lilmama59
Members-
Posts
6 -
Joined
-
Last visited
Reputation
0 Neutral-
TrustedInstaller removal~ what's the best way?
lilmama59 replied to lilmama59's topic in Resolved Malware Removal Logs
I'm sorry to say that the blocks are still there after all the hoops I jumped thru LOL... I still see this annoying icon when I want to change, or delete a file.. -
TrustedInstaller removal~ what's the best way?
lilmama59 replied to lilmama59's topic in Resolved Malware Removal Logs
Hi, sorry I haven't been around in the past few days... got sidetracked OK: To manage Passwords :- https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-and-import Next, Remove all synced data from Firefox to stop possible re-infection or exploitation. https://support.mozilla.org/en-US/questions/1037353 Those two I never have to worry because I don't save passwords in my FF and I don't have FF email to sync with anything so I 'm good Got the bookmarks squared away... After I get the FF removed and reinstalled... there's two add-ins I should be aware of...? uBlock-Origin can be installed from here: https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/ <<--- Recommended. Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ <<--- Recommended The first puzzled me, and I wondered if it's recommended or I don't have to use it? The second will be my best bet to use it in my browser I don't feel I'd need to use both.. one or the other would be enough for ME. -
TrustedInstaller removal~ what's the best way?
lilmama59 replied to lilmama59's topic in Resolved Malware Removal Logs
MALWAREBYTE: 1) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/4/21 Protection Event Time: 7:46 PM Log File: a9f2197e-4f08-11eb-84fb-705a0f2a33d7.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1130 Update Package Version: 1.0.35295 License: Trial -System Information- OS: Windows 10 (Build 18362.1256) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: PUP Domain: reimageplus.com IP Address: 161.47.7.14 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end) 2) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/4/21 Protection Event Time: 7:46 PM Log File: 95d25ced-4f08-11eb-8485-705a0f2a33d7.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1130 Update Package Version: 1.0.35295 License: Trial -System Information- OS: Windows 10 (Build 18362.1256) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: PUP Domain: reimageplus.com IP Address: 161.47.7.14 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end) From current scan today: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/6/21 Scan Time: 7:36 PM Log File: 98822930-5099-11eb-98b5-705a0f2a33d7.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1130 Update Package Version: 1.0.35357 License: Trial -System Information- OS: Windows 10 (Build 18362.1256) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 312072 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 6 min, 24 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) =========================================================== AdwCleaner: 1) # ------------------------------- # Malwarebytes AdwCleaner 8.0.8.0 # ------------------------------- # Build: 10-08-2020 # Database: 2020-12-21.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 01-05-2021 # Duration: 00:00:34 # OS: Windows 10 Home # Cleaned: 46 # Failed: 1 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\ProgramData\AVG_UPDATE_0117TB Deleted C:\ProgramData\AVG_UPDATE_0816TB Deleted C:\ProgramData\AVG_UPDATE_1016TB ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\APN PIP Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Deleted HKLM\Software\AVG Secure Search ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.EpsonCustomerResearchParticipation Folder C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Deleted Preinstalled.EpsonCustomerResearchParticipation Folder C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Deleted Preinstalled.EpsonCustomerResearchParticipation Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA} Deleted Preinstalled.HPCeement Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForLori Deleted Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE Deleted Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C} Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT INFORMATION Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Lori\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Lori\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{76272057-98E0-4DC4-AAC3-10C546C47195} Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52} Deleted Preinstalled.HPTouchpointAnalyticsClient Folder C:\Program Files\HP\HP TOUCHPOINT ANALYTICS CLIENT Deleted Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT Deleted Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} Deleted Preinstalled.HPWelcome Folder C:\Program Files\HEWLETT-PACKARD\HP WELCOME Deleted Preinstalled.HPWelcome Folder C:\ProgramData\HEWLETT-PACKARD\HP WELCOME Deleted Preinstalled.HPWelcome Folder C:\Users\Lori\AppData\Local\HEWLETT-PACKARD\HP WELCOME Deleted Preinstalled.HPWelcome Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HPWelcome Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-barbarians Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-cityofsteam Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-commandandconqueralliances Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-dinostorm Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-fringo Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-vegasworld Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-villagersandheroes Not Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [6881 octets] - [05/01/2021 20:17:24] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## 2) # ------------------------------- # Malwarebytes AdwCleaner 8.0.8.0 # ------------------------------- # Build: 10-08-2020 # Database: 2020-12-21.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 01-05-2021 # Duration: 00:00:28 # OS: Windows 10 Home # Scanned: 31930 # Detected: 47 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0117TB PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_0816TB PUP.Adware.Heuristic C:\ProgramData\AVG_UPDATE_1016TB ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy HKCU\Software\APN PIP PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} PUP.Optional.Legacy HKLM\Software\AVG Secure Search ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.EpsonCustomerResearchParticipation Folder C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Preinstalled.EpsonCustomerResearchParticipation Folder C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Preinstalled.EpsonCustomerResearchParticipation Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA} Preinstalled.HPCeement Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForLori Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C} Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT INFORMATION Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Users\Lori\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Users\Lori\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{76272057-98E0-4DC4-AAC3-10C546C47195} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52} Preinstalled.HPTouchpointAnalyticsClient Folder C:\Program Files\HP\HP TOUCHPOINT ANALYTICS CLIENT Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} Preinstalled.HPWelcome Folder C:\Program Files\HEWLETT-PACKARD\HP WELCOME Preinstalled.HPWelcome Folder C:\ProgramData\HEWLETT-PACKARD\HP WELCOME Preinstalled.HPWelcome Folder C:\Users\Lori\AppData\Local\HEWLETT-PACKARD\HP WELCOME Preinstalled.HPWelcome Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HPWelcome Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-barbarians Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-cityofsteam Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-commandandconqueralliances Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-dinostorm Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-fringo Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-vegasworld Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-villagersandheroes ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## Those two texts from AdwCleaner might be the same, but I'd rather be safe than sorry! Hope this helps -
TrustedInstaller removal~ what's the best way?
