exe [79960 2019-08-08] (Intel Corporation -> Intel(R) Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_d270e5eea12c358c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_d270e5eea12c358c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AWCCDriver; C:\Windows\System32\drivers\AWCCDriver.sys [42440 2020-03-21] (IndiLogic LLC -> Dell Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-03-21] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75704 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
R3 CyUcmClient_Device; C:\Windows\System32\drivers\CyUcmClient.sys [165224 2019-05-21] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
R3 DBUtilDrv2; C:\Windows\System32\drivers\DBUtilDrv2.sys [24952 2020-05-25] (Microsoft Windows Hardware Compatibility Publisher -> )
R4 DBUtil_2_3; C:\Windows\TEMP\DBUtil_2_3.Sys [14840 2020-07-17] (Dell Inc. -> )
R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [35704 2020-01-03] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R3 e2kw10x64; C:\Windows\System32\drivers\e2kw10x64.sys [1168168 2019-07-09] (Realtek Semiconductor Corp. -> Realtek)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [73448 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [53504 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [22784 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [341760 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.)
R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [179336 2019-10-22] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [528824 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [382392 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85928 2020-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [521648 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [1000880 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [595592 2020-05-01] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108168 2020-05-01] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116664 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252336 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_d270e5eea12c358c\nvlddmkm.sys [24671128 2020-06-22] (NVIDIA Corporation -> NVIDIA Corporation)
R3 NvModuleTracker; C:\Windows\System32\drivers\NvModuleTracker.sys [50592 2020-03-04] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [67456 2020-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
R3 OEM05Afx; C:\Windows\system32\Drivers\OEM05Afx.sys [212864 2007-06-08] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 OEM05Vfx; C:\Windows\system32\DRIVERS\OEM05Vfx.sys [12288 2007-03-05] (Microsoft Windows Hardware Compatibility Publisher -> EyePower Games Pte. Ltd.)
R3 OEM05Vid; C:\Windows\system32\DRIVERS\OEM05Vid.sys [266720 2007-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 ScrHIDDriver2; C:\Windows\System32\drivers\ScrHIDDriver2.sys [68576 2019-06-13] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
R3 UcmCxUcsiNvppc; C:\Windows\System32\DriverStore\FileRepository\nvppc.inf_amd64_0f22333f160a8f42\UcmCxUcsiNvppc.sys [774856 2020-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 XTUComponent; C:\Windows\System32\drivers\iocbios2.sys [47520 2019-08-08] (Intel Corporation -> Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

shumik
2020-07-21, 00:38
This is FRST Reply Logs #2:



