Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Premium Search Trojan

  1. #1
    Junior Member
    Join Date
    Jul 2020
    Posts
    11

    Default Premium Search Trojan

    Hello, I got infected with Premium Search and I was able to remove most of it with Spybot. Now I am having trouble with certain apps that won't load due to missing .dll files. Here are the ones I know about:

    Skype: missing - HID.DLL
    eMClient: missing DLL libcef

    I'm not sure what else may be going on but this computer is only a few months old and just seems to be acting weird! I have backups on an external drive that I could go back to if I must but there is an issue with that too. Dell has 6 partitions on my C: drive and 4 of them don't have drive letters and my backup program didn't like that so I haven't been backing up those partitions. Since I don't know what is on those partitions I'm hesitant to do a restore at this point in time. I'm using EaseUS Todo free version. But here is where I'm at right now.

    Following the instructions on "Before you post" I backed up my registry, got the Farbar logs, and downloaded aswMBR. But twice now while attempting to run the aswmbr tool, when I click "Yes" at the prompt "The computer supports "Virtualization Technology" it shows the Microsoft reporting tool screen and does a restart. I'm afraid to try it a 3rd time because after the 2nd time all I had was a black screen and I had to do a manual restart. I don't know where to go from here. Can someone help me? Thank you.

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Don't worry about trying to run aswMBR again, my opinion is it's not compatible with your machine.

    When trying to find some information about the name you have Trojan Premium Search, I think it says linked to android, such as a phone?
    If you have tethered these two together or downloaded an app for your phone, find and delete that app.

    I need to see the two logs created from Farbar Recovery tool
    FRST.txt & Addition.txt should be on your Desktop. Copy the contents of both logs and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Jul 2020
    Posts
    11

    Default

    Quote Originally Posted by Juliet View Post
    Don't worry about trying to run aswMBR again, my opinion is it's not compatible with your machine.

    When trying to find some information about the name you have Trojan Premium Search, I think it says linked to android, such as a phone?
    If you have tethered these two together or downloaded an app for your phone, find and delete that app.

    I need to see the two logs created from Farbar Recovery tool
    FRST.txt & Addition.txt should be on your Desktop. Copy the contents of both logs and paste in your next reply.
    Hi Juliet and thank you for helping me.

    As far as the android goes, the only thing that I can think of is an outdoor movie projector running android 7.1. I downloaded the phone app named "Nebula Connect" to my iPhone. Everything else in the house is iOS. I will delete that app for now but I need it to run the projector so I might need to re-install it later, if that's ok? Here are the files:

    FRST_Addition.zip.zip

  4. #4
    Junior Member
    Join Date
    Jul 2020
    Posts
    11

    Default

    Juliet, I was just looking at my routers previously connected devices and I saw what called "SmartInn Android Device Phone". I think it is related to the outdoor projector but I went ahead and blocked it anyways.

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    If I'm right, even older items can still be found to have had access to your router....they might have been added to the rubbish bin a long time ago.

    You zipped files, I can't use those.
    If you can, please open the files, copy and paste in your next reply. If they are to large to fit in in one post, make multiple posts please.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Jul 2020
    Posts
    11

    Default

    I'm sorry Juliet, I saw that .zip was an acceptable format so I used it. This is FRST Reply Logs #1:


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
    Ran by shumi (administrator) on DESKTOP-AT4C6NI (Dell Inc. G5 5090) (18-07-2020 18:25:37)
    Running from C:\Users\Mike\Desktop
    Loaded Profiles: shumi & Mike
    Platform: Windows 10 Home Version 1909 18363.959 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
    (A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
    (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
    (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
    (Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Background.Server.exe
    (Dell Inc -> Dell Technologies) C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe
    (Dell Inc) C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AWCC.exe
    (Dell Inc) C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\GameLibrary\GameLibraryAppService.exe
    (Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
    (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe <3>
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
    (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
    (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.6.124.0\McCSPServiceHost.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_4\mcapexe.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
    (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\Mike\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12007.1001.2.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBar.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBarFT.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.) C:\Windows\OEM05Mon.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
    (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
    (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_d270e5eea12c358c\Display.NvContainer\NVDisplay.Container.exe <2>
    (PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1428\DSAPI.exe
    (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
    (Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
    (Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
    (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
    (Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
    (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe
    (Rivet Networks LLC -> Rivet Networks, LLC.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [881440 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
    HKLM\...\Run: [DellMobileConnectWelcome] => C:\Program Files\Dell\DellMobileConnectDrivers\DellMobileConnectWelcome.exe [345848 2019-06-20] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
    HKLM-x32\...\Run: [OEM05Mon.exe] => C:\Windows\OEM05Mon.exe [36864 2007-05-09] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-11-12] (Brother Industries, Ltd.) [File not signed]
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4517376 2014-11-11] (Brother Industries, Ltd.) [File not signed]
    HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.) [File not signed]
    HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [35648 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [17600 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [7388304 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end (the data entry has 94 more characters).
    HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [151552 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {055121b2-0927-4254-af0a-4f668e39e469} - no filepath
    Task: {1AAAC944-980E-473F-8523-1A0FC55D45E9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {1DB15D2E-B453-4B9E-8FDC-23E810D8642B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {2cb54e1f-62d9-4c14-814c-955ef69c155b} - no filepath
    Task: {2EB0846B-4CD0-4887-8831-95F49B3B9C08} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {30bdde01-accc-4d79-8aa1-44749ff27256} - no filepath
    Task: {3369d6ed-ba7f-49d1-8833-d3a224675608} - no filepath
    Task: {3497e3f2-c9b7-425a-9fec-440c2225f44b} - no filepath
    Task: {385D36D3-3AD7-4387-8977-4142A596D556} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {3993BE6A-2743-412C-B729-C32EAD59D2E0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {3c2803c4-858e-4647-bcea-ae4e80f67684} - no filepath
    Task: {3d72d2b4-03b7-4849-ab88-a5fff70cf3ca} - no filepath
    Task: {3F1405DA-0745-4CFA-B413-F2F495732CE0} - System32\Tasks\NahimicTask64 => C:\Windows\system32\.\NahimicSvc64.exe [1057016 2019-06-18] (A-Volute -> Nahimic)
    Task: {418c504c-83ed-4d71-969e-028375ff1e54} - no filepath
    Task: {466899a2-6185-4d64-8104-d216ee4a894f} - no filepath
    Task: {48EE3882-DA3C-44BF-BB45-A25F97D4D20D} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4185384 2020-05-15] (McAfee, LLC -> McAfee, LLC)
    Task: {4eab12b2-4683-4f9c-bde8-2392a04f3864} - no filepath
    Task: {4F340B10-30AF-4FE1-9EE3-6E5251C1A72E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7337200 2020-03-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {4FDD7CBC-2645-447D-AE36-0E9D1EAE4550} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1850776 2020-07-18] (Microsoft Corporation -> Microsoft Corporation)
    Task: {5b49af16-6ab4-45fc-9d9d-dcd31eed3710} - no filepath
    Task: {5f143149-37b1-49a4-8891-7cd86fc9ae8b} - no filepath
    Task: {5f6a4b10-041d-4264-83bb-02eaed7bb197} - no filepath
    Task: {5FF006AF-4159-4149-A664-6B8E9EA53BD9} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {6192232A-F830-4F31-81DD-B19301E955AE} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {64253CA3-F8B8-4974-9130-1B2CB53BC978} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4592776 2020-05-15] (McAfee, LLC -> McAfee, LLC)
    "C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
    Task: {69CCE445-F916-4131-88B0-2845873E702B} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1075528 2020-05-14] (McAfee, LLC -> McAfee, LLC)
    Task: {71696419-4242-4FC3-9F34-CC8D3773A445} - System32\Tasks\NahimicTask32 => C:\Windows\system32\..\SysWOW64\NahimicSvc32.exe [787696 2019-06-18] (A-Volute -> Nahimic)
    Task: {7CF3EFE3-768D-493A-B673-15E544A10E90} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {81d18dbf-731c-4226-8e85-44bda75e5bc7} - no filepath
    Task: {872639B6-9AF3-4EDE-9F67-95202D1D5C40} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {88705944-A5C0-4D71-B4B1-EAC80CBDCC59} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23815032 2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
    Task: {8BBC14B8-74FE-48CE-97DE-8C52B69F89B4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [764640 2020-06-08] (McAfee, LLC -> McAfee, LLC)
    Task: {8bc86d5f-5453-4d79-b4f2-dac073199006} - no filepath
    Task: {8E014A58-DE32-42AD-AB9C-499813346BCA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1553880 2020-05-03] (Dell Inc. -> Dell Inc.)
    Task: {8F32BDA6-7819-48C6-8840-73E912D1F49E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1075528 2020-05-14] (McAfee, LLC -> McAfee, LLC)
    Task: {92BE591D-26ED-493D-A459-9127F1040AE1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23815032 2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
    Task: {9553b533-d4c8-4a4d-a7a9-beecf3652c25} - no filepath
    Task: {964ea2cc-52f0-4e92-957f-8c54d1145996} - no filepath
    Task: {9e5834c3-5a31-45d9-8652-74df9bb6aea7} - no filepath
    Task: {A1D9C246-3D7D-4355-818E-78406D29D57C} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe [1057016 2019-06-18] (A-Volute -> Nahimic)
    Task: {a687a4ff-47a3-4310-a426-fa53bba6280a} - no filepath
    Task: {AD7D15C5-D95E-4868-999C-6B5180C26D39} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [787696 2019-06-18] (A-Volute -> Nahimic)
    Task: {BBBD58FE-B34B-4FC1-8103-592C128E5CB4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6166736 2020-03-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {BE88915C-2E57-4B46-B71A-DC0BF34F0AF3} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.9.577\mcdatrep.exe [1826656 2020-03-28] (McAfee, Inc. -> McAfee, LLC.)
    Task: {d0815cd0-a575-4fde-82fb-9a3e8c9b4c24} - no filepath
    Task: {d7bc42e8-f1a0-44dd-a2e6-96ed36ff930f} - no filepath
    Task: {E1074DC0-A698-4A19-9566-62E5CE6DF870} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [170856 2020-07-18] (Microsoft Corporation -> Microsoft Corporation)
    Task: {e8c27b85-79f2-4f76-99e2-433d872ae0cf} - no filepath
    Task: {ECDAA5FD-EDBF-4097-8AD0-35377637E1FA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
    Task: {EF7E138F-4FB5-4B9E-AE85-FA6129B91238} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [170856 2020-07-18] (Microsoft Corporation -> Microsoft Corporation)
    Task: {FE418BE1-B272-4D93-8246-26D35BA8FA89} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{6772d706-e188-4efa-8c4e-cf8cfea44e65}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
    HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE
    HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
    HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=DCTE
    BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-07-16] (McAfee, LLC -> McAfee, LLC)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-04-02] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation -> Zeon Corporation)
    BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-07-16] (McAfee, LLC -> McAfee, LLC)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)