lilmama59 replied to lilmama59's topic in Resolved Malware Removal Logs
I could only download MWB 4.3.0 and although it was a free download it came off as "trial" 🤔 This is a weird setup.... But here are the MWB, the AdwCleaner and the logs from FRST app: (took me a while to figure out the AdwCleaner, but I hope I got the files quaranteed...) Oh, and BTW, after restarted after using the AdwCleaner, I tried to save the PNG file to my desktop, and again I got this 'permission' error: FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-01-2021 Ran by Lori (administrator) on LORIS-PC-2016 (HP 23-q214) (05-01-2021 20:31:38) Running from C:\Users\Lori\Downloads Loaded Profiles: Lori Platform: Windows 10 Home Version 1909 18363.1256 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Cambridge Silicon Radio Ltd. -> ) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\Youcam6_webcam_camera_video.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131064.inf_amd64_5d13f27a9a9843fa\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131064.inf_amd64_5d13f27a9a9843fa\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131064.inf_amd64_5d13f27a9a9843fa\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki131064.inf_amd64_5d13f27a9a9843fa\IntelCpHeciSvc.exe (Intel(R) Software Asset Manager -> Intel Corporation) C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe (Intel(R) Software Development Products -> ) C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe (Intel(R) Software Development Products -> Intel Corporation) C:\Program Files (x86)\Common Files\Intel\RSSDK\v4\bin\win32\notification_tool.exe (Intel(R) Software Development Products -> Intel(R) Corporation) C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <7> (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIVTE.EXE ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-06-28] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117352 2021-01-04] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2016-06-28] (Logitech -> Logitech, Inc.) HKLM\...\Run: [CsrHCRPServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) HKLM\...\Run: [CsrAudioguiCtrl] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) HKLM\...\Run: [CsrSyncMLServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-22] (Cambridge Silicon Radio Ltd. -> ) HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-10-01] (CyberLink Corp. -> CyberLink Corp.) HKLM-x32\...\Run: [Intel Privacy Notification Tool] => C:\Program Files (x86)\Common Files\Intel\RSSDK\v4\bin\win32\notification_tool.exe [8809160 2015-02-06] (Intel(R) Software Development Products -> Intel Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1310720 2020-02-10] (Seiko Epson Corporation) [File not signed] HKU\S-1-5-21-4228007683-1141738225-1575848267-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4228007683-1141738225-1575848267-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIVTE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) HKU\S-1-5-21-4228007683-1141738225-1575848267-1001\...\Run: [EPSDNMON] => "" HKLM\...\Print\Monitors\EPSON NX430 Series 64MonitorBA: C:\WINDOWS\system32\E_ILMHBA.DLL [120320 2011-04-20] (SEIKO EPSON CORPORATION) [File not signed] HKLM\...\Print\Monitors\EPSON XP-6100 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBVTE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation) HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed] HKLM\...\Print\Monitors\HCR Client Port Monitor: C:\WINDOWS\system32\csrportmon.dll [73416 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [432648 2015-07-10] (Microsoft Windows Hardware Compatibility Publisher -> HP) HKLM\Software\...\Authentication\Credential Providers: [{5355DA8C-FE32-49b4-A567-A67535C86592}] -> C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BLEtokenCredentialProvider.dll [2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) HKLM\Software\...\Authentication\Credential Providers: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-08-18] (CyberLink Corp. -> CyberLink) HKLM\Software\...\Authentication\Credential Provider Filters: [{FA076B7A-C331-48e2-9EE9-7683A553739E}] -> C:\Program Files (x86)\CyberLink\YouCam6\CLCredProv\x64\CLCredProv.dll [2015-08-18] (CyberLink Corp. -> CyberLink) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-07-21] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Inc. -> Webroot Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-07-21] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Inc. -> Webroot Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealSense Training.lnk [2015-11-30] ShortcutTarget: RealSense Training.lnk -> C:\Program Files (x86)\Intel\Intel RealSense Training F200\Intel RealSense F200 Tray\Intel RealSense F200 Tray.exe (Intel(R) Software Development Products -> ) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0229B55E-4F49-4281-9F7E-FA6EABFB26FC} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-10-11] (Avast Software s.r.o. -> Avast Software) Task: {030284DC-1BFC-4B8A-914E-47C78C4517BB} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1698000 2015-06-05] (Intel(R) Software -> Intel Corporation) Task: {076549A7-4084-4E33-BA8B-225B608C7AC1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {12EC784F-6688-4BAF-A16B-6FFEADB3D76F} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation) Task: {18D7F1EE-CA4A-4062-B2F8-0CE6859BEE5B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe Task: {1A71F805-EBB1-4AFD-8EB1-4862C175D577} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1285328 2015-06-05] (Intel(R) Software -> Intel Corporation) Task: {1B8EA02A-BB91-4370-8098-314C5BCBC326} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Lori\Downloads\adwcleaner_8.0.8.exe [8447152 2021-01-05] (Malwarebytes Inc -> Malwarebytes) Task: {1EEC99ED-0968-4381-9473-787D88E5A3B0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd) Task: {2259B0A4-6E0D-4E78-8B1B-3B511F86C532} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Corporation -> Microsoft Corporation) Task: {28A191FC-3C70-4DC8-886D-D4A330BBA84A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {2EA37342-3034-416A-8D53-BB6ECF6D2E6C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2021-01-04] (Avast Software s.r.o. -> AVAST Software) Task: {39B8BC8A-1C6A-49E4-97A2-9D1CA81777B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {3F74E2A6-AECA-4FA9-A134-1DA9EAA83583} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-19] (Microsoft Corporation -> Microsoft Corporation) Task: {4DFC645E-3A70-42DD-B421-5B5F84976E7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-06-22] (HP Inc. -> HP Inc.) Task: {543A3B98-9112-45C7-99D9-6722DAEE64DD} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Task: {60B482CF-F49D-4DA4-AD83-7FE6797EA504} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-31] (Mozilla Corporation -> Mozilla Foundation) Task: {62D68A27-BB24-481F-862A-2CCDF09FF7A0} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation) Task: {651299A9-614F-4029-8FBB-8C40AEF3DFC6} - System32\Tasks\{D11EBAC0-E521-4D28-95DD-31B2D3DC6ECE} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.29.80.101/en/abandoninstall?page=tsProgressBar Task: {7A6E2D4A-658A-427D-AA36-AF060EEAB64D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-31] (Microsoft Corporation -> Microsoft Corporation) Task: {7E48AE6B-945E-403E-BB87-351DC32CA6AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.) Task: {89D9513A-2916-4FC9-98DB-DA7ECAE1A9C2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1149336 2020-12-31] (Microsoft Corporation -> Microsoft Corporation) Task: {8DD96450-D59B-481B-8923-E2F8FCCF670C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {919C2468-21F2-4424-8BD4-9958A268F97E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [511344 2015-06-19] (Dropbox, Inc -> ) Task: {93B4C331-502D-4CDC-A093-5FB4D202BBB6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.) Task: {AAAAD55D-9FDB-49AF-BC59-1B15F083CA9F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd) Task: {AFC32CA4-9A80-4571-B590-CEFAF9D22266} - System32\Tasks\EPSON XP-6100 Series Update {38812D91-3318-4F74-A2EB-EC9CB28DB373} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSVTE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) Task: {B5B006F6-2437-411D-9729-8574C0FBED28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {C6BB359A-52CE-4E33-A715-58B5F492E31D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.) Task: {CE508E84-9EFF-4E7E-BFA1-7517DA3BF9D7} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515512 2015-08-18] (CyberLink Corp. -> CyberLink Corp.) Task: {CF617369-414B-43E7-A2AB-BD8DF6BB5C34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {D1CC5D49-1D68-4187-8120-A675B92A5351} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe Task: {D6C560E3-4788-42C3-BF09-2E28E0BCB416} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2020-12-31] (Microsoft Corporation -> Microsoft Corporation) Task: {E30D56C5-4BB8-4BB2-8145-ED0F5A6C16D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Update Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {EF231F15-932A-44DC-AD3A-3DA2656CAED0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\EPSON XP-6100 Series Update {38812D91-3318-4F74-A2EB-EC9CB28DB373}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSVTE.EXE:/EXE:{38812D91-3318-4F74-A2EB-EC9CB28DB373} /F:UpdateWORKGROUP\LORIS-PC-2016$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5fc94d55-a62f-4ac2-a475-9a3a89b9e248}: [DhcpNameServer] 192.168.1.1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge: ====== DownloadDir: C:\Users\Lori\Downloads Edge Profile: C:\Users\Lori\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-03] FireFox: ======== FF DefaultProfile: 4yvy2fzf.default-1519797131404 FF ProfilePath: C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4yvy2fzf.default-1519797131404 [2021-01-05] FF Notifications: Mozilla\Firefox\Profiles\4yvy2fzf.default-1519797131404 -> hxxps://politichatter.com FF Extension: (Facebook Container) - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4yvy2fzf.default-1519797131404\Extensions\@contain-facebook.xpi [2020-10-04] FF Extension: (Emoji Keyboard - Emojis For Firefox) - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4yvy2fzf.default-1519797131404\Extensions\@emojikeyboard.xpi [2019-09-01] FF Extension: (Cisco Webex Extension) - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4yvy2fzf.default-1519797131404\Extensions\ciscowebexstart1@cisco.com.xpi [2020-06-03] FF Extension: (Pinterest Save Button) - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4yvy2fzf.default-1519797131404\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2020-12-31] FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4yvy2fzf.default-1519797131404\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2020-12-31] FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\4yvy2fzf.default-1519797131404\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-12-15] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2020-04-25] [Legacy] [not signed] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-10-11] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @webex.com/npatgpc -> C:\Program Files (x86)\Webex\npatgpc.dll [2020-04-29] (Cisco WebEx LLC -> Cisco WebEx LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Lori\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-04-07] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [351848 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation) R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) R2 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2019-09-18] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.) S3 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-23] (Intel(R) Software Asset Manager -> Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-04] (Malwarebytes Inc -> Malwarebytes) R2 RealSenseDCM; C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe [3663512 2015-10-15] (Intel(R) Software Development Products -> Intel(R) Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-08-23] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WebexService; C:\Program Files (x86)\Webex\Webex\Applications\WebExService.exe [146240 2020-04-29] (Cisco WebEx LLC -> Cisco WebEx LLC) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-08-23] (Microsoft Windows Publisher -> Microsoft Corporation) S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X] S2 HPTouchpointAnalyticsService; "C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-01-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522480 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [469472 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216984 2021-01-04] (Avast Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326064 2021-01-04] (Avast Software s.r.o. -> AVAST Software) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-11] (Microsoft Corporation) [File not signed] R3 clwvd6; C:\WINDOWS\System32\drivers\clwvd6.sys [41704 2013-10-28] (CyberLink Corp. -> CyberLink Corporation) S3 CsrBtPort; C:\WINDOWS\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) S3 csrpan; C:\WINDOWS\System32\drivers\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) S3 csrserial; C:\WINDOWS\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) S3 csrusb; C:\WINDOWS\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) S3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-01-04] (Malwarebytes Corporation -> Malwarebytes) S3 fdrawcmd; C:\WINDOWS\system32\drivers\fdrawcmd.sys [33144 2010-04-24] (Simon Owen -> simonowen.com) R3 IntelDFUACPI; C:\WINDOWS\System32\drivers\IntelDFUACPI.sys [37888 2015-12-01] (Intel(R) Software Development Products -> Intel(R) Corporation) R3 IXCamera; C:\WINDOWS\system32\DRIVERS\RealSenseDCM.sys [72704 2015-10-15] (Intel(R) Software Development Products -> Intel(R) Corporation) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-04] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-05] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-05] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-01-04] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [139424 2021-01-05] (Malwarebytes Inc -> Malwarebytes) R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [302808 2015-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) S3 usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [49152 2019-03-18] (Microsoft Corporation) [File not signed] S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47496 2019-08-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344288 2019-08-23] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-08-23] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (All) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-05 20:31 - 2021-01-05 20:33 - 000032721 _____ C:\Users\Lori\Downloads\FRST.txt 2021-01-05 20:30 - 2021-01-05 20:32 - 000000000 ____D C:\FRST 2021-01-05 20:29 - 2021-01-05 20:29 - 002282496 _____ (Farbar) C:\Users\Lori\Downloads\FRST64.exe 2021-01-05 20:25 - 2021-01-05 20:25 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-01-05 20:25 - 2021-01-05 20:25 - 000139424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-01-05 20:25 - 2021-01-05 20:25 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-01-05 20:23 - 2021-01-05 20:23 - 000003172 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot 2021-01-05 20:14 - 2021-01-05 20:22 - 000000000 ____D C:\AdwCleaner 2021-01-05 20:14 - 2021-01-05 20:14 - 008447152 _____ (Malwarebytes) C:\Users\Lori\Downloads\adwcleaner_8.0.8.exe 2021-01-05 20:07 - 2021-01-05 20:07 - 002086424 _____ (Malwarebytes) C:\Users\Lori\Downloads\MBSetup(1).exe 2021-01-04 19:37 - 2021-01-04 19:37 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-01-04 19:37 - 2021-01-04 19:37 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-01-04 19:37 - 2021-01-04 19:37 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-01-04 19:37 - 2021-01-04 19:37 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-01-04 19:37 - 2021-01-04 19:37 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-01-04 19:37 - 2021-01-04 19:36 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-01-04 19:37 - 2021-01-04 19:36 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-01-04 19:36 - 2021-01-04 19:36 - 002086424 _____ (Malwarebytes) C:\Users\Lori\Downloads\MBSetup.exe 2021-01-04 19:32 - 2021-01-04 19:32 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-01-04 19:31 - 2021-01-04 19:32 - 002086424 _____ (Malwarebytes) C:\Users\Lori\Downloads\MBSetup-092170.092170-consumer.exe 2021-01-04 18:27 - 2021-01-04 18:27 - 000340576 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2021-01-04 18:27 - 2021-01-04 18:27 - 000216984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2021-01-03 21:47 - 2021-01-03 21:47 - 001505848 _____ (Adobe) C:\Users\Lori\Downloads\uninstall_flash_player.exe 2020-12-31 13:49 - 2020-12-31 13:49 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2020-12-31 13:49 - 2020-12-31 13:49 - 004295680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2020-12-31 13:49 - 2020-12-31 13:49 - 000944128 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2020-12-31 13:49 - 2020-12-31 13:49 - 000725504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll 2020-12-31 13:49 - 2020-12-31 13:49 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2020-12-31 13:49 - 2020-12-31 13:49 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe 2020-12-31 13:49 - 2020-12-31 13:49 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll 2020-12-31 13:49 - 2020-12-31 13:49 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2020-12-31 13:49 - 2020-12-31 13:49 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll 2020-12-31 13:49 - 2020-12-31 13:49 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\raserver.exe 2020-12-31 13:49 - 2020-12-31 13:49 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raserver.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 025445888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 022651392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 018038784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 008011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 007823920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 007761408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 007297536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 007008256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 006316032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 005906944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 005770856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 005099896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 005010432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 004855808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 004608000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 004546560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 004348936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 004129440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 003820032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 003694392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 003635712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 003506688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 003243096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 002948920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 002737152 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 002585592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 002495264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 002317016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 002263296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 002230240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 002045952 _____ C:\WINDOWS\system32\rdpnano.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001996800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001842368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001693696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001615360 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001491160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001421408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001419328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 001344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001272160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 001151840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001108384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001098728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 001057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000987136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000952432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000894032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000881152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000852992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000843264 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000784016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000775480 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000699864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CMFNVSDeviceBridge.