==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-18 18:25 - 2020-07-18 18:26 - 000037257 _____ C:\Users\Mike\Desktop\FRST.txt
2020-07-18 18:24 - 2020-07-18 18:25 - 000000000 ____D C:\FRST
2020-07-18 18:18 - 2020-07-18 18:19 - 002292736 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2020-07-18 18:16 - 2020-07-18 18:16 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-AT4C6NI-Windows-10-Home-(64-bit).dat
2020-07-18 18:16 - 2020-07-18 18:16 - 000000000 ____D C:\RegBackup
2020-07-18 18:15 - 2020-07-18 18:15 - 000002334 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2020-07-18 18:15 - 2020-07-18 18:15 - 000002334 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2020-07-18 18:15 - 2020-07-18 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2020-07-18 18:15 - 2020-07-18 18:15 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2020-07-18 18:14 - 2020-07-18 18:15 - 000018118 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2020-07-18 18:11 - 2020-07-18 18:11 - 005766144 _____ (Tweaking.com) C:\Users\Mike\Desktop\tweaking.com_registry_backup_setup.exe
2020-07-18 18:05 - 2020-07-18 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-07-18 02:00 - 2020-07-18 02:00 - 000415744 ___SH C:\EUMONBMP.SYS
2020-07-18 02:00 - 2020-07-18 02:00 - 000004096 ___SH C:\{F7181FB4-250E-4F20-B27A-089E694454BE}.CBM
2020-07-17 13:34 - 2020-07-17 13:34 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4258859072-2134369477-3650907842-1007
2020-07-17 13:34 - 2020-07-17 13:34 - 000003112 _____ C:\Windows\system32\Tasks\NahimicTask32
2020-07-17 13:34 - 2020-07-17 13:34 - 000003092 _____ C:\Windows\system32\Tasks\NahimicTask64
2020-07-17 13:34 - 2020-07-17 13:34 - 000002366 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-15 10:44 - 2020-07-15 10:44 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4258859072-2134369477-3650907842-1001
2020-07-15 10:44 - 2020-07-15 10:44 - 000002369 _____ C:\Users\shumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-15 02:38 - 2020-07-15 02:38 - 025902592 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 025444352 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 022641664 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 019851776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 019812864 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 018031104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 017792512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 014820352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 009931576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 008015872 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 007917408 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 007850288 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 007823912 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 007604584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 007297536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 007269376 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 007268640 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 007012864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 006523856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 006437376 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 006292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 006233080 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 006169088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 006089512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 005946368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 005765648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 005111808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 005099384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 004625192 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 004565264 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 004129424 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 004014592 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Service.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 003974368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 003800576 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 003748352 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 003743048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 003727360 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-07-15 02:38 - 2020-07-15 02:38 - 003712000 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 003084800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-07-15 02:38 - 2020-07-15 02:38 - 002768984 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002737664 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002716672 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-07-15 02:38 - 2020-07-15 02:38 - 002576896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002552120 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002505496 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002494744 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002467840 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002448712 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002357248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Perception.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002285056 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.3D.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002264064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002237096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002161664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002087168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002074112 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\cdprt.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001991592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001952880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001946144 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001918464 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001885184 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001877504 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001827328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001821696 _____ (Microsoft Corporation) C:\Windows\system32\CoreShell.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001787392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001764336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001745728 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001743680 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001737728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001723392 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001697792 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001665728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001658368 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001656904 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001655472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001654304 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001640448 _____ (Microsoft Corporation) C:\Windows\system32\TaskFlowDataEngine.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001612800 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001610240 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001604608 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001581568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Perception.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001550336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001540608 _____ (Microsoft Corporation) C:\Windows\system32\WindowManagement.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001512960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdprt.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001500160 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001486848 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 001484384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001477632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001463808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001458688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001420328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001397568 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 001392128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.FaceAnalysis.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001385696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001374208 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001371136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001357824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001346048 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001337856 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001335296 _____ (Microsoft Corporation) C:\Windows\system32\MiracastReceiver.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001307136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001290192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001284608 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001284608 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001271296 _____ (Microsoft Corporation) C:\Windows\system32\SEMgrSvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001265152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001247232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001223168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001195008 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001183744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001159168 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001151816 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001151304 _____ (Microsoft Corporation) C:\Windows\system32\InputHost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001149712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 001125376 _____ (Microsoft Corporation) C:\Windows\system32\CBDHSvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001121792 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001100800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001086776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Services.TargetedContent.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001081344 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001077048 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001059840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001055232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001048992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001028336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Perception.Stub.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001014784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001009152 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001008960 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 001007616 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000995840 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000967680 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000958608 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000950272 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000949760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Ocr.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000945176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000931840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000922624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Service.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000919880 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000917504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000913408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000912896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MiracastReceiver.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000899584 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnostics.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000898048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000895600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000892928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000891392 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000889416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000882184 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000882176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000875008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000867840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000865280 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000848384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000844096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000827904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Import.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000822200 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000821232 _____ (Microsoft Corporation) C:\Windows\system32\windows.applicationmodel.datatransfer.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000814080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000809984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Input.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000797448 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000793320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputHost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000783488 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000779080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000778872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000750592 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000750080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000742712 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000737792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Launcher.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\windows.immersiveshell.serviceprovider.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000727040 _____ (Microsoft Corporation) C:\Windows\system32\agentactivationruntime.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000722072 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000716288 _____ (Microsoft Corporation) C:\Windows\system32\agentactivationruntimewindows.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000695208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\LockController.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000689664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Ocr.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000685384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000684864 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000678720 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000673448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000656696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2020-07-15 02:38 - 2020-07-15 02:38 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000651264 _____ (Microsoft Corporation) C:\Windows\system32\DevicesFlowBroker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000639488 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000638464 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000630784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.AllJoyn.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000628416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000628024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000624640 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000616960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.LowLevel.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000614912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000614912 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000608256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.Phone.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000605896 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000602112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Payments.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000600064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000596992 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000594992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Perception.Stub.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000593408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000584704 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000582056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.applicationmodel.datatransfer.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000570368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Import.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000565248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.Input.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-07-15 02:38 - 2020-07-15 02:38 - 000549048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000544256 _____ (Microsoft Corporation) C:\Windows\system32\usosvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000542288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000540672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000538664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000526848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000524784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Enumeration.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000522240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Launcher.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000521728 _____ (Microsoft Corporation) C:\Windows\system32\WinBioDataModel.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000518656 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000518464 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000513024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000513024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Activities.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Desktop.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000502784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFiDirect.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000495616 _____ (Microsoft Corporation) C:\Windows\system32\RTMediaFrame.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000490496 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000484352 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000478296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountWAMExtension.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\Geolocation.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000467960 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000467456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Picker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000467456 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000466432 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000461112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000458240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000453944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000442096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000434176 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountExtension.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000432128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Midi.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000432128 _____ (Microsoft Corporation) C:\Windows\system32\WalletService.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000430592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000419328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000419328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.NetworkOperators.ESim.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000416768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000416768 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000412672 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000411640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000410112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.Phone.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000406992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000406992 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000405944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Payments.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000399672 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DataModel.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000397824 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Lights.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000395264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Preview.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000392504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000388096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000381152 _____ (Microsoft Corporation) C:\Windows\system32\CredentialEnrollmentManager.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000380224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000375296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Diagnostics.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000374272 _____ (Microsoft Corporation) C:\Windows\system32\PickerPlatform.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Geolocation.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000361472 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000361472 _____ (Microsoft Corporation) C:\Windows\system32\QuickActionsDataModel.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\wpnclient.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RTMediaFrame.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000352256 _____ (Microsoft Corporation) C:\Windows\system32\APHostService.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000345560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000340328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000338944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Picker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000335360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountWAMExtension.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000334336 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Cortana.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\windows.internal.shellcommon.shareexperience.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2020-07-15 02:38 - 2020-07-15 02:38 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Midi.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000311608 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostBroker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000311440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Devices.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\TDLMigration.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000293888 _____ (Microsoft Corporation) C:\Windows\system32\CXHProvisioningServer.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnclient.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000292864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Diagnostics.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000290304 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000287744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.Preview.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicCapsule.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.ESim.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000283136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.AppDefaults.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Lights.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000274432 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Identity.Provider.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PickerPlatform.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000268552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000266552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemSettings.DataModel.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000265728 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