    Edge:
    ======
    DownloadDir: D:\shumi\Downloads
    Edge HomeButtonPage: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001 -> hxxp://yahoo.com/
    Edge HomeButtonPage: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007 -> hxxps://www.yahoo.com/
    Edge Extension: (No Name) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.50.1.0_neutral__qq0fmhteeht3j [not found]
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\shumi\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-18]
    Edge DownloadDir: D:\shumi\Downloads
    Edge HomePage: Default -> hxxp://yahoo.com/
    Edge StartupUrls: Default -> "hxxps://www.yahoo.com/"

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-07-16] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
    FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2020-07-05] [Legacy] [not signed]
    FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-06-08] (McAfee, LLC -> )
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-04-02] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-06-08] (McAfee, LLC -> )
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-04-02] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation -> Zeon Corporation)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AWCCService; C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe [15424 2020-03-26] (Dell Inc -> Dell Technologies)
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [289792 2014-10-23] (Brother Industries, Ltd.) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10574712 2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
    R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [248376 2020-01-22] (Dell Technologies Inc. -> Dell Technologies Inc.)
    S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3359288 2020-01-22] (Dell Technologies Inc. -> Dell Technologies Inc.)
    R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [271416 2020-01-22] (Dell Technologies Inc. -> Dell Technologies Inc.)
    R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [38096 2020-01-24] (Dell Inc -> )
    R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1428\DSAPI.exe [965104 2020-05-05] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
    R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [308424 2019-09-25] (Dell Inc -> Dell Inc.)
    R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36544 2020-04-17] (Dell Inc -> )
    R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [40104 2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [1731592 2019-10-22] (Rivet Networks LLC -> Rivet Networks)
    R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2649608 2019-10-22] (Rivet Networks LLC -> Rivet Networks)
    R3 Killer Wifi Optimization Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [73720 2019-10-22] (Rivet Networks LLC -> Rivet Networks, LLC.)
    R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [946256 2020-07-16] (McAfee, LLC -> McAfee, LLC)
    R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_4\McApExe.exe [768256 2020-06-08] (McAfee, LLC -> McAfee, LLC)
    S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [460704 2019-08-14] (McAfee, LLC. -> McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.6.124.0\\McCSPServiceHost.exe [2726312 2020-05-28] (McAfee, LLC -> McAfee, LLC)
    S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-03-27] (McAfee, Inc. -> McAfee, LLC)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-03-27] (McAfee, Inc. -> McAfee, LLC)
    R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-03-27] (McAfee, Inc. -> McAfee, LLC)
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1742272 2020-05-15] (McAfee, LLC -> McAfee, LLC)
    R2 NahimicService; C:\Windows\system32\NahimicService.exe [1305840 2019-06-18] (A-Volute -> Nahimic)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77336 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4212808 2020-05-26] (McAfee, LLC -> McAfee, LLC)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892080 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4741680 2020-03-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38360 2020-05-03] (Dell Inc. -> Dell Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
    S2 xTendSoftAPService; C:\Windows\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [73728 2019-10-22] (Rivet Networks LLC -> Rivet Networks, LLC.)
    R2 xTendUtilityService; C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [73736 2019-10-22] (Rivet Networks LLC -> Rivet Networks, LLC.)
    S3 XTU3SERVICE; C:\Windows\SysWOW64\XtuService.exe [79960 2019-08-08] (Intel Corporation -> Intel(R) Corporation)
    R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_d270e5eea12c358c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_d270e5eea12c358c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
    R3 AWCCDriver; C:\Windows\System32\drivers\AWCCDriver.sys [42440 2020-03-21] (IndiLogic LLC -> Dell Inc.)
    S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-03-21] (Microsoft Corporation) [File not signed]
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75704 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
    R3 CyUcmClient_Device; C:\Windows\System32\drivers\CyUcmClient.sys [165224 2019-05-21] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
    R3 DBUtilDrv2; C:\Windows\System32\drivers\DBUtilDrv2.sys [24952 2020-05-25] (Microsoft Windows Hardware Compatibility Publisher -> )
    R4 DBUtil_2_3; C:\Windows\TEMP\DBUtil_2_3.Sys [14840 2020-07-17] (Dell Inc. -> )
    R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [35704 2020-01-03] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
    R3 e2kw10x64; C:\Windows\System32\drivers\e2kw10x64.sys [1168168 2019-07-09] (Realtek Semiconductor Corp. -> Realtek)
    R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [73448 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
    R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [53504 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> )
    R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [22784 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
    R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [341760 2019-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.)
    R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [179336 2019-10-22] (Rivet Networks LLC -> Rivet Networks, LLC.)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [528824 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [382392 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85928 2020-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [521648 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [1000880 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [595592 2020-05-01] (McAfee, Inc. -> McAfee LLC.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108168 2020-05-01] (McAfee, Inc. -> McAfee LLC.)
    R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116664 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252336 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
    R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_d270e5eea12c358c\nvlddmkm.sys [24671128 2020-06-22] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 NvModuleTracker; C:\Windows\System32\drivers\NvModuleTracker.sys [50592 2020-03-04] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [67456 2020-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
    R3 OEM05Afx; C:\Windows\system32\Drivers\OEM05Afx.sys [212864 2007-06-08] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
    R3 OEM05Vfx; C:\Windows\system32\DRIVERS\OEM05Vfx.sys [12288 2007-03-05] (Microsoft Windows Hardware Compatibility Publisher -> EyePower Games Pte. Ltd.)
    R3 OEM05Vid; C:\Windows\system32\DRIVERS\OEM05Vid.sys [266720 2007-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
    R3 ScrHIDDriver2; C:\Windows\System32\drivers\ScrHIDDriver2.sys [68576 2019-06-13] (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
    S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
    R3 UcmCxUcsiNvppc; C:\Windows\System32\DriverStore\FileRepository\nvppc.inf_amd64_0f22333f160a8f42\UcmCxUcsiNvppc.sys [774856 2020-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
    R3 XTUComponent; C:\Windows\System32\drivers\iocbios2.sys [47520 2019-08-08] (Intel Corporation -> Intel Corporation)

    ==================== NetSvcs (Whitelisted) ===================

  7. #7
    Junior Member
    Join Date
    Jul 2020
    Posts
    11

    Default

    This is FRST Reply Logs #2:



    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-07-18 18:25 - 2020-07-18 18:26 - 000037257 _____ C:\Users\Mike\Desktop\FRST.txt
    2020-07-18 18:24 - 2020-07-18 18:25 - 000000000 ____D C:\FRST
    2020-07-18 18:18 - 2020-07-18 18:19 - 002292736 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
    2020-07-18 18:16 - 2020-07-18 18:16 - 000000207 _____ C:\Windows\tweaking.com-regbackup-DESKTOP-AT4C6NI-Windows-10-Home-(64-bit).dat
    2020-07-18 18:16 - 2020-07-18 18:16 - 000000000 ____D C:\RegBackup
    2020-07-18 18:15 - 2020-07-18 18:15 - 000002334 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2020-07-18 18:15 - 2020-07-18 18:15 - 000002334 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
    2020-07-18 18:15 - 2020-07-18 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2020-07-18 18:15 - 2020-07-18 18:15 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2020-07-18 18:14 - 2020-07-18 18:15 - 000018118 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2020-07-18 18:11 - 2020-07-18 18:11 - 005766144 _____ (Tweaking.com) C:\Users\Mike\Desktop\tweaking.com_registry_backup_setup.exe
    2020-07-18 18:05 - 2020-07-18 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2020-07-18 02:00 - 2020-07-18 02:00 - 000415744 ___SH C:\EUMONBMP.SYS
    2020-07-18 02:00 - 2020-07-18 02:00 - 000004096 ___SH C:\{F7181FB4-250E-4F20-B27A-089E694454BE}.CBM
    2020-07-17 13:34 - 2020-07-17 13:34 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4258859072-2134369477-3650907842-1007
    2020-07-17 13:34 - 2020-07-17 13:34 - 000003112 _____ C:\Windows\system32\Tasks\NahimicTask32
    2020-07-17 13:34 - 2020-07-17 13:34 - 000003092 _____ C:\Windows\system32\Tasks\NahimicTask64
    2020-07-17 13:34 - 2020-07-17 13:34 - 000002366 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-07-15 10:44 - 2020-07-15 10:44 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4258859072-2134369477-3650907842-1001
    2020-07-15 10:44 - 2020-07-15 10:44 - 000002369 _____ C:\Users\shumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-07-15 02:38 - 2020-07-15 02:38 - 025902592 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 025444352 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 022641664 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 019851776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 019812864 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 018031104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 017792512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 014820352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 009931576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 008015872 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 007917408 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 007850288 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 007823912 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 007604584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 007297536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 007269376 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 007268640 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 007012864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 006523856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 006437376 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 006292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 006233080 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 006169088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 006089512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 005946368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 005765648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 005111808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 005099384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 004625192 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 004565264 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 004129424 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 004014592 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Service.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 003974368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 003800576 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 003748352 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 003743048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 003727360 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
    2020-07-15 02:38 - 2020-07-15 02:38 - 003712000 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 003084800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
    2020-07-15 02:38 - 2020-07-15 02:38 - 002768984 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002737664 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002716672 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
    2020-07-15 02:38 - 2020-07-15 02:38 - 002576896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002552120 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002505496 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002494744 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002467840 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002448712 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002357248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Perception.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002285056 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.3D.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002264064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002237096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002161664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002087168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002074112 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\cdprt.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001991592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001952880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001946144 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001918464 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001885184 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001877504 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001827328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001821696 _____ (Microsoft Corporation) C:\Windows\system32\CoreShell.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001787392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001764336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001745728 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001743680 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001737728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001723392 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001697792 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001665728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001658368 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001656904 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001655472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001654304 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001640448 _____ (Microsoft Corporation) C:\Windows\system32\TaskFlowDataEngine.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001612800 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001610240 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001604608 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001581568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Perception.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001550336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001540608 _____ (Microsoft Corporation) C:\Windows\system32\WindowManagement.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001512960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdprt.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001500160 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001486848 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 001484384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001477632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001463808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001458688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001420328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001397568 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 001392128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.FaceAnalysis.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001385696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001374208 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001371136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001357824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001346048 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001337856 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001335296 _____ (Microsoft Corporation) C:\Windows\system32\MiracastReceiver.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001307136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001290192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001284608 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001284608 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001271296 _____ (Microsoft Corporation) C:\Windows\system32\SEMgrSvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001265152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001247232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001223168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001195008 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001183744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001159168 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001151816 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001151304 _____ (Microsoft Corporation) C:\Windows\system32\InputHost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001149712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 001125376 _____ (Microsoft Corporation) C:\Windows\system32\CBDHSvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001121792 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001100800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001086776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Services.TargetedContent.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001081344 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001077048 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001059840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001055232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001048992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001028336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Perception.Stub.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001014784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001009152 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001008960 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 001007616 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000995840 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000967680 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000958608 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000950272 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000949760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Ocr.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000945176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000931840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000922624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Service.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000919880 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000917504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000913408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000912896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MiracastReceiver.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000904192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000899584 _____ (Microsoft Corporation) C:\Windows\system32\MdmDiagnostics.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000898048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000895600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000892928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000891392 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000889416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000882184 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000882176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000875008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000867840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000865280 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000848384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000844096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000827904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Import.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000822200 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000821232 _____ (Microsoft Corporation) C:\Windows\system32\windows.applicationmodel.datatransfer.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000814080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000809984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Input.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000797448 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000793320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputHost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000783488 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000779080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000778872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000750592 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000750080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000742712 _____ (Microsoft Corporation) C:\Windows\system32\LicensingWinRT.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000737792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Launcher.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\windows.immersiveshell.serviceprovider.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000727040 _____ (Microsoft Corporation) C:\Windows\system32\agentactivationruntime.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000722072 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000716288 _____ (Microsoft Corporation) C:\Windows\system32\agentactivationruntimewindows.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000695208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\LockController.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000689664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Ocr.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000685384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000684864 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000678720 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000673448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000656696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
    2020-07-15 02:38 - 2020-07-15 02:38 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000651264 _____ (Microsoft Corporation) C:\Windows\system32\DevicesFlowBroker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000639488 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000638464 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000630784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.AllJoyn.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000628416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000628024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicensingWinRT.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000624640 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000616960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.LowLevel.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000614912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000614912 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000608256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.Phone.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000605896 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000602112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Payments.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000600064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000596992 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000594992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Perception.Stub.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000593408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000584704 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000582056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.applicationmodel.datatransfer.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000570368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Import.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000565248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.Input.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2020-07-15 02:38 - 2020-07-15 02:38 - 000549048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000544256 _____ (Microsoft Corporation) C:\Windows\system32\usosvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000542288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000540672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000538664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000526848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000524784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Enumeration.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000522240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Launcher.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000521728 _____ (Microsoft Corporation) C:\Windows\system32\WinBioDataModel.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000518656 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000518464 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000513024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000513024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Activities.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Desktop.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000502784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFiDirect.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000495616 _____ (Microsoft Corporation) C:\Windows\system32\RTMediaFrame.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000490496 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000484352 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000478296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountWAMExtension.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\Geolocation.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000467960 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000467456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Picker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000467456 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000466432 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000461112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000458240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.ConversationalAgent.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000453944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000442096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000434176 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountExtension.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000432128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Midi.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000432128 _____ (Microsoft Corporation) C:\Windows\system32\WalletService.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000430592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000419328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000419328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.NetworkOperators.ESim.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000416768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000416768 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000412672 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000411640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000410112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.Phone.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000406992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000406992 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000405944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Payments.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000399672 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DataModel.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000397824 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Lights.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000395264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Preview.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000392504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000388096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000381152 _____ (Microsoft Corporation) C:\Windows\system32\CredentialEnrollmentManager.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000380224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000375296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Diagnostics.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000374272 _____ (Microsoft Corporation) C:\Windows\system32\PickerPlatform.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Geolocation.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000361472 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000361472 _____ (Microsoft Corporation) C:\Windows\system32\QuickActionsDataModel.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\wpnclient.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RTMediaFrame.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000352256 _____ (Microsoft Corporation) C:\Windows\system32\APHostService.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000345560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000340328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000338944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Picker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000335360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountWAMExtension.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000334336 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Cortana.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000328192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\windows.internal.shellcommon.shareexperience.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
    2020-07-15 02:38 - 2020-07-15 02:38 - 000317440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Midi.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000311608 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostBroker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000311440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Devices.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\TDLMigration.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000293888 _____ (Microsoft Corporation) C:\Windows\system32\CXHProvisioningServer.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnclient.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000292864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Diagnostics.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000290304 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000287744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.Preview.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicCapsule.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000283648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.ESim.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000283136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.AppDefaults.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Lights.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000274432 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Identity.Provider.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PickerPlatform.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000268552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000266552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemSettings.DataModel.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000265728 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\bthprops.cpl