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000516536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000473592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000453944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000406992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000405928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000379720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000366184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000345568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000300704 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AnalogShell.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2020-12-31 13:48 - 2020-12-31 13:48 - 000211280 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000200008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wecsvc.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000193608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000190056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2020-12-31 13:48 - 2020-12-31 13:48 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\net1.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000172352 _____ (Microsoft Corporation) C:\WINDOWS\system32\PktMon.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000171008 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys 2020-12-31 13:48 - 2020-12-31 13:48 - 000166936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpcsp.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\net1.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000136344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000135280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netid.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbnetlib.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbnetlib.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wecutil.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl 2020-12-31 13:48 - 2020-12-31 13:48 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcfgutils.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000097088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PktMon.sys 2020-12-31 13:48 - 2020-12-31 13:48 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000093512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcXtrnal.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2020-12-31 13:48 - 2020-12-31 13:48 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wecapi.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000077128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wecutil.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unenrollhook.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wecapi.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmlocalmanagement.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gmsaclient.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000021320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcXtrnal.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe 2020-12-31 13:48 - 2020-12-31 13:48 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2020-12-31 13:48 - 2020-12-31 13:48 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth14.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth13.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin 2020-12-31 13:48 - 2020-12-31 13:48 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2020-12-31 13:47 - 2020-12-31 13:47 - 009925960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 007604592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 007274832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 006526976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 006438400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 006071392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 005003824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 004565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 004032776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 003811328 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 003761664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 003741520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 003374808 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 002993480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 002799616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 002777712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 002776200 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 002695504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 002564608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 002307072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 002092336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 002023424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001998936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001991608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001957528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001950256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001916760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001859072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001835520 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001756600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2020-12-31 13:47 - 2020-12-31 13:47 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001743688 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001698816 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001673568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001668336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001666560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001665192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001653808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001647616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001565504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001513360 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 001480512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001393968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001385472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001370112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001366144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2020-12-31 13:47 - 2020-12-31 13:47 - 001307448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001259720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001182248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 001170976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001154968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001101312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001053120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001048992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 001022264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000952320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000942104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000899736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000893632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000889424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000867840 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000851768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000833336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000797976 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000793840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputHost.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000767984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000752040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000680248 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000677088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000634880 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000606208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000592936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000586552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000551624 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000543360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000537656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000535064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000531472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000527336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000518464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000512512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000480344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000477512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2020-12-31 13:47 - 2020-12-31 13:47 - 000467944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000461128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000456080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000431944 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000398656 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000389952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000375520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000372552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000323904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\RASMM.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000260304 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000247880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000225104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000222536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000188216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000179528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\netid.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\diskpart.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000165176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000164792 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000161648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000149304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ulib.