2020-07-15 02:38 - 2020-07-15 02:38 - 000260288 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000256000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConsoleLogon.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\PasswordEnrollmentManager.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000247864 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000242688 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManagerClient.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\dialclient.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000239928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Workplace.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.CapturePicker.Desktop.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\HoloShellRuntime.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2020-07-15 02:38 - 2020-07-15 02:38 - 000220992 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000220672 _____ (Microsoft Corporation) C:\Windows\system32\MtcModel.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000219136 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2020-07-15 02:38 - 2020-07-15 02:38 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Core.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\PeopleBand.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\DiagSvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000211256 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\ErrorDetails.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000206336 _____ (Microsoft Corporation) C:\Windows\system32\useractivitybroker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000204608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2020-07-15 02:38 - 2020-07-15 02:38 - 000200704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Internal.Input.ExpressiveInput.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000199496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000196096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000195584 _____ (Microsoft Corporation) C:\Windows\system32\AarSvc.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000193600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\weretw.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000190056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000188928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000188928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2020-07-15 02:38 - 2020-07-15 02:38 - 000186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000183808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Energy.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\dialserver.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Clipboard.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000179512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2020-07-15 02:38 - 2020-07-15 02:38 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\PrintWorkflowService.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\AppExtension.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000178688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Graphics.Display.DisplayEnhancementManagement.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000176952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Management.Workplace.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HoloShellRuntime.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dialclient.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.CapturePicker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000165840 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000165376 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000162816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ErrorDetails.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\PrintWSDAHost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\useractivitybroker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SerialCommunication.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000150336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000147968 _____ (Microsoft Corporation) C:\Windows\system32\Family.Client.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000146232 _____ (Microsoft Corporation) C:\Windows\system32\ResourcePolicyServer.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintWorkflowService.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Energy.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Graphics.Display.DisplayEnhancementManagement.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppExtension.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Storage.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000132408 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingExperienceMEM.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\CredDialogBroker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000130560 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\CameraCaptureUI.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\CaptureService.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000127064 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintWSDAHost.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000118272 _____ (Microsoft Corporation) C:\Windows\system32\EaseOfAccessDialog.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000110040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\Family.Authentication.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\DiagnosticInvoker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CameraCaptureUI.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EaseOfAccessDialog.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000093184 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Graphics.Display.DisplayColorManagement.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\keyiso.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000089328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicAgent.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000086272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\SystemUWPLauncher.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkInternalPS.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Print.Workflow.Source.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000076952 _____ (Microsoft Corporation) C:\Windows\system32\CredentialEnrollmentManagerForUser.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DiagnosticInvoker.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000071168 _____ (Microsoft Corporation) C:\Windows\system32\MiracastReceiverExt.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000070248 _____ (Microsoft Corporation) C:\Windows\system32\ResourcePolicyClient.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\udhisapi.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\keyiso.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Graphics.Display.DisplayColorManagement.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemUWPLauncher.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iemigplugin.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Print.Workflow.Source.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\AxInstUI.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\udhisapi.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MiracastReceiverExt.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000052152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ResourcePolicyClient.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\npmproxy.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\upnpcont.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000040248 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkPS.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\UIMgrBroker.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
2020-07-15 02:38 - 2020-07-15 02:38 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerClient.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\nlmproxy.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicPS.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\PrintWorkflowProxy.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\CSystemEventsBrokerClient.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemEventsBrokerClient.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\nlmsprep.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintWorkflowProxy.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.Native.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\UIManagerBrokerps.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.Native.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-07-15 02:34 - 2020-06-29 23:32 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-07-15 02:34 - 2020-06-29 23:26 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-07-12 12:31 - 2020-06-29 16:05 - 000454708 ____R C:\Windows\system32\Drivers\etc\hosts.20200712-123102.backup
2020-07-08 19:52 - 2020-07-08 19:52 - 000000000 ____D C:\Users\Mike\Apple
2020-07-08 19:50 - 2020-07-08 19:50 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2020-07-08 19:38 - 2020-07-08 19:38 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-08 19:38 - 2020-07-08 19:38 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-08 19:38 - 2020-07-08 19:38 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-08 19:38 - 2020-07-08 19:38 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-08 19:38 - 2020-07-08 19:38 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-08 19:38 - 2020-07-08 19:38 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-08 19:38 - 2020-07-08 19:38 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-08 19:38 - 2020-07-08 19:38 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-08 19:38 - 2020-07-08 19:38 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-08 19:38 - 2020-07-08 19:38 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-07-08 19:38 - 2020-06-23 09:20 - 002754024 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2020-07-08 19:38 - 2020-06-23 09:20 - 002122216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2020-07-08 19:38 - 2020-03-04 07:54 - 001804784 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2020-07-08 19:38 - 2020-03-04 07:54 - 000050592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2020-07-05 11:03 - 2020-07-05 11:03 - 000000000 ____D C:\Users\Brenda\AppData\Local\NVIDIA
2020-07-05 02:24 - 2020-07-05 02:24 - 000003316 _____ C:\Windows\system32\Tasks\McAfeeLogon
2020-07-05 02:23 - 2020-04-09 15:15 - 000528824 _____ (McAfee, LLC) C:\Windows\system32\Drivers\mfeaack.sys
2020-07-05 02:23 - 2020-04-09 15:15 - 000116664 _____ (McAfee, LLC) C:\Windows\system32\Drivers\mfeplk.sys
2020-07-05 02:23 - 2020-03-27 22:08 - 000567192 _____ (McAfee, LLC) C:\Windows\system32\mfevtps.exe
2020-07-01 19:36 - 2020-07-01 19:37 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000.001\AppData\Local\ConnectedDevicesPlatform
2020-07-01 19:36 - 2020-07-01 19:37 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000.001
2020-06-29 16:38 - 2020-06-29 16:38 - 000000000 ____D C:\Program Files (x86)\APC
2020-06-29 16:36 - 2020-06-29 16:36 - 013923704 _____ (Schneider Electric) C:\Users\shumi\PCPE Setup.exe
2020-06-29 16:36 - 2020-06-29 16:36 - 001079808 _____ (Microsoft Corporation) C:\Users\shumi\mfc80u.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000626688 _____ (Microsoft Corporation) C:\Users\shumi\msvcr80.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000021880 _____ (Schneider Electric) C:\Users\shumi\grm_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000021880 _____ (Schneider Electric) C:\Users\shumi\fr_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\pt_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\it_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\es_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\en_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000020856 _____ (Schneider Electric) C:\Users\shumi\ru_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000020344 _____ (Schneider Electric) C:\Users\shumi\jp_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000019832 _____ (Schneider Electric) C:\Users\shumi\zh_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000018808 _____ C:\Users\shumi\ResourceReader.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000000550 _____ C:\Users\shumi\Microsoft.VC80.MFC.manifest
2020-06-29 16:36 - 2020-06-29 16:36 - 000000522 _____ C:\Users\shumi\Microsoft.VC80.CRT.manifest
2020-06-29 16:36 - 2020-06-29 16:36 - 000000017 _____ C:\Users\shumi\dotnetfolder.txt
2020-06-29 16:26 - 2020-06-29 16:26 - 000000000 ____D C:\Users\Mike\AppData\Local\NVIDIA
2020-06-29 16:24 - 2020-06-29 16:24 - 000000000 ____D C:\Users\Grandkids\AppData\Local\NVIDIA
2020-06-29 16:05 - 2020-06-29 12:41 - 000454708 ____R C:\Windows\system32\Drivers\etc\hosts.20200629-160516.backup
2020-06-29 15:23 - 2020-06-21 22:05 - 000222112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2020-06-29 15:23 - 2020-06-21 22:05 - 000039824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2020-06-29 15:22 - 2020-06-22 17:02 - 001780960 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-06-29 15:22 - 2020-06-22 17:02 - 001780960 _____ C:\Windows\system32\vulkaninfo.exe
2020-06-29 15:22 - 2020-06-22 17:02 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-06-29 15:22 - 2020-06-22 17:02 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-06-29 15:22 - 2020-06-22 17:02 - 001086680 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-06-29 15:22 - 2020-06-22 17:02 - 001086680 _____ C:\Windows\system32\vulkan-1.dll
2020-06-29 15:22 - 2020-06-22 17:02 - 000946400 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-06-29 15:22 - 2020-06-22 17:02 - 000946400 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-06-29 15:22 - 2020-06-22 17:02 - 000455408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-06-29 15:22 - 2020-06-22 17:02 - 000351128 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 006652816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 005883280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 003902864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 002368912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 002075376 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 001568496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 001486744 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 001146264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 001016544 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 000817544 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 000812440 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 000674016 _____ C:\Windows\system32\nvofapi64.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 000669424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 000656792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 000581872 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2020-06-29 15:22 - 2020-06-22 17:00 - 000555928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 000543112 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-06-29 15:22 - 2020-06-22 17:00 - 000444816 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2020-06-29 15:22 - 2020-06-22 16:59 - 005383864 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-06-29 15:22 - 2020-06-22 16:59 - 004705744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-06-29 15:22 - 2020-06-22 16:59 - 000850824 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2020-06-29 15:22 - 2020-06-21 22:05 - 000078796 _____ C:\Windows\system32\nvinfo.pb
2020-06-29 15:16 - 2020-07-08 19:38 - 000001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2020-06-29 15:16 - 2020-07-08 19:38 - 000001449 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2020-06-29 15:16 - 2020-03-11 14:26 - 000067456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2020-06-29 14:52 - 2020-06-29 14:52 - 000000218 _____ C:\Windows\wininit.ini
2020-06-29 12:41 - 2020-04-17 10:57 - 000454708 ____R C:\Windows\system32\Drivers\etc\hosts.20200629-124123.backup
2020-06-29 12:36 - 2020-06-29 15:07 - 000011358 _____ C:\ProgramData\DisplaySessionContainer3.log_backup1
2020-06-26 13:10 - 2020-06-29 15:07 - 000073687 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
2020-06-26 13:10 - 2020-06-28 14:13 - 000011324 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
2020-06-26 13:10 - 2020-06-26 13:10 - 000011588 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
2020-06-26 13:10 - 2020-06-26 13:10 - 000001205 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
2020-06-25 13:23 - 2020-06-25 13:23 - 000003388 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4258859072-2134369477-3650907842-1008
2020-06-25 13:23 - 2020-06-25 13:23 - 000002381 _____ C:\Users\Grandkids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-25 13:22 - 2020-06-26 13:08 - 000011192 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
2020-06-23 20:28 - 2020-06-23 20:28 - 000003382 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4258859072-2134369477-3650907842-1006
2020-06-23 20:28 - 2020-06-23 20:28 - 000002372 _____ C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-23 20:23 - 2020-06-23 20:23 - 000009946 _____ C:\ProgramData\DisplaySessionContainer5.log_backup1
2020-06-23 20:22 - 2020-06-29 16:02 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000
2020-06-23 20:22 - 2020-06-23 20:22 - 000000020 ___SH C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\ntuser.ini
2020-06-23 20:22 - 2020-06-23 20:22 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\AppData\Local\VirtualStore
2020-06-23 20:22 - 2020-06-23 20:22 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\AppData\Local\Packages
2020-06-23 20:22 - 2020-06-23 20:22 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\AppData\Local\NVIDIA Corporation
2020-06-23 20:22 - 2020-06-23 20:22 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\AppData\Local\ConnectedDevicesPlatform
2020-06-23 20:22 - 2019-03-18 23:46 - 000001105 _____ C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-20 16:39 - 2020-06-20 16:39 - 000002747 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo.lnk
2020-06-20 15:44 - 2020-07-15 08:56 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-20 15:44 - 2020-07-15 08:56 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-06-20 15:44 - 2020-07-15 08:56 - 000002280 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-06-20 15:43 - 2020-07-16 03:26 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2020-06-20 15:43 - 2020-07-15 18:56 - 000003478 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-20 15:43 - 2020-07-15 18:56 - 000003354 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-18 18:26 - 2020-04-03 16:42 - 000000000 ____D C:\Users\Mike\AppData\Local\CrashDumps
2020-07-18 18:17 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-18 18:03 - 2020-04-03 16:15 - 000000000 ___RD C:\Users\Mike\OneDrive
2020-07-18 18:03 - 2020-03-21 04:00 - 000000000 ____D C:\ProgramData\NVIDIA
2020-07-18 17:51 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\AppReadiness
2020-07-18 17:26 - 2020-03-21 03:53 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-07-18 13:52 - 2020-03-21 04:04 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2020-07-18 12:06 - 2020-03-21 04:07 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2020-07-18 11:28 - 2019-03-18 23:50 - 000000000 ____D C:\Windows\INF
2020-07-18 07:16 - 2020-03-21 04:13 - 000000000 ____D C:\Program Files\Microsoft Office
2020-07-18 02:00 - 2020-04-13 12:26 - 000000000 ____D C:\Windows\system32\config\regsave
2020-07-17 13:34 - 2020-04-03 16:14 - 000000000 ___RD C:\Users\Mike\3D Objects
2020-07-17 13:34 - 2020-04-03 16:14 - 000000000 ____D C:\Users\Mike\AppData\Local\Packages
2020-07-17 13:34 - 2020-03-21 04:09 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-07-17 13:34 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-16 03:30 - 2020-03-21 04:08 - 000799892 _____ C:\Windows\system32\PerfStringBackup.INI
2020-07-16 03:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\Registration
2020-07-16 03:27 - 2020-04-07 20:26 - 000000000 ___RD C:\Users\shumi\iCloudDrive
2020-07-16 03:26 - 2020-04-17 10:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-07-16 03:26 - 2020-03-25 21:54 - 000000000 ___RD C:\Users\shumi\OneDrive
2020-07-16 03:26 - 2020-03-25 21:52 - 000000000 ___RD C:\Users\shumi\3D Objects
2020-07-16 03:26 - 2020-03-21 03:54 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-07-16 03:26 - 2019-03-18 23:37 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\SystemResources
2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\oobe
2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\bcastdvr
2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\System
2020-07-16 03:25 - 2019-03-18 23:37 - 001572864 _____ C:\Windows\system32\config\BBI
2020-07-15 02:40 - 2019-03-18 23:37 - 000000000 ____D C:\Windows\CbsTemp
2020-07-12 12:31 - 2020-04-13 11:49 - 000000000 ____D C:\Users\Grandkids
2020-07-12 12:31 - 2020-04-03 16:14 - 000000000 ____D C:\Users\Mike
2020-07-12 12:31 - 2020-04-03 14:15 - 000000000 ____D C:\Users\Brenda
2020-07-12 10:55 - 2020-03-25 21:47 - 000000000 ____D C:\Users\shumi
2020-07-12 10:45 - 2020-04-05 21:14 - 000000000 ____D C:\Users\shumi\AppData\Local\NVIDIA
2020-07-12 10:44 - 2020-03-25 22:07 - 000000000 ____D C:\Users\shumi\AppData\Local\CrashDumps
2020-07-11 16:50 - 2020-06-17 08:10 - 000000000 ____D C:\Users\Grandkids\AppData\Local\CrashDumps
2020-07-11 16:50 - 2020-04-03 16:42 - 000000000 ____D C:\Users\Brenda\AppData\Local\CrashDumps
2020-07-11 14:04 - 2020-04-08 09:01 - 000008051 _____ C:\Windows\BRRBCOM.INI
2020-07-11 11:48 - 2020-04-13 11:49 - 000000000 ____D C:\Users\Grandkids\AppData\Local\Packages
2020-07-11 11:47 - 2020-04-13 11:51 - 000000000 ___RD C:\Users\Grandkids\OneDrive
2020-07-08 19:51 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\ServiceState
2020-07-08 19:43 - 2020-04-03 16:16 - 000000000 ____D C:\Users\Mike\AppData\Local\PlaceholderTileLogoFolder
2020-07-08 19:43 - 2020-04-03 16:14 - 000000000 ____D C:\Users\Mike\AppData\Local\Publishers
2020-07-08 19:43 - 2020-04-03 16:14 - 000000000 ____D C:\Users\Mike\AppData\Local\NVIDIA Corporation
2020-07-08 19:38 - 2020-03-21 04:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-07-08 19:38 - 2020-03-21 04:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-07-08 19:38 - 2020-03-21 03:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-07-08 19:36 - 2020-03-25 21:54 - 000000000 ____D C:\Users\shumi\AppData\Local\PlaceholderTileLogoFolder
2020-07-08 19:36 - 2020-03-25 21:52 - 000000000 ____D C:\Users\shumi\AppData\Local\Packages
2020-07-07 04:50 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-07-06 17:40 - 2020-04-17 10:22 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2020-07-05 11:04 - 2020-04-03 14:15 - 000000000 ____D C:\Users\Brenda\AppData\Local\Packages
2020-07-05 11:03 - 2020-04-15 11:04 - 000000000 ___RD C:\Users\Brenda\iCloudDrive
2020-07-05 11:03 - 2020-04-03 14:15 - 000000000 ____D C:\Users\Brenda\AppData\Local\NVIDIA Corporation
2020-07-05 02:25 - 2020-03-21 04:06 - 000000000 ____D C:\Program Files\Common Files\McAfee
2020-07-05 02:23 - 2019-03-18 23:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-07-03 13:08 - 2020-03-21 04:23 - 000000000 ____D C:\ProgramData\Packages
2020-07-03 12:59 - 2020-03-21 04:06 - 000003710 _____ C:\Windows\system32\Tasks\McAfee Remediation (Prepare)
2020-06-29 16:41 - 2019-03-18 23:37 - 000000000 ____D C:\Windows\servicing
2020-06-29 16:25 - 2020-04-13 11:49 - 000000000 ____D C:\Users\Grandkids\AppData\Local\NVIDIA Corporation
2020-06-29 15:24 - 2020-03-21 03:58 - 000000000 ____D C:\ProgramData\Package Cache
2020-06-29 15:16 - 2020-03-25 21:53 - 000000000 ____D C:\Users\shumi\AppData\Local\NVIDIA Corporation
2020-06-26 13:10 - 2020-03-21 03:58 - 000000000 ____D C:\ProgramData\A-Volute
2020-06-26 13:09 - 2020-04-13 15:50 - 000025236 _____ C:\Windows\SysWOW64\PCPELog.txt
2020-06-25 13:23 - 2020-04-13 11:52 - 000000000 ____D C:\Users\Grandkids\AppData\Local\PlaceholderTileLogoFolder
2020-06-23 20:28 - 2020-04-03 14:16 - 000000000 ___RD C:\Users\Brenda\OneDrive
2020-06-23 20:27 - 2020-04-03 14:15 - 000000000 ___RD C:\Users\Brenda\3D Objects
2020-06-23 09:20 - 2020-03-21 04:00 - 001295848 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2020-06-20 15:43 - 2020-03-21 04:28 - 000000000 ____D C:\Windows\Panther
2020-06-19 12:36 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories ========