    2020-07-15 02:38 - 2020-07-15 02:38 - 000260288 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000256000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConsoleLogon.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\PasswordEnrollmentManager.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000247864 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000242688 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManagerClient.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\dialclient.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000239928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Workplace.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.CapturePicker.Desktop.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\HoloShellRuntime.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000224768 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
    2020-07-15 02:38 - 2020-07-15 02:38 - 000220992 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000220672 _____ (Microsoft Corporation) C:\Windows\system32\MtcModel.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000219136 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
    2020-07-15 02:38 - 2020-07-15 02:38 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Core.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\PeopleBand.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\DiagSvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000211256 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\ErrorDetails.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000206336 _____ (Microsoft Corporation) C:\Windows\system32\useractivitybroker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000204608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
    2020-07-15 02:38 - 2020-07-15 02:38 - 000200704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Internal.Input.ExpressiveInput.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000199496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000196096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000195584 _____ (Microsoft Corporation) C:\Windows\system32\AarSvc.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000193600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\weretw.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000190056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000188928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000188928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
    2020-07-15 02:38 - 2020-07-15 02:38 - 000186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000183808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Energy.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\dialserver.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Clipboard.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000179512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2020-07-15 02:38 - 2020-07-15 02:38 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\PrintWorkflowService.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\AppExtension.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000178688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Graphics.Display.DisplayEnhancementManagement.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000176952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Management.Workplace.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HoloShellRuntime.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dialclient.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.CapturePicker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000165840 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000165376 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000162816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ErrorDetails.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\PrintWSDAHost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\useractivitybroker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SerialCommunication.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000150336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000147968 _____ (Microsoft Corporation) C:\Windows\system32\Family.Client.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000146232 _____ (Microsoft Corporation) C:\Windows\system32\ResourcePolicyServer.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintWorkflowService.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Energy.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Graphics.Display.DisplayEnhancementManagement.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppExtension.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Storage.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000132408 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairingExperienceMEM.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\CredDialogBroker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000130560 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\CameraCaptureUI.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\CaptureService.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000127064 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintWSDAHost.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000118272 _____ (Microsoft Corporation) C:\Windows\system32\EaseOfAccessDialog.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000110040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\Family.Authentication.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\DiagnosticInvoker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CameraCaptureUI.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EaseOfAccessDialog.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000093184 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Graphics.Display.DisplayColorManagement.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\keyiso.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000089328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicAgent.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000086272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\SystemUWPLauncher.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkInternalPS.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Print.Workflow.Source.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000076952 _____ (Microsoft Corporation) C:\Windows\system32\CredentialEnrollmentManagerForUser.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DiagnosticInvoker.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000071168 _____ (Microsoft Corporation) C:\Windows\system32\MiracastReceiverExt.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000070248 _____ (Microsoft Corporation) C:\Windows\system32\ResourcePolicyClient.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\udhisapi.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\keyiso.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Graphics.Display.DisplayColorManagement.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemUWPLauncher.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iemigplugin.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Print.Workflow.Source.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\AxInstUI.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\udhisapi.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MiracastReceiverExt.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000052152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ResourcePolicyClient.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\npmproxy.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\upnpcont.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000040248 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkPS.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\UIMgrBroker.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
    2020-07-15 02:38 - 2020-07-15 02:38 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerClient.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\nlmproxy.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicPS.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\PrintWorkflowProxy.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\CSystemEventsBrokerClient.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SystemEventsBrokerClient.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\nlmsprep.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintWorkflowProxy.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.Workflow.Native.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\UIManagerBrokerps.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.Workflow.Native.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
    2020-07-15 02:38 - 2020-07-15 02:38 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
    2020-07-15 02:34 - 2020-06-29 23:32 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2020-07-15 02:34 - 2020-06-29 23:26 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2020-07-12 12:31 - 2020-06-29 16:05 - 000454708 ____R C:\Windows\system32\Drivers\etc\hosts.20200712-123102.backup
    2020-07-08 19:52 - 2020-07-08 19:52 - 000000000 ____D C:\Users\Mike\Apple
    2020-07-08 19:50 - 2020-07-08 19:50 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2020-07-08 19:38 - 2020-07-08 19:38 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2020-07-08 19:38 - 2020-07-08 19:38 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2020-07-08 19:38 - 2020-07-08 19:38 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2020-07-08 19:38 - 2020-07-08 19:38 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2020-07-08 19:38 - 2020-07-08 19:38 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2020-07-08 19:38 - 2020-07-08 19:38 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2020-07-08 19:38 - 2020-07-08 19:38 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2020-07-08 19:38 - 2020-07-08 19:38 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2020-07-08 19:38 - 2020-07-08 19:38 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2020-07-08 19:38 - 2020-07-08 19:38 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2020-07-08 19:38 - 2020-06-23 09:20 - 002754024 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2020-07-08 19:38 - 2020-06-23 09:20 - 002122216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2020-07-08 19:38 - 2020-03-04 07:54 - 001804784 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
    2020-07-08 19:38 - 2020-03-04 07:54 - 000050592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
    2020-07-05 11:03 - 2020-07-05 11:03 - 000000000 ____D C:\Users\Brenda\AppData\Local\NVIDIA
    2020-07-05 02:24 - 2020-07-05 02:24 - 000003316 _____ C:\Windows\system32\Tasks\McAfeeLogon
    2020-07-05 02:23 - 2020-04-09 15:15 - 000528824 _____ (McAfee, LLC) C:\Windows\system32\Drivers\mfeaack.sys
    2020-07-05 02:23 - 2020-04-09 15:15 - 000116664 _____ (McAfee, LLC) C:\Windows\system32\Drivers\mfeplk.sys
    2020-07-05 02:23 - 2020-03-27 22:08 - 000567192 _____ (McAfee, LLC) C:\Windows\system32\mfevtps.exe
    2020-07-01 19:36 - 2020-07-01 19:37 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000.001\AppData\Local\ConnectedDevicesPlatform
    2020-07-01 19:36 - 2020-07-01 19:37 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000.001
    2020-06-29 16:38 - 2020-06-29 16:38 - 000000000 ____D C:\Program Files (x86)\APC
    2020-06-29 16:36 - 2020-06-29 16:36 - 013923704 _____ (Schneider Electric) C:\Users\shumi\PCPE Setup.exe
    2020-06-29 16:36 - 2020-06-29 16:36 - 001079808 _____ (Microsoft Corporation) C:\Users\shumi\mfc80u.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000626688 _____ (Microsoft Corporation) C:\Users\shumi\msvcr80.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000021880 _____ (Schneider Electric) C:\Users\shumi\grm_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000021880 _____ (Schneider Electric) C:\Users\shumi\fr_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\pt_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\it_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\es_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\en_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000020856 _____ (Schneider Electric) C:\Users\shumi\ru_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000020344 _____ (Schneider Electric) C:\Users\shumi\jp_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000019832 _____ (Schneider Electric) C:\Users\shumi\zh_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000018808 _____ C:\Users\shumi\ResourceReader.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000000550 _____ C:\Users\shumi\Microsoft.VC80.MFC.manifest
    2020-06-29 16:36 - 2020-06-29 16:36 - 000000522 _____ C:\Users\shumi\Microsoft.VC80.CRT.manifest
    2020-06-29 16:36 - 2020-06-29 16:36 - 000000017 _____ C:\Users\shumi\dotnetfolder.txt
    2020-06-29 16:26 - 2020-06-29 16:26 - 000000000 ____D C:\Users\Mike\AppData\Local\NVIDIA
    2020-06-29 16:24 - 2020-06-29 16:24 - 000000000 ____D C:\Users\Grandkids\AppData\Local\NVIDIA
    2020-06-29 16:05 - 2020-06-29 12:41 - 000454708 ____R C:\Windows\system32\Drivers\etc\hosts.20200629-160516.backup
    2020-06-29 15:23 - 2020-06-21 22:05 - 000222112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2020-06-29 15:23 - 2020-06-21 22:05 - 000039824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
    2020-06-29 15:22 - 2020-06-22 17:02 - 001780960 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
    2020-06-29 15:22 - 2020-06-22 17:02 - 001780960 _____ C:\Windows\system32\vulkaninfo.exe
    2020-06-29 15:22 - 2020-06-22 17:02 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
    2020-06-29 15:22 - 2020-06-22 17:02 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo.exe
    2020-06-29 15:22 - 2020-06-22 17:02 - 001086680 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
    2020-06-29 15:22 - 2020-06-22 17:02 - 001086680 _____ C:\Windows\system32\vulkan-1.dll
    2020-06-29 15:22 - 2020-06-22 17:02 - 000946400 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
    2020-06-29 15:22 - 2020-06-22 17:02 - 000946400 _____ C:\Windows\SysWOW64\vulkan-1.dll
    2020-06-29 15:22 - 2020-06-22 17:02 - 000455408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2020-06-29 15:22 - 2020-06-22 17:02 - 000351128 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 006652816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 005883280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 003902864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 002368912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 002075376 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 001568496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 001486744 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 001146264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 001016544 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 000817544 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 000812440 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 000674016 _____ C:\Windows\system32\nvofapi64.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 000669424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 000656792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 000581872 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
    2020-06-29 15:22 - 2020-06-22 17:00 - 000555928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 000543112 _____ C:\Windows\SysWOW64\nvofapi.dll
    2020-06-29 15:22 - 2020-06-22 17:00 - 000444816 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
    2020-06-29 15:22 - 2020-06-22 16:59 - 005383864 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2020-06-29 15:22 - 2020-06-22 16:59 - 004705744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2020-06-29 15:22 - 2020-06-22 16:59 - 000850824 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
    2020-06-29 15:22 - 2020-06-21 22:05 - 000078796 _____ C:\Windows\system32\nvinfo.pb
    2020-06-29 15:16 - 2020-07-08 19:38 - 000001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2020-06-29 15:16 - 2020-07-08 19:38 - 000001449 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
    2020-06-29 15:16 - 2020-03-11 14:26 - 000067456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
    2020-06-29 14:52 - 2020-06-29 14:52 - 000000218 _____ C:\Windows\wininit.ini
    2020-06-29 12:41 - 2020-04-17 10:57 - 000454708 ____R C:\Windows\system32\Drivers\etc\hosts.20200629-124123.backup
    2020-06-29 12:36 - 2020-06-29 15:07 - 000011358 _____ C:\ProgramData\DisplaySessionContainer3.log_backup1
    2020-06-26 13:10 - 2020-06-29 15:07 - 000073687 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1
    2020-06-26 13:10 - 2020-06-28 14:13 - 000011324 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1
    2020-06-26 13:10 - 2020-06-26 13:10 - 000011588 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1
    2020-06-26 13:10 - 2020-06-26 13:10 - 000001205 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1
    2020-06-25 13:23 - 2020-06-25 13:23 - 000003388 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4258859072-2134369477-3650907842-1008
    2020-06-25 13:23 - 2020-06-25 13:23 - 000002381 _____ C:\Users\Grandkids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-06-25 13:22 - 2020-06-26 13:08 - 000011192 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1
    2020-06-23 20:28 - 2020-06-23 20:28 - 000003382 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4258859072-2134369477-3650907842-1006
    2020-06-23 20:28 - 2020-06-23 20:28 - 000002372 _____ C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-06-23 20:23 - 2020-06-23 20:23 - 000009946 _____ C:\ProgramData\DisplaySessionContainer5.log_backup1
    2020-06-23 20:22 - 2020-06-29 16:02 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000
    2020-06-23 20:22 - 2020-06-23 20:22 - 000000020 ___SH C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\ntuser.ini
    2020-06-23 20:22 - 2020-06-23 20:22 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\AppData\Local\VirtualStore
    2020-06-23 20:22 - 2020-06-23 20:22 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\AppData\Local\Packages
    2020-06-23 20:22 - 2020-06-23 20:22 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\AppData\Local\NVIDIA Corporation
    2020-06-23 20:22 - 2020-06-23 20:22 - 000000000 ____D C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\AppData\Local\ConnectedDevicesPlatform
    2020-06-23 20:22 - 2019-03-18 23:46 - 000001105 _____ C:\Users\defaultuser100000.DESKTOP-AT4C6NI.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2020-06-20 16:39 - 2020-06-20 16:39 - 000002747 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo.lnk
    2020-06-20 15:44 - 2020-07-15 08:56 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2020-06-20 15:44 - 2020-07-15 08:56 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
    2020-06-20 15:44 - 2020-07-15 08:56 - 000002280 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
    2020-06-20 15:43 - 2020-07-16 03:26 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
    2020-06-20 15:43 - 2020-07-15 18:56 - 000003478 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2020-06-20 15:43 - 2020-07-15 18:56 - 000003354 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2020-07-18 18:26 - 2020-04-03 16:42 - 000000000 ____D C:\Users\Mike\AppData\Local\CrashDumps
    2020-07-18 18:17 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2020-07-18 18:03 - 2020-04-03 16:15 - 000000000 ___RD C:\Users\Mike\OneDrive
    2020-07-18 18:03 - 2020-03-21 04:00 - 000000000 ____D C:\ProgramData\NVIDIA
    2020-07-18 17:51 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\AppReadiness
    2020-07-18 17:26 - 2020-03-21 03:53 - 000000000 ____D C:\Windows\system32\SleepStudy
    2020-07-18 13:52 - 2020-03-21 04:04 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
    2020-07-18 12:06 - 2020-03-21 04:07 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
    2020-07-18 11:28 - 2019-03-18 23:50 - 000000000 ____D C:\Windows\INF
    2020-07-18 07:16 - 2020-03-21 04:13 - 000000000 ____D C:\Program Files\Microsoft Office
    2020-07-18 02:00 - 2020-04-13 12:26 - 000000000 ____D C:\Windows\system32\config\regsave
    2020-07-17 13:34 - 2020-04-03 16:14 - 000000000 ___RD C:\Users\Mike\3D Objects
    2020-07-17 13:34 - 2020-04-03 16:14 - 000000000 ____D C:\Users\Mike\AppData\Local\Packages
    2020-07-17 13:34 - 2020-03-21 04:09 - 000000000 __RHD C:\Users\Public\AccountPictures
    2020-07-17 13:34 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps
    2020-07-16 03:30 - 2020-03-21 04:08 - 000799892 _____ C:\Windows\system32\PerfStringBackup.INI
    2020-07-16 03:28 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\Registration
    2020-07-16 03:27 - 2020-04-07 20:26 - 000000000 ___RD C:\Users\shumi\iCloudDrive
    2020-07-16 03:26 - 2020-04-17 10:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2020-07-16 03:26 - 2020-03-25 21:54 - 000000000 ___RD C:\Users\shumi\OneDrive
    2020-07-16 03:26 - 2020-03-25 21:52 - 000000000 ___RD C:\Users\shumi\3D Objects
    2020-07-16 03:26 - 2020-03-21 03:54 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2020-07-16 03:26 - 2019-03-18 23:37 - 000032768 _____ C:\Windows\system32\config\ELAM
    2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ___SD C:\Windows\system32\DiagSvcs
    2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\SystemResources
    2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\oobe
    2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\ShellExperiences
    2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\bcastdvr
    2020-07-16 03:25 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\System
    2020-07-16 03:25 - 2019-03-18 23:37 - 001572864 _____ C:\Windows\system32\config\BBI
    2020-07-15 02:40 - 2019-03-18 23:37 - 000000000 ____D C:\Windows\CbsTemp
    2020-07-12 12:31 - 2020-04-13 11:49 - 000000000 ____D C:\Users\Grandkids
    2020-07-12 12:31 - 2020-04-03 16:14 - 000000000 ____D C:\Users\Mike
    2020-07-12 12:31 - 2020-04-03 14:15 - 000000000 ____D C:\Users\Brenda
    2020-07-12 10:55 - 2020-03-25 21:47 - 000000000 ____D C:\Users\shumi
    2020-07-12 10:45 - 2020-04-05 21:14 - 000000000 ____D C:\Users\shumi\AppData\Local\NVIDIA
    2020-07-12 10:44 - 2020-03-25 22:07 - 000000000 ____D C:\Users\shumi\AppData\Local\CrashDumps
    2020-07-11 16:50 - 2020-06-17 08:10 - 000000000 ____D C:\Users\Grandkids\AppData\Local\CrashDumps
    2020-07-11 16:50 - 2020-04-03 16:42 - 000000000 ____D C:\Users\Brenda\AppData\Local\CrashDumps
    2020-07-11 14:04 - 2020-04-08 09:01 - 000008051 _____ C:\Windows\BRRBCOM.INI
    2020-07-11 11:48 - 2020-04-13 11:49 - 000000000 ____D C:\Users\Grandkids\AppData\Local\Packages
    2020-07-11 11:47 - 2020-04-13 11:51 - 000000000 ___RD C:\Users\Grandkids\OneDrive
    2020-07-08 19:51 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\ServiceState
    2020-07-08 19:43 - 2020-04-03 16:16 - 000000000 ____D C:\Users\Mike\AppData\Local\PlaceholderTileLogoFolder
    2020-07-08 19:43 - 2020-04-03 16:14 - 000000000 ____D C:\Users\Mike\AppData\Local\Publishers
    2020-07-08 19:43 - 2020-04-03 16:14 - 000000000 ____D C:\Users\Mike\AppData\Local\NVIDIA Corporation
    2020-07-08 19:38 - 2020-03-21 04:00 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2020-07-08 19:38 - 2020-03-21 04:00 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2020-07-08 19:38 - 2020-03-21 03:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2020-07-08 19:36 - 2020-03-25 21:54 - 000000000 ____D C:\Users\shumi\AppData\Local\PlaceholderTileLogoFolder
    2020-07-08 19:36 - 2020-03-25 21:52 - 000000000 ____D C:\Users\shumi\AppData\Local\Packages
    2020-07-07 04:50 - 2019-03-18 23:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2020-07-06 17:40 - 2020-04-17 10:22 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2020-07-05 11:04 - 2020-04-03 14:15 - 000000000 ____D C:\Users\Brenda\AppData\Local\Packages
    2020-07-05 11:03 - 2020-04-15 11:04 - 000000000 ___RD C:\Users\Brenda\iCloudDrive
    2020-07-05 11:03 - 2020-04-03 14:15 - 000000000 ____D C:\Users\Brenda\AppData\Local\NVIDIA Corporation
    2020-07-05 02:25 - 2020-03-21 04:06 - 000000000 ____D C:\Program Files\Common Files\McAfee
    2020-07-05 02:23 - 2019-03-18 23:52 - 000000000 ___HD C:\Windows\ELAMBKUP
    2020-07-03 13:08 - 2020-03-21 04:23 - 000000000 ____D C:\ProgramData\Packages
    2020-07-03 12:59 - 2020-03-21 04:06 - 000003710 _____ C:\Windows\system32\Tasks\McAfee Remediation (Prepare)
    2020-06-29 16:41 - 2019-03-18 23:37 - 000000000 ____D C:\Windows\servicing
    2020-06-29 16:25 - 2020-04-13 11:49 - 000000000 ____D C:\Users\Grandkids\AppData\Local\NVIDIA Corporation
    2020-06-29 15:24 - 2020-03-21 03:58 - 000000000 ____D C:\ProgramData\Package Cache
    2020-06-29 15:16 - 2020-03-25 21:53 - 000000000 ____D C:\Users\shumi\AppData\Local\NVIDIA Corporation
    2020-06-26 13:10 - 2020-03-21 03:58 - 000000000 ____D C:\ProgramData\A-Volute
    2020-06-26 13:09 - 2020-04-13 15:50 - 000025236 _____ C:\Windows\SysWOW64\PCPELog.txt
    2020-06-25 13:23 - 2020-04-13 11:52 - 000000000 ____D C:\Users\Grandkids\AppData\Local\PlaceholderTileLogoFolder
    2020-06-23 20:28 - 2020-04-03 14:16 - 000000000 ___RD C:\Users\Brenda\OneDrive
    2020-06-23 20:27 - 2020-04-03 14:15 - 000000000 ___RD C:\Users\Brenda\3D Objects
    2020-06-23 09:20 - 2020-03-21 04:00 - 001295848 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
    2020-06-20 15:43 - 2020-03-21 04:28 - 000000000 ____D C:\Windows\Panther
    2020-06-19 12:36 - 2019-03-18 23:52 - 000000000 ____D C:\Windows\system32\NDF