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000144152 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000135280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000132424 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000127576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\btpanui.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPolEng.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\btpanui.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000108872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcfgutils.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPolEng.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl 2020-12-31 13:47 - 2020-12-31 13:47 - 000101704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingFilterDS.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000094024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManagerApi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000092424 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000090944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000089344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000072824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmlocalmanagement.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000059392 _____ C:\WINDOWS\system32\runexehelper.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\amsi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskSchdPS.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmpostprocessevaluator.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000051632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gmsaclient.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcicda.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TaskSchdPS.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys 2020-12-31 13:47 - 2020-12-31 13:47 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2020-12-31 13:47 - 2020-12-31 13:47 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000024792 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciwave.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciseq.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000020144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsregtask.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\localui.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2020-12-31 13:47 - 2020-12-31 13:47 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt 2020-12-31 13:46 - 2020-12-31 13:47 - 006196736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 017790976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 007913776 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 007846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 006233088 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 005284328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 004685120 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 004471296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 004140544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 004005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 003735552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 003728384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 003581240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 003387904 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 003265024 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 003136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002985472 _____ (Microsoft Corporation) C:\WINDOWS\system32\FluencyDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002872320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002712576 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 002656768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002525184 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002505496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002481664 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002466296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002302976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002297856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002261848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002125416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 002073088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001968128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001952768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001943552 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001834296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001816528 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001786368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001766400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001751552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001746240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001742848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001656920 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001607680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001489408 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 001413728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001385704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001286576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 001285448 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsf3gip.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001152336 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputHost.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001150272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001096704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001083696 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001029960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 001017656 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 001014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000919336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000875424 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000804168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000737792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000733000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000716312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000683848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000642008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000612584 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000598576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000589408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxAPDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxHAPDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtCangjieDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000458056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtBopomofoDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtHkStrokeDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsStrokeDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtQuickDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000425056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000415816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxDecoder.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000363128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000293176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ManageCI.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000214848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskpart.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.CredentialProvider.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000180024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\trie.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.System.UserProfile.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFFuzzyDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000147728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdvancedEmojiDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\VocabRoamingHandler.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwmdmcsp.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000127080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerApi.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxranker.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000117064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFSpellcheckDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\HashtagDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000104256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtAdvancedDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFAppServiceDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuleBasedDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpnUserService.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000088376 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpninputrouter.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\amsi.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\watchdog.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransliterationRanker.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmojiDS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcicda.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\devauthe.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2020-12-31 13:46 - 2020-12-31 13:46 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciwave.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciseq.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregtask.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll 2020-12-31 13:46 - 2020-12-31 13:46 - 000016144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys 2020-12-31 13:46 - 2020-12-31 13:46 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\amsiproxy.dll 2020-12-31 13:32 - 2020-12-31 13:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2020-12-31 13:23 - 2020-12-31 13:24 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2020-12-31 13:23 - 2020-12-31 13:24 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2020-12-31 13:09 - 2020-12-31 13:09 - 006244920 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2020-12-15 19:24 - 2020-12-15 19:52 - 000000000 ____D C:\Users\Lori\Desktop\Dr Gower ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-05 20:32 - 2019-08-23 03:26 - 000935056 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-01-05 20:32 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-01-05 20:32 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF 2021-01-05 20:31 - 2016-06-28 21:37 - 000000000 ____D C:\Users\Lori\Documents\YouCam 2021-01-05 20:28 - 2020-03-24 13:05 - 000000000 ____D C:\Users\Lori\AppData\Roaming\Messenger 2021-01-05 20:28 - 2019-02-02 23:01 - 000000000 ____D C:\ProgramData\Mozilla 2021-01-05 20:28 - 2018-01-21 08:58 - 000000000 ____D C:\Program Files\CCleaner 2021-01-05 20:28 - 2018-01-16 21:42 - 000000000 ____D C:\Users\Lori\AppData\Local\AVAST Software 2021-01-05 20:27 - 2016-11-19 10:38 - 000000000 ____D C:\Users\Lori\AppData\LocalLow\Mozilla 2021-01-05 20:26 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-01-05 20:26 - 2016-06-28 21:36 - 000000000 __SHD C:\Users\Lori\IntelGraphicsProfiles 2021-01-05 20:24 - 2019-08-23 03:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-01-05 20:24 - 2019-03-18 20:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-01-05 20:23 - 2019-11-11 14:29 - 000000000 ____D C:\Program Files\EPSON 2021-01-05 20:23 - 2017-12-09 15:28 - 000000000 ____D C:\ProgramData\AVAST Software 2021-01-05 20:23 - 2017-11-25 19:32 - 000000000 ____D C:\ProgramData\HP 2021-01-05 20:23 - 2017-08-01 22:28 - 000000000 ____D C:\ProgramData\EPSON 2021-01-05 20:23 - 2016-06-28 21:39 - 000000000 ____D C:\Users\Lori\AppData\Roaming\Hewlett-Packard 2021-01-05 20:23 - 2016-06-28 21:39 - 000000000 ____D C:\Users\Lori\AppData\Local\Hewlett-Packard 2021-01-05 20:23 - 2015-11-30 17:28 - 000000000 ____D C:\Program Files\HP 2021-01-05 20:23 - 2015-11-30 17:24 - 000000000 ____D C:\ProgramData\Hewlett-Packard 2021-01-05 20:23 - 2015-11-30 17:23 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard 2021-01-05 20:23 - 2015-11-24 18:08 - 000000000 _RSHD C:\hp 2021-01-05 20:22 - 2015-11-30 17:24 - 000000000 ____D C:\Program Files\Hewlett-Packard 2021-01-05 20:14 - 2019-08-23 03:32 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{2FD3278C-58E1-46E2-A4FD-4E1B420984D3} 2021-01-05 19:50 - 2019-08-23 03:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-01-04 19:37 - 2019-03-18 20:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-01-04 19:13 - 2019-11-11 14:48 - 000000947 _____ C:\WINDOWS\Tasks\EPSON XP-6100 Series Update {38812D91-3318-4F74-A2EB-EC9CB28DB373}.job 2021-01-04 19:12 - 2020-07-19 15:41 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-01-04 19:12 - 2020-07-19 15:41 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-01-04 19:12 - 2019-11-11 14:48 - 000003500 _____ C:\WINDOWS\system32\Tasks\EPSON XP-6100 Series Update {38812D91-3318-4F74-A2EB-EC9CB28DB373} 2021-01-04 19:12 - 2019-08-23 03:32 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-01-04 19:12 - 2019-08-23 03:32 - 000003042 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2021-01-04 19:12 - 2019-08-23 03:32 - 000003040 _____ C:\WINDOWS\system32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec 2021-01-04 19:12 - 2019-08-23 03:32 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-01-04 19:12 - 2019-08-23 03:32 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4228007683-1141738225-1575848267-1001 2021-01-04 19:12 - 2019-08-23 03:32 - 000002674 _____ C:\WINDOWS\system32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon 2021-01-04 19:12 - 2019-08-23 03:32 - 000002490 _____ C:\WINDOWS\system32\Tasks\YCMServiceAgent 2021-01-04 19:12 - 2019-08-23 03:32 - 000002242 _____ C:\WINDOWS\system32\Tasks\{D11EBAC0-E521-4D28-95DD-31B2D3DC6ECE} 2021-01-04 19:12 - 2019-08-23 03:32 - 000002220 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-01-04 19:12 - 2019-08-23 03:32 - 000002172 _____ C:\WINDOWS\system32\Tasks\DropboxOEM 2021-01-04 19:12 - 2019-08-23 03:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2021-01-04 18:28 - 2019-08-23 03:32 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2021-01-04 18:27 - 2020-10-13 23:48 - 000176384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2021-01-04 18:27 - 2020-04-26 03:07 - 000522480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys 2021-01-04 18:27 - 2019-01-19 02:26 - 000332880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2021-01-04 18:27 - 2019-01-05 10:17 - 000247888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2021-01-04 18:27 - 2019-01-05 10:17 - 000097360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2021-01-04 18:27 - 2019-01-05 10:17 - 000036792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2021-01-04 18:27 - 2018-10-10 23:00 - 000042424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2021-01-04 18:27 - 2018-07-06 18:10 - 000016832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys 2021-01-04 18:27 - 2017-12-09 15:33 - 000851256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2021-01-04 18:27 - 2017-12-09 15:33 - 000469472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2021-01-04 18:27 - 2017-12-09 15:33 - 000326064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2021-01-04 18:27 - 2017-12-09 15:33 - 000208672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2021-01-04 18:27 - 2017-12-09 15:33 - 000108928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2021-01-04 18:27 - 2017-12-09 15:33 - 000084496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2021-01-03 21:56 - 2017-12-04 20:54 - 000000000 ___RD C:\Users\Lori\3D Objects 2021-01-03 21:56 - 2016-04-26 22:39 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-01-03 21:53 - 2020-12-02 16:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2021-01-03 21:53 - 2019-08-23 03:14 - 000448312 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-01-03 21:53 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2021-01-03 21:53 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\Macromed 2021-01-03 21:53 - 2016-06-28 22:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-01-03 21:51 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\TextInput 2021-01-03 21:51 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-01-03 21:51 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-01-03 21:51 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SystemResources 2021-01-03 21:51 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\setup 2021-01-03 21:51 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-01-03 21:51 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-01-03 21:51 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-01-03 21:50 - 2019-03-18 20:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-01-03 21:50 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-01-03 21:50 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-01-03 21:50 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-01-03 21:50 - 2019-03-18 20:52 - 000000000 ____D C:\Program Files\Windows Defender 2021-01-03 21:50 - 2019-03-18 20:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-01-03 21:48 - 2016-06-28 21:36 - 000000000 ____D C:\Users\Lori\AppData\Roaming\Adobe 2020-12-31 15:17 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-12-31 13:58 - 2020-08-25 22:49 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2020-12-31 13:58 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-12-31 13:56 - 2016-06-29 02:27 - 000000000 ____D C:\WINDOWS\system32\MRT 2020-12-31 13:55 - 2016-06-29 02:27 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2020-12-31 13:46 - 2019-08-23 03:17 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2020-12-31 13:31 - 2016-06-28 22:03 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-12-31 13:27 - 2020-07-19 15:41 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2020-12-31 13:16 - 2019-08-23 03:20 - 000002371 _____ C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-12-31 13:16 - 2016-06-28 21:39 - 000000000 ___RD C:\Users\Lori\OneDrive 2020-12-31 13:16 - 2015-11-30 17:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2020-12-31 13:09 - 2020-10-19 21:21 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2020-12-31 13:09 - 2020-10-19 21:21 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2020-12-15 19:17 - 2016-11-27 11:01 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======== 2016-07-21 20:53 - 2016-07-21 20:53 - 012964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== ADDITIONAL TEXT: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021 Ran by Lori (05-01-2021 20:35:33) Running from C:\Users\Lori\Downloads Windows 10 Home Version 1909 18363.1256 (X64) (2019-08-23 11:33:20) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4228007683-1141738225-1575848267-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4228007683-1141738225-1575848267-503 - Limited - Disabled) Guest (S-1-5-21-4228007683-1141738225-1575848267-501 - Limited - Disabled) Lori (S-1-5-21-4228007683-1141738225-1575848267-1001 - Administrator - Enabled) => C:\Users\Lori WDAGUtilityAccount (S-1-5-21-4228007683-1141738225-1575848267-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 4.4 (HKLM-x32\...\{17CEAB50-0275-4D5E-9C11-CF2963C59FA1}) (Version: 4.4.6.2295 - Open Media LLC) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated) Angel Sound (HKLM-x32\...\{8C8FC4CE-542B-48AA-9804-539A0018C419}) (Version: 5.08.03 - ) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software) BabyLock Sampler Pack (HKLM-x32\...\BabyLock Sampler Pack) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform) Cisco Webex Meetings (HKLM-x32\...\{C3900048-3967-4A30-9ACF-D50E9FEB5A48}) (Version: 40.2.18.5 - Cisco Webex LLC) CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.) CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) Hidden CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.) CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5801 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) Hidden CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4419 - CyberLink Corp.) Designer's Gallery ColorWorks (HKLM-x32\...\{EA32F7BA-60B7-43EE-AFDE-95B1CAC0B459}) (Version: - ) Designer's Gallery Studio (HKLM-x32\...\{5B466707-08E2-4FC3-8FE6-A8C07EB525BC}) (Version: - ) Designer's Gallery Studio III Version 3.12 (HKLM-x32\...\{1B2A0C4F-27FD-44E2-8BEB-C3E2139C4C18}_is1) (Version: - BriTon Leap, Inc.) Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.) Easy Photo Scan (HKLM-x32\...