2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\en_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\es_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000021880 _____ (Schneider Electric) C:\Users\shumi\fr_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000021880 _____ (Schneider Electric) C:\Users\shumi\grm_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\it_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000020344 _____ (Schneider Electric) C:\Users\shumi\jp_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 001079808 _____ (Microsoft Corporation) C:\Users\shumi\mfc80u.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000626688 _____ (Microsoft Corporation) C:\Users\shumi\msvcr80.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 013923704 _____ (Schneider Electric) C:\Users\shumi\PCPE Setup.exe
2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\pt_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000018808 _____ () C:\Users\shumi\ResourceReader.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000020856 _____ (Schneider Electric) C:\Users\shumi\ru_res.dll
2020-06-29 16:36 - 2020-06-29 16:36 - 000019832 _____ (Schneider Electric) C:\Users\shumi\zh_res.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

shumik
2020-07-21, 00:41
This is Addition Reply Logs #1:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by shumi (18-07-2020 18:26:24)
Running from C:\Users\Mike\Desktop
Windows 10 Home Version 1909 18363.959 (X64) (2020-03-26 04:04:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4258859072-2134369477-3650907842-500 - Administrator - Disabled)
Brenda (S-1-5-21-4258859072-2134369477-3650907842-1006 - Limited - Enabled) => C:\Users\Brenda
DefaultAccount (S-1-5-21-4258859072-2134369477-3650907842-503 - Limited - Disabled)
Grandkids (S-1-5-21-4258859072-2134369477-3650907842-1008 - Limited - Enabled) => C:\Users\Grandkids
Guest (S-1-5-21-4258859072-2134369477-3650907842-501 - Limited - Disabled)
Mike (S-1-5-21-4258859072-2134369477-3650907842-1007 - Limited - Enabled) => C:\Users\Mike
shumi (S-1-5-21-4258859072-2134369477-3650907842-1001 - Administrator - Enabled) => C:\Users\shumi
WDAGUtilityAccount (S-1-5-21-4258859072-2134369477-3650907842-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Alienware Command Center Suite (HKLM\...\{8C91E386-C6DD-4387-AD74-415895342AE5}) (Version: 5.2.81.0 - Dell Inc) Hidden
Alienware Command Center Suite (HKLM-x32\...\InstallShield_{8C91E386-C6DD-4387-AD74-415895342AE5}) (Version: 5.2.81.0 - Dell Inc)
Alienware OC Controls (HKLM-x32\...\{dd646d80-7aea-4d5b-8de0-9b525f4e52ca}) (Version: 1.2.50.1227 - Dell Inc)
Alienware OCControls Service Installer (HKLM\...\{0DB99C1B-9D42-42F3-9F8B-A6BF263ED0CC}) (Version: 1.2.50.1227 - DELL Inc) Hidden
BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{4A30C4EE-52AC-4A6B-A898-D484E9FAED63}) (Version: 1.5.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{AA380E53-F930-47A3-BFD6-F8762EB73755}) (Version: 1.0.16.11 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
ControlCenter4 (HKLM-x32\...\{C5744F42-FDC4-4CC2-B4A8-47C9AA9553B4}) (Version: 4.2.435.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{1BAE50D4-5F2A-4E34-BD81-B4555109F7C2}) (Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
Dell Digital Delivery Services (HKLM-x32\...\{2F67D318-DCDC-4D94-9048-37789F3C065B}) (Version: 4.0.51.0 - Dell Inc.)
Dell Mobile Connect Drivers (HKLM\...\{4674F112-9AB7-4701-AEC0-C1FD1FE7CD4E}) (Version: 2.0.8401 - Screenovate Technologies Ltd.)
Dell SupportAssist (HKLM\...\{6D2933E3-DC42-44E5-B80E-DACDD64ADFF5}) (Version: 3.5.0.448 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{1906C253-4035-4CA5-A501-075E691CCEC9}) (Version: 5.0.0.10859 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{96846915-505c-49a2-8aa0-63f90927de87}) (Version: 5.0.0.10859 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{C559D0AB-2D9E-4B59-B2B8-0C2061B3F9BC}) (Version: 5.0.0.10859 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{3a267e2b-0948-4f12-a103-e2ac0461179d}) (Version: 5.0.0.10859 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{70E9F8CC-A23E-4C25-B292-C86C1821587C}) (Version: 3.1.2 - Dell, Inc.)
DeviceDetect (HKLM-x32\...\{F805D16D-AB79-4DC7-A60F-436621995275}) (Version: 1.2.1.0 - Brother Industries Ltd.) Hidden
Dynamic Application Loader Host Interface Service (HKLM\...\{293FF2BA-6A87-4B73-8B63-B0D252C34A8B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EaseUS Todo Backup Free 12.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 12.0 - CHENGDU YIWO Tech Development Co., Ltd)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
iCloud Outlook (HKLM\...\{A8C64C2A-BD34-464F-BA61-A969BA46FC2B}) (Version: 10.9.3.62 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1938.12.0.1317 - Intel Corporation)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R26 - McAfee, LLC)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.123 - McAfee, LLC)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13001.20384 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.64 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft OneDrive (HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720) (HKLM\...\Creative OEM005) (Version: - )
NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
Nuance PaperPort 14 (HKLM-x32\...\{6CC9391F-D441-4D2E-9ECC-1F7084C733ED}) (Version: 14.5.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer SE (HKLM-x32\...\{7BAC9170-359D-4EAD-B6E4-238A14940C11}) (Version: 7.20.3230 - Nuance Communications, Inc.)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Graphics Driver 451.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 451.48 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.42.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.42.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13001.20384 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
PC-FAXReceive (HKLM-x32\...\{DD40894F-7575-4905-90AB-695FD827E358}) (Version: 1.4.24.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{63530B2D-3A34-4D79-A52D-F3EB5D99A7C1}) (Version: 1.1.1.1 - Brother Industries Ltd.) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10505 - Qualcomm)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8734.1 - Realtek Semiconductor Corp.)
RemoteSetup (HKLM-x32\...\{BDD8C463-1183-4A91-9EC8-BF68E4ECA9B6}) (Version: 3.9.2.1 - Brother Industries Ltd.) Hidden
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.67.0 - Safer-Networking Ltd.)
StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
Windows Driver Package - STMicroelectronics (STTub30) USB (04/03/2017 3.0.6.0) (HKLM\...\BFD1FB244691FDF6328C70B79647C9046B65397A) (Version: 04/03/2017 3.0.6.0 - STMicroelectronics)
Yahoo (HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\6689f6b3e158ee57a82cabe9205be9be) (Version: 1.0 - Yahoo)