    ==================== Files in the root of some directories ========

    2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\en_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\es_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000021880 _____ (Schneider Electric) C:\Users\shumi\fr_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000021880 _____ (Schneider Electric) C:\Users\shumi\grm_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\it_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000020344 _____ (Schneider Electric) C:\Users\shumi\jp_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 001079808 _____ (Microsoft Corporation) C:\Users\shumi\mfc80u.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000626688 _____ (Microsoft Corporation) C:\Users\shumi\msvcr80.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 013923704 _____ (Schneider Electric) C:\Users\shumi\PCPE Setup.exe
    2020-06-29 16:36 - 2020-06-29 16:36 - 000021368 _____ (Schneider Electric) C:\Users\shumi\pt_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000018808 _____ () C:\Users\shumi\ResourceReader.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000020856 _____ (Schneider Electric) C:\Users\shumi\ru_res.dll
    2020-06-29 16:36 - 2020-06-29 16:36 - 000019832 _____ (Schneider Electric) C:\Users\shumi\zh_res.dll

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================

  8. #8
    Junior Member
    Join Date
    Jul 2020
    Posts
    11

    Default

    This is Addition Reply Logs #1:


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
    Ran by shumi (18-07-2020 18:26:24)
    Running from C:\Users\Mike\Desktop
    Windows 10 Home Version 1909 18363.959 (X64) (2020-03-26 04:04:51)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4258859072-2134369477-3650907842-500 - Administrator - Disabled)
    Brenda (S-1-5-21-4258859072-2134369477-3650907842-1006 - Limited - Enabled) => C:\Users\Brenda
    DefaultAccount (S-1-5-21-4258859072-2134369477-3650907842-503 - Limited - Disabled)
    Grandkids (S-1-5-21-4258859072-2134369477-3650907842-1008 - Limited - Enabled) => C:\Users\Grandkids
    Guest (S-1-5-21-4258859072-2134369477-3650907842-501 - Limited - Disabled)
    Mike (S-1-5-21-4258859072-2134369477-3650907842-1007 - Limited - Enabled) => C:\Users\Mike
    shumi (S-1-5-21-4258859072-2134369477-3650907842-1001 - Administrator - Enabled) => C:\Users\shumi
    WDAGUtilityAccount (S-1-5-21-4258859072-2134369477-3650907842-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
    AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
    FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Alienware Command Center Suite (HKLM\...\{8C91E386-C6DD-4387-AD74-415895342AE5}) (Version: 5.2.81.0 - Dell Inc) Hidden
    Alienware Command Center Suite (HKLM-x32\...\InstallShield_{8C91E386-C6DD-4387-AD74-415895342AE5}) (Version: 5.2.81.0 - Dell Inc)
    Alienware OC Controls (HKLM-x32\...\{dd646d80-7aea-4d5b-8de0-9b525f4e52ca}) (Version: 1.2.50.1227 - Dell Inc)
    Alienware OCControls Service Installer (HKLM\...\{0DB99C1B-9D42-42F3-9F8B-A6BF263ED0CC}) (Version: 1.2.50.1227 - DELL Inc) Hidden
    BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
    BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
    Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
    Brother Printer Driver (HKLM-x32\...\{4A30C4EE-52AC-4A6B-A898-D484E9FAED63}) (Version: 1.5.0.0 - Brother Industries Ltd.) Hidden
    Brother Scanner Driver (HKLM-x32\...\{AA380E53-F930-47A3-BFD6-F8762EB73755}) (Version: 1.0.16.11 - Brother Industries Ltd.) Hidden
    BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
    BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
    ControlCenter4 (HKLM-x32\...\{C5744F42-FDC4-4CC2-B4A8-47C9AA9553B4}) (Version: 4.2.435.1 - Brother Insutries Ltd.) Hidden
    ControlCenter4 CSDK (HKLM-x32\...\{1BAE50D4-5F2A-4E34-BD81-B4555109F7C2}) (Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
    Dell Digital Delivery Services (HKLM-x32\...\{2F67D318-DCDC-4D94-9048-37789F3C065B}) (Version: 4.0.51.0 - Dell Inc.)
    Dell Mobile Connect Drivers (HKLM\...\{4674F112-9AB7-4701-AEC0-C1FD1FE7CD4E}) (Version: 2.0.8401 - Screenovate Technologies Ltd.)
    Dell SupportAssist (HKLM\...\{6D2933E3-DC42-44E5-B80E-DACDD64ADFF5}) (Version: 3.5.0.448 - Dell Inc.)
    Dell SupportAssist Remediation (HKLM\...\{1906C253-4035-4CA5-A501-075E691CCEC9}) (Version: 5.0.0.10859 - Dell Inc.) Hidden
    Dell SupportAssist Remediation (HKLM-x32\...\{96846915-505c-49a2-8aa0-63f90927de87}) (Version: 5.0.0.10859 - Dell Inc.)
    Dell Update - SupportAssist Update Plugin (HKLM\...\{C559D0AB-2D9E-4B59-B2B8-0C2061B3F9BC}) (Version: 5.0.0.10859 - Dell Inc.) Hidden
    Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{3a267e2b-0948-4f12-a103-e2ac0461179d}) (Version: 5.0.0.10859 - Dell Inc.)
    Dell Update for Windows 10 (HKLM\...\{70E9F8CC-A23E-4C25-B292-C86C1821587C}) (Version: 3.1.2 - Dell, Inc.)
    DeviceDetect (HKLM-x32\...\{F805D16D-AB79-4DC7-A60F-436621995275}) (Version: 1.2.1.0 - Brother Industries Ltd.) Hidden
    Dynamic Application Loader Host Interface Service (HKLM\...\{293FF2BA-6A87-4B73-8B63-B0D252C34A8B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
    EaseUS Todo Backup Free 12.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 12.0 - CHENGDU YIWO Tech Development Co., Ltd)
    HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
    iCloud Outlook (HKLM\...\{A8C64C2A-BD34-464F-BA61-A969BA46FC2B}) (Version: 10.9.3.62 - Apple Inc.)
    Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1938.12.0.1317 - Intel Corporation)
    McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R26 - McAfee, LLC)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.123 - McAfee, LLC)
    Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13001.20384 - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.64 - Microsoft Corporation)
    Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
    Microsoft OneDrive (HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
    Monitor Webcam (SP2208WFP) Driver (1.00.08.0720) (HKLM\...\Creative OEM005) (Version: - )
    NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
    Nuance PaperPort 14 (HKLM-x32\...\{6CC9391F-D441-4D2E-9ECC-1F7084C733ED}) (Version: 14.5.0006 - Nuance Communications, Inc.)
    Nuance PDF Viewer SE (HKLM-x32\...\{7BAC9170-359D-4EAD-B6E4-238A14940C11}) (Version: 7.20.3230 - Nuance Communications, Inc.)
    NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
    NVIDIA Graphics Driver 451.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 451.48 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.38.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
    NVIDIA USBC Driver 1.42.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.42.831.832 - NVIDIA Corporation)
    NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13001.20384 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13001.20144 - Microsoft Corporation) Hidden
    PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
    PC-FAXReceive (HKLM-x32\...\{DD40894F-7575-4905-90AB-695FD827E358}) (Version: 1.4.24.0 - Brother Insutries Ltd.) Hidden
    PCFaxTx (HKLM-x32\...\{63530B2D-3A34-4D79-A52D-F3EB5D99A7C1}) (Version: 1.1.1.1 - Brother Industries Ltd.) Hidden
    Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10505 - Qualcomm)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8734.1 - Realtek Semiconductor Corp.)
    RemoteSetup (HKLM-x32\...\{BDD8C463-1183-4A91-9EC8-BF68E4ECA9B6}) (Version: 3.9.2.1 - Brother Industries Ltd.) Hidden
    ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
    Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.67.0 - Safer-Networking Ltd.)
    StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
    Windows Driver Package - STMicroelectronics (STTub30) USB (04/03/2017 3.0.6.0) (HKLM\...\BFD1FB244691FDF6328C70B79647C9046B65397A) (Version: 04/03/2017 3.0.6.0 - STMicroelectronics)
    Yahoo (HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\6689f6b3e158ee57a82cabe9205be9be) (Version: 1.0 - Yahoo)