\{9E3F2EC3-7E4F-4F20-A56F-7A24D6E3D39B}) (Version: 1.00.0017 - Seiko Epson Corporation) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{DBC38C08-9FB5-43A5-B6BA-EB10AC7DA570}) (Version: 3.11.0053 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.50.00 - Seiko Epson Corporation) Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation) Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.2.0 - Seiko Epson Corporation) Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation) EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.) Epson ScanSmart (HKLM-x32\...\{BF35B9D9-C4A1-40DD-B13C-46F35BD35282}) (Version: 3.5.2 - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation) EPSON XP-6100 Series Printer Uninstall (HKLM\...\EPSON XP-6100 Series) (Version: - Seiko Epson Corporation) Epson XP-6100 User’s Guide (HKLM-x32\...\UsersGuideEpson XP-6100 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP) HP ESU for Microsoft Windows 10 (HKLM-x32\...\{94D0EB60-8B2F-4A80-BA74-3D312434415F}) (Version: 11.2.2 - HP) InPixio Photo Clip 8 Demo (HKLM-x32\...\{9F45A8A5-0487-4aa6-A67E-46E103C927AD}) (Version: 8.00 - InPixio) Intel RealSense Training (HKLM-x32\...\Intel RealSense Training) (Version: 1.16 - Intel) Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6446 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation) Intel(R) WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation) Intel(R) WiDi Software Asset Manager (HKLM-x32\...\{86905E62-645F-482E-A417-82C812ABD787}) (Version: 1.1.383 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{64FD4757-7186-4F12-9AA8-5EE809CAB282}) (Version: 17.1.1532.1814 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation) Intel® RealSense™ Depth Camera Manager Beta (x86): dptf_com (HKLM-x32\...\{C982EA5E-7331-11E5-ABE7-2C44FD873B55}) (Version: 2.2.0.52404 - Intel Corporation) Hidden Intel® RealSense™ Depth Camera Manager F200 (HKLM-x32\...\ARP_for_prd_dcm_runtime_1.4.27.52404) (Version: 1.4.27.52404 - Intel Corporation) Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ 3D camera IO module (HKLM-x32\...\{6C1D3280-7332-11E5-AD4E-2C44FD873B55}) (Version: 1.4.27.52404 - Intel Corporation) Hidden Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ Depth Camera Manager Service (HKLM-x32\...\{6C1D3280-7332-11E5-B485-2C44FD873B55}) (Version: 1.4.27.52404 - Intel Corporation) Hidden Intel® RealSense™ SDK 2014 Runtime (x86): Core (HKLM-x32\...\{AD1C5601-1C83-41CB-A670-7F02C1D0E72A}) (Version: 4.0.0.52526 - Intel Corporation) Hidden Intel® RealSense™ SDK 2014 Runtime (x86): Face Tracking (HKLM-x32\...\{F6B28FF3-A81A-43FC-97D3-5D0F4B69FCF9}) (Version: 4.0.0.52526 - Intel Corporation) Hidden Intel® RealSense™ SDK 2014 Runtime (x86): Face Tracking: Models (HKLM-x32\...\{657FF393-C977-470E-B1C5-8235393D3C5E}) (Version: 4.0.0.52526 - Intel Corporation) Hidden Intel® RealSense™ SDK 2014 Runtime (x86): Hand Tracking (HKLM-x32\...\{1DA11DE3-2EC9-4DB5-9254-7644AC527476}) (Version: 4.0.0.52526 - Intel Corporation) Hidden Intel® RealSense™ SDK 2014 Runtime (x86): Hand Tracking: Models (HKLM-x32\...\{00BD3B4C-3D89-42EA-9E2A-14BFC9A1E3C9}) (Version: 4.0.0.52526 - Intel Corporation) Hidden Intel® RealSense™ SDK 2014 Runtime (x86): User Notification Tool files and components (HKLM-x32\...\{D7210241-908A-487E-91C1-6E0E9766CC39}) (Version: 4.0.0.52526 - Intel Corporation) Hidden Intel® RealSense™ SDK 2014 Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_v4_4.0.0.112526) (Version: 4.0.0.112526 - Intel Corporation) Intel® RealSense™ SDK Runtime (HKLM-x32\...\ARP_for_prd_rs_sdk_runtime_v6_6.0.21.6598) (Version: 6.0.21.6598 - Intel Corporation) Intel® RealSense™ SDK Runtime Gold (x86): Core (HKLM-x32\...\{EC8ABDF0-358B-11E5-82EB-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden Intel® RealSense™ SDK Runtime Gold (x86): Data Collector (HKLM-x32\...\{E3A02E00-358B-11E5-81F8-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking (HKLM-x32\...\{D74B980F-358B-11E5-B6FE-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden Intel® RealSense™ SDK Runtime Gold (x86): Hand Tracking: Models (HKLM-x32\...\{ED5C65CF-358B-11E5-9F51-2C44FD873B55}) (Version: 6.0.21.6598 - Intel Corporation) Hidden Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13426.20404 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - ) Microsoft OneDrive (HKU\S-1-5-21-4228007683-1141738225-1575848267-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23019 (HKLM-x32\...\{2883cce3-040d-45b1-a27a-07934a6d47ec}) (Version: 14.0.23019.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation) Mozilla Firefox 84.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.1 (x64 en-US)) (Version: 84.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 84.0.1.7660 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13426.20404 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.29090 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.) SewIconz (HKLM\...\{D0E57EDD-E52F-49C2-91F8-38662C25B0E5}) (Version: 1.8.8 - S & S Computing) SewWhat-Pro (HKLM\...\{00A96433-8D50-416D-B023-579690127FDA}) (Version: 4.3.6 - S & S Computing) Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.) Zoom (HKU\S-1-5-21-4228007683-1141738225-1575848267-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.) Packages: ========= Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-20] (Amazon.com) Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-10] (Autodesk Inc.) Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_830.5.128.0_x64__8xx8rvfyw5nnt [2020-12-31] (Facebook Inc) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-24] (Microsoft Studios) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.) Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-05-16] (Adobe Systems Incorporated) Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.0.46.0_x64__kx24dqmazqk8j [2020-12-02] (Random Salad Games LLC) Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.0.0.0_x64__kx24dqmazqk8j [2020-12-15] (Random Salad Games LLC) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4228007683-1141738225-1575848267-1001_Classes\CLSID\{B065276E-D509-4005-A891-1805713D61E3}\InprocServer32 -> C:\Program Files\S & S Computing\SewIconz\IconExt\EmbIconExt.dll (S and S Computing -> S & S Computing) CustomCLSID: HKU\S-1-5-21-4228007683-1141738225-1575848267-1001_Classes\CLSID\{B065276E-D509-4005-A891-1805713D61E4}\InprocServer32 -> C:\Program Files\S & S Computing\SewIconz\IconExt\EmbIconExt.dll (S and S Computing -> S & S Computing) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-04] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-04] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-04] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-04] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-04] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki131064.inf_amd64_5d13f27a9a9843fa\igfxDTCM.dll [2019-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-04] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-04] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Lori\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square ==================== Loaded Modules (Whitelisted) ============= 2019-08-23 04:03 - 2019-08-23 04:03 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL 2019-08-23 04:03 - 2019-08-23 04:03 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL 2015-12-11 16:14 - 2015-12-11 16:14 - 004968448 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files\EpsonNet\EpsonNet Print\ENSTRMAPIe.dll 2011-04-19 23:03 - 2011-04-20 06:03 - 000120320 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_ILMHBA.DLL 2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-4228007683-1141738225-1575848267-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE HKU\S-1-5-21-4228007683-1141738225-1575848267-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE SearchScopes: HKLM -> {A7777384-5073-482B-B440-6EE162F4143B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {A7777384-5073-482B-B440-6EE162F4143B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-4228007683-1141738225-1575848267-1001 -> {A7777384-5073-482B-B440-6EE162F4143B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-10-11] (Microsoft Corporation -> Microsoft Corporation) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-15] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-15] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-15] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-15] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-19] (Skype Technologies SA -> Skype Technologies) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 03:04 - 2019-01-03 23:47 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4228007683-1141738225-1575848267-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lori\Desktop\saved pics\saudisunset.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "EEventManager" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{EADF8AE3-895D-4ABA-B2CC-6FCEAA93D2B6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [{D63C1068-BDD4-4BB5-9F8C-AEB475D36144}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{ED4BF06F-3A20-40B3-9F19-8BBF8806CE76}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{E13658C7-3E22-4B77-8D5E-4B3A7E59AC08}] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Seiko Epson Corporation) [File not signed] FirewallRules: [{65020E0B-FE12-4781-95B4-449CF6F2BD63}] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Seiko Epson Corporation) [File not signed] FirewallRules: [UDP Query User{E77CE968-FF37-4A78-8D19-06ED1882E28F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Seiko Epson Corporation) [File not signed] FirewallRules: [TCP Query User{DB08C49D-6C04-436D-A162-302A78A9F206}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Seiko Epson Corporation) [File not signed] FirewallRules: [{F9448A10-190C-426B-8B5F-0064BCF4846B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{EF90504B-68DE-4BF0-A643-7A53C5F9D57F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2C35D708-0DDB-450D-909E-6B207851BD4F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D6AD89BB-AD00-4EBC-9563-60324D7C26D0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{26BBA07C-371A-41CA-8987-F36D30A9B518}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE => No File FirewallRules: [{8A049967-C9D2-4BAB-A331-0980EAAE4B5B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{50C83094-399D-417D-B01C-036CF1563747}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink) FirewallRules: [{3DF37A9B-5156-41F6-B377-CFA54FAF76CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{DABE66B7-2018-4ABF-895B-6FFCEA919EFF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{EF9FA0E8-0B75-4F64-80AB-FD5D9DD13418}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{BFD23C28-BE5B-4153-8A2A-23BE40FAB844}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe => No File FirewallRules: [{AA4EB704-1F33-4150-8620-291B24713888}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe => No File FirewallRules: [{208E94FB-5CA5-41F5-AAFD-9AC5AE45ED33}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe => No File FirewallRules: [{D99BC69B-730C-4A67-BFBB-A11DE0E5FC05}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe => No File FirewallRules: [{8076C082-530C-4519-836A-18FA5B7E590F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E550CA19-9240-4937-8C4B-93309159A997}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3B6FE0F7-14F2-44A9-905B-C626EA056D76}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File FirewallRules: [{C4DA171A-5DFB-425F-A60A-626B706E6375}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File FirewallRules: [TCP Query User{2C30E041-1482-40EC-AE86-1C05733743DD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{66AC5714-66C1-4214-B38D-E471E351A14C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{21BB9FAC-9E27-4B37-A38E-C8778EEAFF8F}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File FirewallRules: [{3623BE65-3664-4B50-AAC6-14F1503ED5FC}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed] FirewallRules: [{DEB85A22-2064-4B45-B0CF-F579ED7CBB6F}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [File not signed] FirewallRules: [{170FA79D-036B-44BD-AEB1-B4D2212B7981}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe => No File FirewallRules: [{9A8FABD3-5333-4011-8718-5AD3EF9F3B91}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe => No File FirewallRules: [{AA1D3B5F-36AE-45C1-B4F2-46CF670F3FF9}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed] FirewallRules: [{8EC68AB5-36EE-4BA8-80D3-E7028A82F67C}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed] FirewallRules: [TCP Query User{A4628DBF-E5D0-4623-BC8E-50DE1345B930}C:\program files\windowsapps\facebook.317180b0bb486_420.7.119.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Block) C:\program files\windowsapps\facebook.317180b0bb486_420.7.119.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File FirewallRules: [UDP Query User{095EBDD2-64CE-4BEE-839C-CE8ED795B659}C:\program files\windowsapps\facebook.317180b0bb486_420.7.119.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Block) C:\program files\windowsapps\facebook.317180b0bb486_420.7.119.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File FirewallRules: [TCP Query User{FB2ACA28-4F4D-4A4F-953F-9230B7542A29}C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File FirewallRules: [UDP Query User{57F11F6B-5E4A-41FF-B96C-6288E2BD25B8}C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File FirewallRules: [TCP Query User{0AD40F03-B186-44EA-BC47-ABD47BA488E2}C:\program files\windowsapps\facebook.317180b0bb486_500.5.130.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Block) C:\program files\windowsapps\facebook.317180b0bb486_500.5.130.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File FirewallRules: [UDP Query User{7632DAA6-4947-44CD-B922-4326456DAE52}C:\program files\windowsapps\facebook.317180b0bb486_500.5.130.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Block) C:\program files\windowsapps\facebook.317180b0bb486_500.5.130.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File FirewallRules: [{C78C3D00-FF11-44CF-9D43-7F496AF936F6}] => (Allow) C:\Users\Lori\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{E184239F-6728-482F-83F6-6F6C15F17ECB}] => (Allow) C:\Users\Lori\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{97A74C19-BB34-48D3-95DB-7BA8B09D31C3}] => (Allow) C:\Users\Lori\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [TCP Query User{F5EC0AF7-09D0-4A2F-AB05-103773F36DB5}C:\program files\windowsapps\facebook.317180b0bb486_780.5.114.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_780.5.114.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File FirewallRules: [UDP Query User{42A5F2BF-8637-417A-81FF-8D21B7BEB004}C:\program files\windowsapps\facebook.317180b0bb486_780.5.114.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_780.5.114.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File FirewallRules: [{945B924A-DA00-4966-A110-C0347B40EF00}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 31-12-2020 13:23:04 Windows Update 05-01-2021 20:22:20 AdwCleaner_BeforeCleaning_05/01/2021_20:22:20 ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (01/05/2021 08:37:39 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3512,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2021 08:24:02 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (01/05/2021 08:24:02 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (01/05/2021 08:24:01 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (01/05/2021 08:24:01 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (01/05/2021 08:19:14 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (13364,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2021 08:12:07 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (2272,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2021 08:01:56 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (14524,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. System errors: ============= Error: (01/05/2021 08:27:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Touchpoint Analytics service failed to start due to the following error: The system cannot find the file specified. Error: (01/05/2021 08:25:25 PM) (Source: BTHUSB) (EventID: 16) (User: ) Description: The mutual authentication between the local Bluetooth adapter and a device with Bluetooth adapter address (68:5a:cf:b6:18:9b) failed. Error: (01/05/2021 08:25:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The EpsonCustomerResearchParticipation service failed to start due to the following error: The system cannot find the file specified. Error: (01/05/2021 08:24:28 PM) (Source: Application Popup) (EventID: 56) (User: ) Description: ACPI5 Error: (01/05/2021 08:24:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\IntelIHVRouter04.dll Error: (01/05/2021 08:24:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\IntelIHVRouter04.dll Error: (01/05/2021 08:23:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\WINDOWS\system32\IntelIHVRouter04.dll Error: (01/05/2021 08:23:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2019-08-25 00:01:18.674 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/CoinHive.A&threatid=2147729066&enterprise=0 Name: Trojan:JS/CoinHive.A ID: 2147729066 Severity: Severe Category: Trojan Path: file:_C:\ProgramData\AVAST Software\Avast\report\WebShield.txt Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe Security intelligence Version: AV: 1.299.2771.0, AS: 1.299.2771.0, NIS: 1.299.2771.0 Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1 CodeIntegrity: =================================== Date: 2021-01-05 20:31:49.233 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-01-05 20:31:49.213 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-01-05 20:31:49.185 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-01-05 20:30:41.881 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\setup\uat_3384.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2021-01-05 20:26:35.579 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2021-01-05 20:26:35.554 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2021-01-05 20:26:34.606 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2021-01-05 20:26:34.583 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: AMI A0.06 12/24/2015 Motherboard: HP 2B45 Processor: Intel(R) Core(TM) i3-6100T CPU @ 3.20GHz Percentage of memory in use: 57% Total physical RAM: 8052.34 MB Available physical RAM: 3442.58 MB Total Virtual: 14465.89 MB Available Virtual: 9806.74 MB ==================== Drives ================================ Drive 😄 (Windows) (Fixed) (Total:909.34 GB) (Free:832.58 GB) NTFS Drive d: (Recovery Image) (Fixed) (Total:20.88 GB) (Free:2.69 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{4dbfc245-6c45-49b9-9819-7865e125a711}\ () (Fixed) (Total:0.81 GB) (Free:0.37 GB) NTFS \\?\Volume{838e1644-4804-4593-8331-308742b12af2}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.27 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: AC914425) Partition: GPT. ==================== End of Addition.txt ======================= -
TrustedInstaller removal~ what's the best way?
lilmama59 replied to lilmama59's topic in Resolved Malware Removal Logs
PS.. there has to be a way to edit my OP... I have Windows 10 if anyone wants to know.... -
I've tried to take back control of permissions of my own computer and I'm its administrator as well. All was well until I tried to delete a file and noticed "TrustedInstaller" in the error message denying my access to delete a file. So I've tried to change permissions, but I was missing one part of the change that doesn't allow to me fully change. So while I researched a way to remove TrustedInstaller, I found out it was a malware??? Thinking back, I realized I was missing Malwarebyte app on my desktop and don't remember uninstalling it. I don't use my computer as much~ once or twice a month. And I was wondering why my computer was slightly slow in the past month or so. I also have the CCleaner app as well as Avast Antivirus. After I reinstalled Malwarebyte, I scanned my computer, and TrustedInstaller did not pop out as a malware. (However, I tried to locate the TrustedInstaller via the C drive, did NOT show up at all!) Very strange as I've noticed that my permissions were not allowing me access to any files in the past month or so. I went to this website Reimage to talk about removing TrustedInstaller by using its app, but when I tried to download the app, Malwarebyte says it's a malicious site (yikes) Heads up on this site: https://www.2-spyware.com/review-reimage.html So now what? Remove TrustedInstaller by safe mode? System Restore? Ok, here's the website I found in hopes that I can uninstall this virus: https://sensorstechforum.com/remove-trustedinstaller-exe-virus/ question is the SpyHunter app safe to use? Would appreciate some help! TIA! lilmama