Packages:
=========
Alienware Command Center -> C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
Alienware Control Center -> C:\Program Files\WindowsApps\DellInc.6066037A8FCF7_1.1.22.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
Alienware FX 02 -> C:\Program Files\WindowsApps\DellInc.AlienwareFX02_1.2.29.0_x64__htrsf667h5kn2 [2020-03-28] (Dell Inc)
Alienware OC Controls -> C:\Program Files\WindowsApps\DellInc.423703F9C7E0E_1.2.38.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
Alienware Sound Center -> C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2020-03-25] (Dell Inc)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.40.0_x64__htrsf667h5kn2 [2020-05-07] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.52.0_x64__htrsf667h5kn2 [2020-05-27] (Dell Inc)
Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.1.9518.0_x64__0vhbc3ng4wbp0 [2020-07-13] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.5.13.0_x64__htrsf667h5kn2 [2020-05-05] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_3.1.99.0_x64__htrsf667h5kn2 [2020-05-25] (Dell Inc)
DellTypeCStatus -> C:\Program Files\WindowsApps\MSWP.DellTypeCStatus_3.1.3920.0_x64__9j0h69dmw0fzc [2020-03-25] (WISTRON CORPORATION) [Startup Task]
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-03-25] (Dropbox Inc.)
eM Client -> C:\Program Files\WindowsApps\eMClient.20054CA46072C_7.2.38682.0_neutral__rq410mg92b554 [2020-04-13] (eM Client)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.2.18.0_x86__nzyj5cx40ttqa [2020-06-06] (Apple Inc.) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_17.9.1008.0_x64__8j3eq9eme6ctt [2020-06-23] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa [2020-05-22] (Apple Inc.) [Startup Task]
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.3163.0_x64__rh07ty8m5nkag [2020-03-21] (Rivet Networks LLC) [Startup Task]
LastPass for Windows Desktop -> C:\Program Files\WindowsApps\LastPass.LastPass_4.4.3.0_x64__qq0fmhteeht3j [2020-07-02] (LastPass)
LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.51.0.0_neutral__qq0fmhteeht3j [2020-07-03] (LastPass)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.39.0_x64__wafk5atnkzcwy [2020-06-06] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.4.22.0_x64__htrsf667h5kn2 [2020-04-15] (Dell Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-23] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.183.0_x64__dt26b99r8h8gj [2020-03-25] (Realtek Semiconductor Corp)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c [2020-06-25] (Skype) [Startup Task]
Snipaste -> C:\Program Files\WindowsApps\45479liulios.17062D84F7C46_2.4.0.0_x64__p7pnf6hceqser [2020-07-03] (Le Liu) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001_Classes\CLSID\{4956AA8B-F7B5-4E91-AACC-5E272CDA771F} -> [iCloud Photos] => D:\shumi\Pictures\iCloud Photos\Photos [2020-06-06 19:08]
CustomCLSID: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001_Classes\CLSID\{60B36EBA-CCE1-42DA-9A67-FF839FCC4C60} -> [iCloud Drive] => C:\Users\shumi\iCloudDrive [2020-04-07 20:26]
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_d270e5eea12c358c\nvshext.dll [2020-06-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-02-27 16:38 - 2009-02-27 16:38 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-01-24 17:38 - 2020-01-24 17:38 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll
2020-04-03 14:58 - 2019-06-28 11:09 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2020-04-03 14:58 - 2019-06-28 11:09 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 005013504 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.423703F9C7E0E_1.2.38.0_x64__htrsf667h5kn2\DellInc.423703F9C7E0E.AWCC.Plugin.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000483328 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AWCC.RPC.Proxy.WinRT.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000178688 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AWCCPlugin.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000021504 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\IInspectableParser.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000316416 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\PM.UI.Controls.dll
2020-03-28 00:29 - 2020-03-28 00:29 - 001629696 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareFX02_1.2.29.0_x64__htrsf667h5kn2\DellInc.AlienwareFX02.AFX.Model.Plugin.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000576000 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\DataSystemWRC.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 001071616 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\DellInc.AlienwareSoundCenter.AFX.Model.Plugin.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 005350912 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\DellInc.AlienwareSoundCenter.AWCC.Plugin.dll
2020-03-21 04:01 - 2020-03-21 04:01 - 000143360 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\Gaming.API.WinRT.HeadsetControl.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000096768 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\JabraManager.dll
2020-03-21 04:01 - 2020-03-21 04:01 - 000035328 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\RPCClient.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000059904 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\SoundCenter.Daemon.Client.dll
2020-04-08 09:01 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\Windows\system32\BrSNMP64.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 001550208 _____ (A-Volute -> ) [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\AGSWRC.dll
2012-12-05 12:29 - 2012-12-05 12:29 - 004883456 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\BCGCBPRO1100u100.dll
2012-12-05 12:29 - 2012-12-05 12:29 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2014-11-13 18:55 - 2014-11-13 18:55 - 000461824 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2010-09-29 17:07 - 2010-09-29 17:07 - 000180224 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2013-10-10 21:55 - 2013-10-10 21:55 - 002040320 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2014-11-12 09:17 - 2014-11-12 09:17 - 000137728 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2014-09-09 09:38 - 2014-09-09 09:38 - 000083968 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2014-09-09 09:38 - 2014-09-09 09:38 - 017974784 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2014-09-09 09:39 - 2014-09-09 09:39 - 000080896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2020-04-08 09:01 - 2013-03-08 15:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 001945600 _____ (Dell Inc) [File not signed] C:\Program Files\WindowsApps\DellInc.6066037A8FCF7_1.1.22.0_x64__htrsf667h5kn2\DellInc.6066037A8FCF7.AFX.Model.Plugin.dll
2019-11-21 00:38 - 2019-11-21 00:38 - 000081920 _____ (Dell Technologies) [File not signed] [File is in use] C:\Program Files\Alienware\Alienware Command Center\OCControl.Rpc.Server.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000031744 _____ (Dell Technologies) [File not signed] C:\Program Files\WindowsApps\DellInc.423703F9C7E0E_1.2.38.0_x64__htrsf667h5kn2\OCControl.Rpc.Client.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 000110080 _____ (Dell Technologies) [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AFXModelPlugin.dll
2020-05-30 00:24 - 2020-05-30 00:24 - 030830592 _____ (Dell Technologies) [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AWCC.dll
2020-04-03 14:58 - 2019-06-28 11:09 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2020-04-08 09:04 - 2013-08-06 12:15 - 000181248 _____ (Nuance Communications, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\nuanoemuires.dll
2020-04-08 09:04 - 2013-08-06 12:15 - 000027648 _____ (Nuance Communications, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\NuanUI.DLL
2020-01-13 09:04 - 2020-01-13 09:04 - 001899008 _____ (SQLite Development Team) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\sqlite3.dll
2020-04-03 14:58 - 2019-10-09 09:05 - 001359872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\LIBEAY32.dll
2020-04-03 14:58 - 2019-10-09 09:05 - 000365056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Mike\Desktop\FRST64.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Mike\Desktop\tweaking.com_registry_backup_setup.exe:SmartScreen [7]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.

IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123simsen.com -> www.123simsen.com

There are 7942 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2020-07-12 12:31 - 000454708 ____R C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15607 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\shumi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win ltblue 1920x1200.jpg
HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win ltblue 1920x1200.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1FA227C9-9915-4999-B203-D19D6BC4F113}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9A5D1CA6-AE4F-4ABB-A15B-308099236299}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4D70D8C2-867C-4AAD-9C0E-9945A9B83B0D}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{BDBB396D-7359-4150-9B63-75664BBF4EE4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{A013FB41-52EB-464C-B188-E6D0B7123EA0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{48E60FEA-41E0-402F-9363-DF432E0B01EC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{EF1938AC-E5CB-4552-8E64-2B9386EB19A9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{47AE8974-C482-44DA-8F4F-6044C056164D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{EC867A7B-4B2A-420B-9AFC-7E52F0ECC47E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{2D0FD69F-A7A6-4F73-9209-6095E098BD53}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{ED4D1C17-5077-409E-A9BB-02887BAA6828}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{D3F1E077-C455-4023-86F3-B0968D44B158}] => (Allow) LPort=54925
FirewallRules: [{480B21CE-58CA-4895-A374-745888FF4DA1}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{9F81E6ED-AF09-43BF-9BA2-051F7C4D86F6}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{8C4C884E-E3B0-4AA7-973D-6AD06C087DE3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{62342597-3B6E-411C-8DBD-A0A24341AC19}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4F7D1D1B-8C69-458B-AC7E-EA0509A0BEDA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7817FE59-2466-45DE-B548-331E7A48FD2C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A9802D92-7427-48D0-A08B-4969E676E504}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{91BDE927-DDB7-40FA-AB17-16CF3E4975F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{621C46C9-CE37-4550-80E8-AA00A2102210}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EDDEB922-77C4-4962-BEED-AF60CA29FDAD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{01FA593F-B31A-48B4-9B96-9A31D79EA8D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8340D560-C8D8-405D-A55E-91CD1EE4BCB9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E990FB8D-631F-4003-8C7D-4F5915D4E7EC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4AE0FA42-8FE6-4932-A3CB-1C053113CD79}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E5C4F85B-0088-41DA-9426-B08ADC628689}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4BAA2239-3DEA-4A8B-91FA-905B07D85EE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{398618A8-DEBD-4385-98D7-37A8DB639598}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8FCBC28B-ECBA-4865-ABB3-2C5154C649E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8062D565-59CF-4C06-9760-DF85AF4B890C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{448A4F41-E7A1-43CC-A92A-5A269E4AA4A5}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.1.9518.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
FirewallRules: [{2AE6DF57-F85B-4958-93C1-CBFC8A29ED29}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.1.9518.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:101.34 GB) (Free:38.28 GB) (38%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/18/2020 06:27:42 PM) (Source: XTUService) (EventID: 0) (User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
at IronCity.Core.Server.CoreServer.Start()
at XtuService.XtuService1.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/18/2020 06:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Exception code: 0xc0000005
Fault offset: 0x000243f0
Faulting process id: 0x34f9c
Faulting application start time: 0x01d65d5b063aa1f9
Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
Report Id: 2c2adc60-6d47-4afe-8c43-627423ab5dbe
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2020 06:27:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Exception code: 0xc0000005
Fault offset: 0x000243f0
Faulting process id: 0x34fa0
Faulting application start time: 0x01d65d5b0342de92
Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
Report Id: 59d05f95-1f33-467e-8308-70c59369aa08
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2020 06:27:29 PM) (Source: XTUService) (EventID: 0) (User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
at IronCity.Core.Server.CoreServer.Start()
at XtuService.XtuService1.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/18/2020 06:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Exception code: 0xc0000005
Fault offset: 0x000243f0
Faulting process id: 0x30cec
Faulting application start time: 0x01d65d5b0046dfca
Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
Report Id: c26b6e72-623a-4d72-ad83-34f057ce0212
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2020 06:27:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Exception code: 0xc0000005
Fault offset: 0x000243f0
Faulting process id: 0x2da30
Faulting application start time: 0x01d65d5afd4b477f
Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
Report Id: 4ad4ed84-96e7-45a3-ac92-9ae7b9a65e0e
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2020 06:27:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
Exception code: 0xc0000005
Fault offset: 0x000243f0
Faulting process id: 0x32054
Faulting application start time: 0x01d65d5afa509d0c
Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
Report Id: ae4c86a9-4cb5-48e7-8c0f-8a0c9d3abeee
Faulting package full name:
Faulting package-relative application ID:

Error: (07/18/2020 06:27:17 PM) (Source: XTUService) (EventID: 0) (User: )
Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
Parameter name: singletonInstance
at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
at IronCity.Core.Server.CoreServer.Start()
at XtuService.XtuService1.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (07/18/2020 01:35:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 3 time(s).

Error: (07/18/2020 12:30:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/18/2020 12:14:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/17/2020 01:36:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Digital Delivery Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (07/17/2020 01:34:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AppX Deployment Service (AppXSVC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/12/2020 12:27:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/12/2020 12:10:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/12/2020 10:43:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:09:02 PM on ‎7/‎11/‎2020 was unexpected.


Windows Defender:
===================================
Date: 2020-05-04 20:15:35.729
Description:
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Security intelligence version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0

CodeIntegrity:
===================================

Date: 2020-07-18 18:24:55.903
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 18:19:53.739
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 18:14:51.494
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 18:09:49.688
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 18:04:46.761
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 17:59:43.872
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 17:54:41.651
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-07-18 17:49:39.125
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.2.1 03/20/2020
Motherboard: Dell Inc. 0DXJD9
Processor: Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz
Percentage of memory in use: 82%
Total physical RAM: 8046.91 MB
Available physical RAM: 1370.94 MB
Total Virtual: 30574.91 MB
Available Virtual: 20379.98 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:101.34 GB) (Free:38.28 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:856.73 GB) NTFS
Drive e: ( My Backups) (Fixed) (Total:5589 GB) (Free:3439.88 GB) NTFS
Drive f: (EASEUSBOOT) (Removable) (Total:28.64 GB) (Free:27.89 GB) FAT32

\\?\Volume{d563a30d-01d7-4124-b9bc-3b031606b3e3}\ (WINRETOOLS) (Fixed) (Total:0.93 GB) (Free:0.34 GB) NTFS
\\?\Volume{c1bd49fd-9eeb-4298-aa1a-3b448f4d5e9d}\ (Image) (Fixed) (Total:15.26 GB) (Free:0.13 GB) NTFS
\\?\Volume{80422f68-d197-4690-9b15-3fe274ccec64}\ (DELLSUPPORT) (Fixed) (Total:1.42 GB) (Free:0.45 GB) NTFS
\\?\Volume{87be7d44-d7e7-4d22-a188-47fb3e14b20b}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7A420BC1)

Partition: GPT.

==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 7A420BB6)

Partition: GPT.

==========================================================
Disk: 2 (Size: 5589 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==========================================================
Disk: 3 (Size: 28.7 GB) (Disk ID: FE429E9F)
Partition 1: (Active) - (Size=28.7 GB) - (Type=0C)

==================== End of Addition.txt =======================

Juliet
2020-07-21, 01:07
OK, looks pretty good actually.