    Packages:
    =========
    Alienware Command Center -> C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
    Alienware Control Center -> C:\Program Files\WindowsApps\DellInc.6066037A8FCF7_1.1.22.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
    Alienware FX 02 -> C:\Program Files\WindowsApps\DellInc.AlienwareFX02_1.2.29.0_x64__htrsf667h5kn2 [2020-03-28] (Dell Inc)
    Alienware OC Controls -> C:\Program Files\WindowsApps\DellInc.423703F9C7E0E_1.2.38.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
    Alienware Sound Center -> C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2 [2020-05-30] (Dell Inc)
    Dell Cinema Guide -> C:\Program Files\WindowsApps\DellInc.DellCinemaGuide_1.0.49.0_x64__htrsf667h5kn2 [2020-03-25] (Dell Inc)
    Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.40.0_x64__htrsf667h5kn2 [2020-05-07] (Dell Inc)
    Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.52.0_x64__htrsf667h5kn2 [2020-05-27] (Dell Inc)
    Dell Mobile Connect -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.1.9518.0_x64__0vhbc3ng4wbp0 [2020-07-13] (Screenovate Technologies) [Startup Task]
    Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.5.13.0_x64__htrsf667h5kn2 [2020-05-05] (Dell Inc)
    Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_3.1.99.0_x64__htrsf667h5kn2 [2020-05-25] (Dell Inc)
    DellTypeCStatus -> C:\Program Files\WindowsApps\MSWP.DellTypeCStatus_3.1.3920.0_x64__9j0h69dmw0fzc [2020-03-25] (WISTRON CORPORATION) [Startup Task]
    Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-03-25] (Dropbox Inc.)
    eM Client -> C:\Program Files\WindowsApps\eMClient.20054CA46072C_7.2.38682.0_neutral__rq410mg92b554 [2020-04-13] (eM Client)
    iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.2.18.0_x86__nzyj5cx40ttqa [2020-06-06] (Apple Inc.) [Startup Task]
    Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_17.9.1008.0_x64__8j3eq9eme6ctt [2020-06-23] (INTEL CORP)
    iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa [2020-05-22] (Apple Inc.) [Startup Task]
    Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_2.1.3163.0_x64__rh07ty8m5nkag [2020-03-21] (Rivet Networks LLC) [Startup Task]
    LastPass for Windows Desktop -> C:\Program Files\WindowsApps\LastPass.LastPass_4.4.3.0_x64__qq0fmhteeht3j [2020-07-02] (LastPass)
    LastPass: Free Password Manager -> C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.51.0.0_neutral__qq0fmhteeht3j [2020-07-03] (LastPass)
    McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.39.0_x64__wafk5atnkzcwy [2020-06-06] (McAfee LLC.)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
    MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation)
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
    My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_1.4.22.0_x64__htrsf667h5kn2 [2020-04-15] (Dell Inc)
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
    NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-23] (NVIDIA Corp.)
    Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.183.0_x64__dt26b99r8h8gj [2020-03-25] (Realtek Semiconductor Corp)
    Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c [2020-06-25] (Skype) [Startup Task]
    Snipaste -> C:\Program Files\WindowsApps\45479liulios.17062D84F7C46_2.4.0.0_x64__p7pnf6hceqser [2020-07-03] (Le Liu) [Startup Task]
    Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001_Classes\CLSID\{4956AA8B-F7B5-4E91-AACC-5E272CDA771F} -> [iCloud Photos] => D:\shumi\Pictures\iCloud Photos\Photos [2020-06-06 19:08]
    CustomCLSID: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001_Classes\CLSID\{60B36EBA-CCE1-42DA-9A67-FF839FCC4C60} -> [iCloud Drive] => C:\Users\shumi\iCloudDrive [2020-04-07 20:26]
    ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
    ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
    ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2019-11-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_d270e5eea12c358c\nvshext.dll [2020-06-22] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2009-02-27 16:38 - 2009-02-27 16:38 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2020-01-24 17:38 - 2020-01-24 17:38 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll
    2020-04-03 14:58 - 2019-06-28 11:09 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
    2020-04-03 14:58 - 2019-06-28 11:09 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 005013504 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.423703F9C7E0E_1.2.38.0_x64__htrsf667h5kn2\DellInc.423703F9C7E0E.AWCC.Plugin.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 000483328 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AWCC.RPC.Proxy.WinRT.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 000178688 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AWCCPlugin.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 000021504 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\IInspectableParser.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 000316416 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\PM.UI.Controls.dll
    2020-03-28 00:29 - 2020-03-28 00:29 - 001629696 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareFX02_1.2.29.0_x64__htrsf667h5kn2\DellInc.AlienwareFX02.AFX.Model.Plugin.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 000576000 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\DataSystemWRC.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 001071616 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\DellInc.AlienwareSoundCenter.AFX.Model.Plugin.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 005350912 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\DellInc.AlienwareSoundCenter.AWCC.Plugin.dll
    2020-03-21 04:01 - 2020-03-21 04:01 - 000143360 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\Gaming.API.WinRT.HeadsetControl.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 000096768 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\JabraManager.dll
    2020-03-21 04:01 - 2020-03-21 04:01 - 000035328 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\RPCClient.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 000059904 _____ () [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\SoundCenter.Daemon.Client.dll
    2020-04-08 09:01 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\Windows\system32\BrSNMP64.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 001550208 _____ (A-Volute -> ) [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareSoundCenter_1.5.1.0_x64__htrsf667h5kn2\AGSWRC.dll
    2012-12-05 12:29 - 2012-12-05 12:29 - 004883456 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\BCGCBPRO1100u100.dll
    2012-12-05 12:29 - 2012-12-05 12:29 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
    2014-11-13 18:55 - 2014-11-13 18:55 - 000461824 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
    2010-09-29 17:07 - 2010-09-29 17:07 - 000180224 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
    2013-10-10 21:55 - 2013-10-10 21:55 - 002040320 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
    2014-11-12 09:17 - 2014-11-12 09:17 - 000137728 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
    2014-09-09 09:38 - 2014-09-09 09:38 - 000083968 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
    2014-09-09 09:38 - 2014-09-09 09:38 - 017974784 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
    2014-09-09 09:39 - 2014-09-09 09:39 - 000080896 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
    2020-04-08 09:01 - 2013-03-08 15:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 001945600 _____ (Dell Inc) [File not signed] C:\Program Files\WindowsApps\DellInc.6066037A8FCF7_1.1.22.0_x64__htrsf667h5kn2\DellInc.6066037A8FCF7.AFX.Model.Plugin.dll
    2019-11-21 00:38 - 2019-11-21 00:38 - 000081920 _____ (Dell Technologies) [File not signed] [File is in use] C:\Program Files\Alienware\Alienware Command Center\OCControl.Rpc.Server.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 000031744 _____ (Dell Technologies) [File not signed] C:\Program Files\WindowsApps\DellInc.423703F9C7E0E_1.2.38.0_x64__htrsf667h5kn2\OCControl.Rpc.Client.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 000110080 _____ (Dell Technologies) [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AFXModelPlugin.dll
    2020-05-30 00:24 - 2020-05-30 00:24 - 030830592 _____ (Dell Technologies) [File not signed] C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.2.89.0_x64__htrsf667h5kn2\AWCC.dll
    2020-04-03 14:58 - 2019-06-28 11:09 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
    2020-04-08 09:04 - 2013-08-06 12:15 - 000181248 _____ (Nuance Communications, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\nuanoemuires.dll
    2020-04-08 09:04 - 2013-08-06 12:15 - 000027648 _____ (Nuance Communications, Inc.) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\NuanUI.DLL
    2020-01-13 09:04 - 2020-01-13 09:04 - 001899008 _____ (SQLite Development Team) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\sqlite3.dll
    2020-04-03 14:58 - 2019-10-09 09:05 - 001359872 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\LIBEAY32.dll
    2020-04-03 14:58 - 2019-10-09 09:05 - 000365056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SSLEAY32.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Mike\Desktop\FRST64.exe:SmartScreen [7]
    AlternateDataStreams: C:\Users\Mike\Desktop\tweaking.com_registry_backup_setup.exe:SmartScreen [7]

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.