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
Task: {055121b2-0927-4254-af0a-4f668e39e469} - no filepath
Task: {2cb54e1f-62d9-4c14-814c-955ef69c155b} - no filepath
Task: {30bdde01-accc-4d79-8aa1-44749ff27256} - no filepath
Task: {3369d6ed-ba7f-49d1-8833-d3a224675608} - no filepath
Task: {3497e3f2-c9b7-425a-9fec-440c2225f44b} - no filepath
Task: {3c2803c4-858e-4647-bcea-ae4e80f67684} - no filepath
Task: {3d72d2b4-03b7-4849-ab88-a5fff70cf3ca} - no filepath
Task: {5b49af16-6ab4-45fc-9d9d-dcd31eed3710} - no filepath
Task: {5f143149-37b1-49a4-8891-7cd86fc9ae8b} - no filepath
Task: {5f6a4b10-041d-4264-83bb-02eaed7bb197} - no filepath
Task: {81d18dbf-731c-4226-8e85-44bda75e5bc7} - no filepath
Task: {8bc86d5f-5453-4d79-b4f2-dac073199006} - no filepath
Task: {9553b533-d4c8-4a4d-a7a9-beecf3652c25} - no filepath
Task: {964ea2cc-52f0-4e92-957f-8c54d1145996} - no filepath
Task: {9e5834c3-5a31-45d9-8652-74df9bb6aea7} - no filepath
Task: {a687a4ff-47a3-4310-a426-fa53bba6280a} - no filepath
Task: {d0815cd0-a575-4fde-82fb-9a3e8c9b4c24} - no filepath
Task: {d7bc42e8-f1a0-44dd-a2e6-96ed36ff930f} - no filepath
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download and run AdwCleaner

Download AdwCleaner from here (https://downloads.malwarebytes.com/file/adwcleaner) and save it to your desktop.


run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/):

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard

Logs to include with the next post:

Fixlog.txt
AdwCleaner log
Mbam.txt

shumik
2020-07-21, 04:21
Thank you so much for helping me. What do you think was going on with my computer? Malaware? The grandkids play Roblox on it, could that be where it came from? Any insight you can provide is greatly appreciated:)

One other thing I noticed in one of the logs, where "Internet Explorer trusted/restricted" lists some porn sites. Can you tell me what that's from. There shouldn't be anybody accessing porn from this computer.

Here are the logs:


Fix result of Farbar Recovery Scan Tool (x64) Version: 19-07-2020
Ran by shumi (20-07-2020 19:36:01) Run:1
Running from C:\Users\Mike\Desktop
Loaded Profiles: shumi & Brenda & Mike & Grandkids
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Task: {055121b2-0927-4254-af0a-4f668e39e469} - no filepath
Task: {2cb54e1f-62d9-4c14-814c-955ef69c155b} - no filepath
Task: {30bdde01-accc-4d79-8aa1-44749ff27256} - no filepath
Task: {3369d6ed-ba7f-49d1-8833-d3a224675608} - no filepath
Task: {3497e3f2-c9b7-425a-9fec-440c2225f44b} - no filepath
Task: {3c2803c4-858e-4647-bcea-ae4e80f67684} - no filepath
Task: {3d72d2b4-03b7-4849-ab88-a5fff70cf3ca} - no filepath
Task: {5b49af16-6ab4-45fc-9d9d-dcd31eed3710} - no filepath
Task: {5f143149-37b1-49a4-8891-7cd86fc9ae8b} - no filepath
Task: {5f6a4b10-041d-4264-83bb-02eaed7bb197} - no filepath
Task: {81d18dbf-731c-4226-8e85-44bda75e5bc7} - no filepath
Task: {8bc86d5f-5453-4d79-b4f2-dac073199006} - no filepath
Task: {9553b533-d4c8-4a4d-a7a9-beecf3652c25} - no filepath
Task: {964ea2cc-52f0-4e92-957f-8c54d1145996} - no filepath
Task: {9e5834c3-5a31-45d9-8652-74df9bb6aea7} - no filepath
Task: {a687a4ff-47a3-4310-a426-fa53bba6280a} - no filepath
Task: {d0815cd0-a575-4fde-82fb-9a3e8c9b4c24} - no filepath
Task: {d7bc42e8-f1a0-44dd-a2e6-96ed36ff930f} - no filepath
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{055121b2-0927-4254-af0a-4f668e39e469}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2cb54e1f-62d9-4c14-814c-955ef69c155b}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30bdde01-accc-4d79-8aa1-44749ff27256}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3369d6ed-ba7f-49d1-8833-d3a224675608}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3497e3f2-c9b7-425a-9fec-440c2225f44b}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3c2803c4-858e-4647-bcea-ae4e80f67684}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3d72d2b4-03b7-4849-ab88-a5fff70cf3ca}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5b49af16-6ab4-45fc-9d9d-dcd31eed3710}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5f143149-37b1-49a4-8891-7cd86fc9ae8b}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5f6a4b10-041d-4264-83bb-02eaed7bb197}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81d18dbf-731c-4226-8e85-44bda75e5bc7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8bc86d5f-5453-4d79-b4f2-dac073199006}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9553b533-d4c8-4a4d-a7a9-beecf3652c25}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{964ea2cc-52f0-4e92-957f-8c54d1145996}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9e5834c3-5a31-45d9-8652-74df9bb6aea7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{a687a4ff-47a3-4310-a426-fa53bba6280a}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d0815cd0-a575-4fde-82fb-9a3e8c9b4c24}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d7bc42e8-f1a0-44dd-a2e6-96ed36ff930f}" => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\af397ef28e484961ba48646a5d38cf54.db.ses => moved successfully
C:\Windows\Temp\Application_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\AppxErrorReport_5A16D997-5D5F-0005-69FE-175A5F5DD601.txt => moved successfully
Could not move "C:\Windows\Temp\CMcUploader.log" => Scheduled to move on reboot.
C:\Windows\Temp\DESKTOP-AT4C6NI-20200718-1858.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200718-2002.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-0400.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-0717.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1040.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1040a.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1220.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1222.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1224.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1333.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-0618.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-0658.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-0717.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-1336.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-1627.log => moved successfully
C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-1710.log => moved successfully
Could not move "C:\Windows\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
Could not move "C:\Windows\Temp\FXSTIFFDebugLogFile.txt" => Scheduled to move on reboot.
C:\Windows\Temp\mat-debug-2248.log => moved successfully
C:\Windows\Temp\mat-debug-23712.log => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Admin_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppReadiness_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXDeploymentServer_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-AppXPackaging_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Debug_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-SettingSync_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-StateRepository_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-Store_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\Microsoft-Windows-WindowsUpdateClient_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20200718185851FF0).log => moved successfully
C:\Windows\Temp\System_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
C:\Windows\Temp\TBitDefenderUpdaterThread.log => moved successfully
C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully
C:\Windows\Temp\{6B457D7E-C7CC-4F1C-86CD-9A732A356345} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{93A6158E-59C5-4C36-8FC5-19278C7412EA} - OProcSessId.dat => moved successfully
C:\Windows\Temp\{BF8647EA-9769-4D5C-9EE2-F93EDB77DE2B} - OProcSessId.dat => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20155403 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3413162 B
Edge => 3633430 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1124524 B
systemprofile32 => 1124613 B
LocalService => 1416017 B
NetworkService => 1421939 B
shumi => 52163186 B
Brenda => 126690920 B
Mike => 168470198 B
Grandkids => 212668323 B
defaultuser100000.DESKTOP-AT4C6NI.000 => 213299818 B

RecycleBin => 0 B
EmptyTemp: => 778 MB temporary data Removed.

================================

# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build: 06-24-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-20-2020
# Duration: 00:00:40
# OS: Windows 10 Home
# Scanned: 31837
# Detected: 27


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AGENT
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E014A58-DE32-42AD-AB9C-499813346BCA}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E014A58-DE32-42AD-AB9C-499813346BCA}
Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
Preinstalled.DellUpdateforWindows10 Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70E9F8CC-A23E-4C25-B292-C86C1821587C}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build: 06-24-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-20-2020
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 23
# Failed: 4


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AGENT
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E014A58-DE32-42AD-AB9C-499813346BCA}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E014A58-DE32-42AD-AB9C-499813346BCA}
Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
Deleted Preinstalled.DellUpdateforWindows10 Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70E9F8CC-A23E-4C25-B292-C86C1821587C}
Not Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
Not Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5115 octets] - [20/07/2020 19:40:08]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/20/20
Scan Time: 8:01 PM
Log File: b1b54a04-caed-11ea-a64e-a4bb6da79f09.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.979
Update Package Version: 1.0.27127
License: Trial

-System Information-
OS: Windows 10 (Build 18362.959)
CPU: x64
File System: NTFS
User: DESKTOP-AT4C6NI\Mike

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 550104
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Juliet
2020-07-21, 13:46
Internet Explorer trusted/restricted => The scan is showing us that these are the sites that are being blocked and thats a good thing.

What do you think was going on with my computer? Malaware?
As far as seeing something related to malware, that hasn't showed up. I did see a slight lack of maintenance in cleaning out temp files but actually wasn't in bad shape.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let's do an online scan to see if there are any remnants that can be picked up.

ESET Online Scanner

Download ESET Online Scanner (https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner_enu.exe) and save it to your desktop.

Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
When the tool opens, click Get Started.
Read and accept the license agreement.
At the Welcome to ESET Online Scanner window, click Get Started.
Select whether you would like to send anonymous data to ESET.
Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
Click on the Full Scan option.
Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
ESET will now begin scanning your computer. This may take some time.
When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------

How is the computer now?

shumik
2020-07-21, 20:17
The ESET Online Scanner didn't find anything so there is no log to post from that. YAY!!!



As far as seeing something related to malware, that hasn't showed up. I did see a slight lack of maintenance in cleaning out temp files but actually wasn't in bad shape.

I have been running Spybot regularly. I thought that was taking care of temp files?


How is the computer now?

The computer is amazingly fast now. It seems that Dell must have had a bunch of garbage on there. I installed a lot of the Dell utilities because the machine is still under warranty but the scans suggested to quarantine them so I did. I can re-install them if I need them. There are a few more I need to get off of there too. It appears that the machine is running normally now so I want to thank you tremendously for helping me out here but I do have a few more issues to deal with, if you don't mind?

My original problem was the missing .dll files. First, I will try the Microsoft built in file checkers, etc. under command prompt but assuming that doesn't work:

1. How do I get the .dll's back? Is there a safe place to download them from? I tried re-installing Skype but it still has a missing .dll. I really don't want to reconfigure 5 email accounts either as my email client is missing a .dll also.

2.Do you think the Android program for the outdoor movie projector running on my iPhone had anything to do with this?

3.My grandkids love Roblox. Is Roblox a safe site? Is anything coming from there?

4. The Malaware Bytes program is affecting my mouse pointer. Can I remove that program? And what about the other programs you had me download, do I need any/all of them?

5. I'm not a big fan of McAfee but it came with the system. Can I remove it and go with Defender alone? Or, what are the minimum maintenance/security programs a user needs to avoid all of this?

6. Do I need to run Spybot on all users desktops. I normally run it just from my desktop but when I logon to the admin account it will say Spybot hasn't been run in 43 days or something when I just finished running it on the other user logon.

I want to thank you again for taking the time to help not only me but all of the others you have helped and will help in the future. The world is a better place because of people like you. I am forever grateful!

Juliet
2020-07-21, 21:56
I'm going to try and answer all the questions. Some I tried to research because I'm not familiar with the app/program.

The computer is amazingly fast now. It seems that Dell must have had a bunch of garbage on there
Music to my ears.

Google the below.
Is Roblox a safe site
Reason I say this is your going to find the same info I did. You have mixed reviews, some good, some ugly
What I gather is this app is gaming and used along the lines as another social media app, are the children old enough to handle such a deal as this?
Can some of the features be turned off so that others cannot send messages or use voice while they are playing the games?
I think this falls into parental choice.


Do you think the Android program for the outdoor movie projector running on my iPhone had anything to do with this?
I really can't say. Did you start having issues after it was installed? Was it downloaded from a reputable site?(Although safe sites can be hit with malicious scripts)


I tried re-installing Skype
Let's try this to see if you can get all remnants off

Please download and install Revo Uninstaller (http://www.revouninstaller.com/start_freeware_download.html).
or from here https://www.bleepingcomputer.com/download/revo-uninstaller/

Right click Revo Uninstaller and select Run as administrator
From the list of programs double click on the listed program(s), or anything similar, SKYPE to remove it (if it exists)

Click Yes to any warning screen that may appear
If presented with the program uninstall option click Uninstall
If asked to restart now click No
Under Scanning Modes select Advanced then select Scan
On the Found leftover Registry items window click Select All, Delete, then Yes
If prompted click on Next
On the Found leftover files and folders window click on Select all, Delete, Yes, OK on any warning screen, then Finish
Reboot your computer if requested

============================================

Afterwards try a new download and install to see if the errors are still there.


The Malaware Bytes program is affecting my mouse pointer. Can I remove that program? And what about the other programs you had me download, do I need any/all of them?

I'm not a big fan of McAfee but it came with the system. Can I remove it and go with Defender alone? Or, what are the minimum maintenance/security programs a user needs to avoid all of this?

6. Do I need to run Spybot on all users desktops. I normally run it just from my desktop but when I logon to the admin account it will say Spybot hasn't been run in 43 days or something when I just finished running it on the other user logon.

I want to thank you again for taking the time to help not only me but all of the others you have helped and will help in the future. The world is a better place because of people like you. I am forever grateful!

All the tools we downloaded will be removed.

Uninstalling McAfee can certainly be done and Microsoft recommends Windows Defender which comes with the Operating system.

Answers for running Spybot on all user accounts, I'll probably have to refer you over to the help forum because I'm not sure.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

For your email client

eMClient missing DLL libcef
https://forum.emclient.com/t/update-to-7-2-36465-0-errors/61730


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Let's see about running SFC.exe to try and correct missing anythings
https://support.microsoft.com/en-us/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system

Run the System File Checker tool (SFC.exe)
To do this, follow these steps:

Open an elevated command prompt. To do this, do the following as your appropriate:
Show all
Windows 8.1 or Windows 8
Windows 10, Windows 7, or Windows Vista

If you are running Windows 10, Windows 8.1 or Windows 8, first run the inbox Deployment Image Servicing and Management (DISM) tool prior to running the System File Checker. (If you are running Windows 7 or Windows Vista, skip to Step 3.)

Type the following command, and then press Enter. It may take several minutes for the command operation to be completed.
DISM.exe /Online /Cleanup-image /Restorehealth

Important: When you run this command, DISM uses Windows Update to provide the files that are required to fix corruptions. However, if your Windows Update client is already broken, use a running Windows installation as the repair source, or use a Windows side-by-side folder from a network share or from a removable media, such as the Windows DVD, as the source of the files. To do this, run the following command instead:
DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess

Note: Replace the C:\RepairSource\Windows placeholder with the location of your repair source. For more information about using the DISM tool to repair Windows, reference Repair a Windows Image.

At the command prompt, type the following command, and then press ENTER:

sfc /scannow

Command Prompt with administrator rights - sfc /scannow



The sfc /scannow command will scan all protected system files, and replace corrupted files with a cached copy that is located in a compressed folder at %WinDir%\System32\dllcache.
The %WinDir% placeholder represents the Windows operating system folder. For example, C:\Windows.

Note Do not close this Command Prompt window until the verification is 100% complete. The scan results will be shown after this process is finished.

After the process is finished, you may receive one of the following messages:
Windows Resource Protection did not find any integrity violations.


This means that you do not have any missing or corrupted system files.
Windows Resource Protection could not perform the requested operation.


To resolve this problem, perform the System File Checker scan in safe mode, and make sure that the PendingDeletes and PendingRenames folders exist under %WinDir%\WinSxS\Temp.
Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.

shumik
2020-07-22, 06:09
Juliet, the System File Check did the trick. When Spybot quarantined the infected files is when the trouble started. I noticed in the sfc logs that the files that sfc repaired were mainly the same ones that Spybot moved to quarantine, actually I'm the one that moved them :sad:. Now it all makes sense. I'm not sure what I should do if this happens again in Spybot, I'll just have to educate myself on the ins and outs of Spybot and decide what I should do with the infected files. Thanks to you though, I'm pretty sure I can take care of it myself, if there is a next time. So all in all I have the fast computer I thought I was getting and I got rid of a bunch of junk and bloatware in the process. Plus, I learned about some great free programs. So if you don't have anything else for me then I'm going to sign off and again,


THANK YOU, THANK YOU, THANK YOU!!!:thanks:

Juliet
2020-07-22, 14:21
THANK YOU, THANK YOU, THANK YOU!
Your welcome!

From here we will remove tools and quarantine folders

Use this tool to remove quarantined items:

Please download KpRm (https://toolslib.net/downloads/viewdownload/951-kprm) by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.


Vista/Windows 7/8/10 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).

Put a check mark next to these items:

-Actions => Delete tools

Delete quarantines => Delete now

Click the "Run" button.
When the tool has finished, it will create and open a log report and delete itself.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.


For those interested in how to make a backup of your computer
https://forums.malwarebytes.com/topic/136226-backup-software/

shumik
2020-07-22, 21:41
Lots of good references. I’m going to bookmark this thread so I will have a handy guide to use. Thanks again Juliet, you have been awesome.

Juliet
2020-07-23, 01:26
Thank you

Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.