    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2019-03-18 23:49 - 2020-07-12 12:31 - 000454708 ____R C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15607 more lines.


    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4258859072-2134369477-3650907842-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\shumi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win ltblue 1920x1200.jpg
    HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win ltblue 1920x1200.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{1FA227C9-9915-4999-B203-D19D6BC4F113}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{9A5D1CA6-AE4F-4ABB-A15B-308099236299}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{4D70D8C2-867C-4AAD-9C0E-9945A9B83B0D}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
    FirewallRules: [{BDBB396D-7359-4150-9B63-75664BBF4EE4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
    FirewallRules: [{A013FB41-52EB-464C-B188-E6D0B7123EA0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
    FirewallRules: [{48E60FEA-41E0-402F-9363-DF432E0B01EC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    FirewallRules: [{EF1938AC-E5CB-4552-8E64-2B9386EB19A9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    FirewallRules: [{47AE8974-C482-44DA-8F4F-6044C056164D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    FirewallRules: [{EC867A7B-4B2A-420B-9AFC-7E52F0ECC47E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
    FirewallRules: [{2D0FD69F-A7A6-4F73-9209-6095E098BD53}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
    FirewallRules: [{ED4D1C17-5077-409E-A9BB-02887BAA6828}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
    FirewallRules: [{D3F1E077-C455-4023-86F3-B0968D44B158}] => (Allow) LPort=54925
    FirewallRules: [{480B21CE-58CA-4895-A374-745888FF4DA1}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
    FirewallRules: [{9F81E6ED-AF09-43BF-9BA2-051F7C4D86F6}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
    FirewallRules: [{8C4C884E-E3B0-4AA7-973D-6AD06C087DE3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{62342597-3B6E-411C-8DBD-A0A24341AC19}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{4F7D1D1B-8C69-458B-AC7E-EA0509A0BEDA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{7817FE59-2466-45DE-B548-331E7A48FD2C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{A9802D92-7427-48D0-A08B-4969E676E504}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{91BDE927-DDB7-40FA-AB17-16CF3E4975F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{621C46C9-CE37-4550-80E8-AA00A2102210}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{EDDEB922-77C4-4962-BEED-AF60CA29FDAD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{01FA593F-B31A-48B4-9B96-9A31D79EA8D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{8340D560-C8D8-405D-A55E-91CD1EE4BCB9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{E990FB8D-631F-4003-8C7D-4F5915D4E7EC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{4AE0FA42-8FE6-4932-A3CB-1C053113CD79}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{E5C4F85B-0088-41DA-9426-B08ADC628689}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{4BAA2239-3DEA-4A8B-91FA-905B07D85EE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{398618A8-DEBD-4385-98D7-37A8DB639598}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{8FCBC28B-ECBA-4865-ABB3-2C5154C649E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{8062D565-59CF-4C06-9760-DF85AF4B890C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
    FirewallRules: [{448A4F41-E7A1-43CC-A92A-5A269E4AA4A5}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.1.9518.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
    FirewallRules: [{2AE6DF57-F85B-4958-93C1-CBFC8A29ED29}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.1.9518.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (SCREENOVATE TECHNOLOGIES LTD. -> Screenovate Technologies Ltd.)
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled (Total:101.34 GB) (Free:38.28 GB) (38%)

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (07/18/2020 06:27:42 PM) (Source: XTUService) (EventID: 0) (User: )
    Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
    Parameter name: singletonInstance
    at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
    at IronCity.Core.Server.CoreServer.Start()
    at XtuService.XtuService1.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error: (07/18/2020 06:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
    Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
    Exception code: 0xc0000005
    Fault offset: 0x000243f0
    Faulting process id: 0x34f9c
    Faulting application start time: 0x01d65d5b063aa1f9
    Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
    Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
    Report Id: 2c2adc60-6d47-4afe-8c43-627423ab5dbe
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (07/18/2020 06:27:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
    Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
    Exception code: 0xc0000005
    Fault offset: 0x000243f0
    Faulting process id: 0x34fa0
    Faulting application start time: 0x01d65d5b0342de92
    Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
    Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
    Report Id: 59d05f95-1f33-467e-8308-70c59369aa08
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (07/18/2020 06:27:29 PM) (Source: XTUService) (EventID: 0) (User: )
    Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
    Parameter name: singletonInstance
    at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
    at IronCity.Core.Server.CoreServer.Start()
    at XtuService.XtuService1.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    Error: (07/18/2020 06:27:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
    Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
    Exception code: 0xc0000005
    Fault offset: 0x000243f0
    Faulting process id: 0x30cec
    Faulting application start time: 0x01d65d5b0046dfca
    Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
    Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
    Report Id: c26b6e72-623a-4d72-ad83-34f057ce0212
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (07/18/2020 06:27:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
    Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
    Exception code: 0xc0000005
    Fault offset: 0x000243f0
    Faulting process id: 0x2da30
    Faulting application start time: 0x01d65d5afd4b477f
    Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
    Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
    Report Id: 4ad4ed84-96e7-45a3-ac92-9ae7b9a65e0e
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (07/18/2020 06:27:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
    Faulting module name: NahimicSvc32.exe, version: 2.2.0.56285, time stamp: 0x5c5c05b3
    Exception code: 0xc0000005
    Fault offset: 0x000243f0
    Faulting process id: 0x32054
    Faulting application start time: 0x01d65d5afa509d0c
    Faulting application path: C:\Windows\SysWOW64\NahimicSvc32.exe
    Faulting module path: C:\Windows\SysWOW64\NahimicSvc32.exe
    Report Id: ae4c86a9-4cb5-48e7-8c0f-8a0c9d3abeee
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (07/18/2020 06:27:17 PM) (Source: XTUService) (EventID: 0) (User: )
    Description: Service cannot be started. System.ArgumentNullException: Value cannot be null.
    Parameter name: singletonInstance
    at System.ServiceModel.ServiceHost..ctor(Object singletonInstance, Uri[] baseAddresses)
    at IronCity.Core.Server.CoreServer.Start()
    at XtuService.XtuService1.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


    System errors:
    =============
    Error: (07/18/2020 01:35:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 3 time(s).

    Error: (07/18/2020 12:30:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (07/18/2020 12:14:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (07/17/2020 01:36:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Dell Digital Delivery Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (07/17/2020 01:34:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The AppX Deployment Service (AppXSVC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (07/12/2020 12:27:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (07/12/2020 12:10:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (07/12/2020 10:43:54 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 5:09:02 PM on ‎7/‎11/‎2020 was unexpected.


    Windows Defender:
    ===================================
    Date: 2020-05-04 20:15:35.729
    Description:
    Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
    Security intelligence Attempted: Current
    Error Code: 0x80070002
    Error description: The system cannot find the file specified.
    Security intelligence version: 0.0.0.0;0.0.0.0
    Engine version: 0.0.0.0

    CodeIntegrity:
    ===================================

    Date: 2020-07-18 18:24:55.903
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

    Date: 2020-07-18 18:19:53.739
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

    Date: 2020-07-18 18:14:51.494
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

    Date: 2020-07-18 18:09:49.688
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

    Date: 2020-07-18 18:04:46.761
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

    Date: 2020-07-18 17:59:43.872
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

    Date: 2020-07-18 17:54:41.651
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

    Date: 2020-07-18 17:49:39.125
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

    ==================== Memory info ===========================

    BIOS: Dell Inc. 1.2.1 03/20/2020
    Motherboard: Dell Inc. 0DXJD9
    Processor: Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz
    Percentage of memory in use: 82%
    Total physical RAM: 8046.91 MB
    Available physical RAM: 1370.94 MB
    Total Virtual: 30574.91 MB
    Available Virtual: 20379.98 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:101.34 GB) (Free:38.28 GB) NTFS
    Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:856.73 GB) NTFS
    Drive e: ( My Backups) (Fixed) (Total:5589 GB) (Free:3439.88 GB) NTFS
    Drive f: (EASEUSBOOT) (Removable) (Total:28.64 GB) (Free:27.89 GB) FAT32

    \\?\Volume{d563a30d-01d7-4124-b9bc-3b031606b3e3}\ (WINRETOOLS) (Fixed) (Total:0.93 GB) (Free:0.34 GB) NTFS
    \\?\Volume{c1bd49fd-9eeb-4298-aa1a-3b448f4d5e9d}\ (Image) (Fixed) (Total:15.26 GB) (Free:0.13 GB) NTFS
    \\?\Volume{80422f68-d197-4690-9b15-3fe274ccec64}\ (DELLSUPPORT) (Fixed) (Total:1.42 GB) (Free:0.45 GB) NTFS
    \\?\Volume{87be7d44-d7e7-4d22-a188-47fb3e14b20b}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.07 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 7A420BC1)

    Partition: GPT.

    ==========================================================
    Disk: 1 (Size: 119.2 GB) (Disk ID: 7A420BB6)

    Partition: GPT.

    ==========================================================
    Disk: 2 (Size: 5589 GB) (Disk ID: 16F2A91F)

    Partition: GPT.

    ==========================================================
    Disk: 3 (Size: 28.7 GB) (Disk ID: FE429E9F)
    Partition 1: (Active) - (Size=28.7 GB) - (Type=0C)

    ==================== End of Addition.txt =======================

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    OK, looks pretty good actually.

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    Task: {055121b2-0927-4254-af0a-4f668e39e469} - no filepath
    Task: {2cb54e1f-62d9-4c14-814c-955ef69c155b} - no filepath
    Task: {30bdde01-accc-4d79-8aa1-44749ff27256} - no filepath
    Task: {3369d6ed-ba7f-49d1-8833-d3a224675608} - no filepath
    Task: {3497e3f2-c9b7-425a-9fec-440c2225f44b} - no filepath
    Task: {3c2803c4-858e-4647-bcea-ae4e80f67684} - no filepath
    Task: {3d72d2b4-03b7-4849-ab88-a5fff70cf3ca} - no filepath
    Task: {5b49af16-6ab4-45fc-9d9d-dcd31eed3710} - no filepath
    Task: {5f143149-37b1-49a4-8891-7cd86fc9ae8b} - no filepath
    Task: {5f6a4b10-041d-4264-83bb-02eaed7bb197} - no filepath
    Task: {81d18dbf-731c-4226-8e85-44bda75e5bc7} - no filepath
    Task: {8bc86d5f-5453-4d79-b4f2-dac073199006} - no filepath
    Task: {9553b533-d4c8-4a4d-a7a9-beecf3652c25} - no filepath
    Task: {964ea2cc-52f0-4e92-957f-8c54d1145996} - no filepath
    Task: {9e5834c3-5a31-45d9-8652-74df9bb6aea7} - no filepath
    Task: {a687a4ff-47a3-4310-a426-fa53bba6280a} - no filepath
    Task: {d0815cd0-a575-4fde-82fb-9a3e8c9b4c24} - no filepath
    Task: {d7bc42e8-f1a0-44dd-a2e6-96ed36ff930f} - no filepath
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Download and run AdwCleaner

    Download AdwCleaner from here and save it to your desktop.

    • run AdwCleaner by clicking on Scan Now
    • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
    • if it asks to reboot, allow the reboot
    • on reboot, click on View Log File; please attach the content of the log to your next reply.

    ============================================

    Run Malwarebytes Anti-Malware

    You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:
    • run the program
    • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
    • click on the ‘Scan’ tab, (directly below the Dashboard tab)
    • select the Threat Scan option
    • slick the Scan Now button
    • Threat Scan will begin
    • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
    • if prompted to restart the computer, close all other programs and click Yes to restart your computer
    • once you are back at your desktop, open MBAM once more
    • click on the ‘Reports’ tab
    • double-click on the most recent Scan Report
    • click on Export, then Copy to Clipboard

    Logs to include with the next post:

    Fixlog.txt
    AdwCleaner log
    Mbam.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Jul 2020
    Posts
    11

    Default

    Thank you so much for helping me. What do you think was going on with my computer? Malaware? The grandkids play Roblox on it, could that be where it came from? Any insight you can provide is greatly appreciated

    One other thing I noticed in one of the logs, where "Internet Explorer trusted/restricted" lists some porn sites. Can you tell me what that's from. There shouldn't be anybody accessing porn from this computer.

    Here are the logs:


    Fix result of Farbar Recovery Scan Tool (x64) Version: 19-07-2020
    Ran by shumi (20-07-2020 19:36:01) Run:1
    Running from C:\Users\Mike\Desktop
    Loaded Profiles: shumi & Brenda & Mike & Grandkids
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    Task: {055121b2-0927-4254-af0a-4f668e39e469} - no filepath
    Task: {2cb54e1f-62d9-4c14-814c-955ef69c155b} - no filepath
    Task: {30bdde01-accc-4d79-8aa1-44749ff27256} - no filepath
    Task: {3369d6ed-ba7f-49d1-8833-d3a224675608} - no filepath
    Task: {3497e3f2-c9b7-425a-9fec-440c2225f44b} - no filepath
    Task: {3c2803c4-858e-4647-bcea-ae4e80f67684} - no filepath
    Task: {3d72d2b4-03b7-4849-ab88-a5fff70cf3ca} - no filepath
    Task: {5b49af16-6ab4-45fc-9d9d-dcd31eed3710} - no filepath
    Task: {5f143149-37b1-49a4-8891-7cd86fc9ae8b} - no filepath
    Task: {5f6a4b10-041d-4264-83bb-02eaed7bb197} - no filepath
    Task: {81d18dbf-731c-4226-8e85-44bda75e5bc7} - no filepath
    Task: {8bc86d5f-5453-4d79-b4f2-dac073199006} - no filepath
    Task: {9553b533-d4c8-4a4d-a7a9-beecf3652c25} - no filepath
    Task: {964ea2cc-52f0-4e92-957f-8c54d1145996} - no filepath
    Task: {9e5834c3-5a31-45d9-8652-74df9bb6aea7} - no filepath
    Task: {a687a4ff-47a3-4310-a426-fa53bba6280a} - no filepath
    Task: {d0815cd0-a575-4fde-82fb-9a3e8c9b4c24} - no filepath
    Task: {d7bc42e8-f1a0-44dd-a2e6-96ed36ff930f} - no filepath
    EmptyTemp:
    C:\Windows\Temp\*.*

    *****************

    Processes closed successfully.
    Error: (0) Failed to create a restore point.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{055121b2-0927-4254-af0a-4f668e39e469}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2cb54e1f-62d9-4c14-814c-955ef69c155b}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30bdde01-accc-4d79-8aa1-44749ff27256}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3369d6ed-ba7f-49d1-8833-d3a224675608}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3497e3f2-c9b7-425a-9fec-440c2225f44b}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3c2803c4-858e-4647-bcea-ae4e80f67684}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3d72d2b4-03b7-4849-ab88-a5fff70cf3ca}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5b49af16-6ab4-45fc-9d9d-dcd31eed3710}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5f143149-37b1-49a4-8891-7cd86fc9ae8b}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5f6a4b10-041d-4264-83bb-02eaed7bb197}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81d18dbf-731c-4226-8e85-44bda75e5bc7}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8bc86d5f-5453-4d79-b4f2-dac073199006}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9553b533-d4c8-4a4d-a7a9-beecf3652c25}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{964ea2cc-52f0-4e92-957f-8c54d1145996}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9e5834c3-5a31-45d9-8652-74df9bb6aea7}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{a687a4ff-47a3-4310-a426-fa53bba6280a}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d0815cd0-a575-4fde-82fb-9a3e8c9b4c24}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{d7bc42e8-f1a0-44dd-a2e6-96ed36ff930f}" => removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\af397ef28e484961ba48646a5d38cf54.db.ses => moved successfully
    C:\Windows\Temp\Application_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
    C:\Windows\Temp\AppxErrorReport_5A16D997-5D5F-0005-69FE-175A5F5DD601.txt => moved successfully
    Could not move "C:\Windows\Temp\CMcUploader.log" => Scheduled to move on reboot.
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200718-1858.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200718-2002.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-0400.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-0717.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1040.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1040a.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1220.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1222.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1224.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200719-1333.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-0618.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-0658.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-0717.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-1336.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-1627.log => moved successfully
    C:\Windows\Temp\DESKTOP-AT4C6NI-20200720-1710.log => moved successfully
    Could not move "C:\Windows\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
    Could not move "C:\Windows\Temp\FXSTIFFDebugLogFile.txt" => Scheduled to move on reboot.
    C:\Windows\Temp\mat-debug-2248.log => moved successfully
    C:\Windows\Temp\mat-debug-23712.log => moved successfully
    C:\Windows\Temp\Microsoft-Windows-AppReadiness_Admin_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
    C:\Windows\Temp\Microsoft-Windows-AppReadiness_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
    C:\Windows\Temp\Microsoft-Windows-AppXDeploymentServer_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
    C:\Windows\Temp\Microsoft-Windows-AppXPackaging_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
    C:\Windows\Temp\Microsoft-Windows-SettingSync_Debug_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
    C:\Windows\Temp\Microsoft-Windows-SettingSync_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
    C:\Windows\Temp\Microsoft-Windows-StateRepository_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
    C:\Windows\Temp\Microsoft-Windows-Store_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
    C:\Windows\Temp\Microsoft-Windows-WindowsUpdateClient_Operational_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
    C:\Windows\Temp\msedge_installer.log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20200718185851FF0).log => moved successfully
    C:\Windows\Temp\System_5A16D997-5D5F-0005-69FE-175A5F5DD601.evtx => moved successfully
    C:\Windows\Temp\TBitDefenderUpdaterThread.log => moved successfully
    C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully
    C:\Windows\Temp\{6B457D7E-C7CC-4F1C-86CD-9A732A356345} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{93A6158E-59C5-4C36-8FC5-19278C7412EA} - OProcSessId.dat => moved successfully
    C:\Windows\Temp\{BF8647EA-9769-4D5C-9EE2-F93EDB77DE2B} - OProcSessId.dat => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10248192 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20155403 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 3413162 B
    Edge => 3633430 B
    Chrome => 0 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 1124524 B
    systemprofile32 => 1124613 B
    LocalService => 1416017 B
    NetworkService => 1421939 B
    shumi => 52163186 B
    Brenda => 126690920 B
    Mike => 168470198 B
    Grandkids => 212668323 B
    defaultuser100000.DESKTOP-AT4C6NI.000 => 213299818 B

    RecycleBin => 0 B
    EmptyTemp: => 778 MB temporary data Removed.

    ================================

    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.6.0
    # -------------------------------
    # Build: 06-24-2020
    # Database: 2020-07-20.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 07-20-2020
    # Duration: 00:00:40
    # OS: Windows 10 Home
    # Scanned: 31837
    # Detected: 27


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
    PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
    PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
    PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    PUP.Optional.Legacy HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
    Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
    Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
    Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
    Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AGENT
    Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
    Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
    Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E014A58-DE32-42AD-AB9C-499813346BCA}
    Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E014A58-DE32-42AD-AB9C-499813346BCA}
    Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
    Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
    Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
    Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
    Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE
    Preinstalled.DellUpdateforWindows10 Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70E9F8CC-A23E-4C25-B292-C86C1821587C}



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


    # -------------------------------
    # Malwarebytes AdwCleaner 8.0.6.0
    # -------------------------------
    # Build: 06-24-2020
    # Database: 2020-07-20.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 07-20-2020
    # Duration: 00:00:02
    # OS: Windows 10 Home
    # Cleaned: 23
    # Failed: 4


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
    Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
    Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
    Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\S-1-5-21-4258859072-2134369477-3650907842-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AGENT
    Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT
    Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\AGENT
    Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SAREMEDIATION\PLUGIN
    Deleted Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
    Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E014A58-DE32-42AD-AB9C-499813346BCA}
    Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E014A58-DE32-42AD-AB9C-499813346BCA}
    Deleted Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
    Deleted Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
    Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files\DELL\UPDATE
    Deleted Preinstalled.DellUpdateforWindows10 Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70E9F8CC-A23E-4C25-B292-C86C1821587C}
    Not Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN
    Not Deleted Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT
    Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE
    Not Deleted Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [5115 octets] - [20/07/2020 19:40:08]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 7/20/20
    Scan Time: 8:01 PM
    Log File: b1b54a04-caed-11ea-a64e-a4bb6da79f09.json

    -Software Information-
    Version: 4.1.2.73
    Components Version: 1.0.979
    Update Package Version: 1.0.27127
    License: Trial

    -System Information-
    OS: Windows 10 (Build 18362.959)
    CPU: x64
    File System: NTFS
    User: DESKTOP-AT4C6NI\Mike

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 550104
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 1 min, 35 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •