Jump to content

Suspected Virus, antivirus says nothing


Recommended Posts

I have reasons to suspect my computer is infected due to weird behavior that I've noticed and strange group permissions but no antivirus software detects anything wrong. I have tried both Malware bytes and Windows Defender but neither detects any issues. Bellow are my FRST.txt and addition.txt . If anyone could help me out I would really appreciate it.

Thank you :)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2019

Ran by $USER$ (administrator) on DESKTOP-JVA0JR8 (Micro-Star International Co., Ltd MS-7B86) (21-06-2019 20:06:08)

Running from C:\Users\$USER$\Downloads

Loaded Profiles: $USER$ (Available Profiles: $USER$)

Platform: Windows 10 Pro Version 1809 17763.557 (X64) Language: English (United States)

Default browser: FF

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0340998.inf_amd64_4e7ad8ec950b7e37\B340755\atiesrxx.exe

(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe

(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]

HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1939968 2014-10-22] (Brother Industries, Ltd.) [File not signed]

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

HKU\S-1-5-21-3989820645-2074584471-1737573846-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-17] (Valve -> Valve Corporation)

HKU\S-1-5-21-3989820645-2074584471-1737573846-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)

GroupPolicy: Restriction ? <==== ATTENTION

GroupPolicy\User: Restriction ? <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0F26DF1D-10A9-424E-A3BB-D2C9DB231531} - System32\Tasks\AirVPN => C:\Program Files\AirVPN\Eddie-UI.exe

Task: {1A7EEEFD-2B9A-4433-ACE4-A2421DD67E74} - System32\Tasks\TorGuard Autostart => C:\Program Files (x86)\VPNetwork LLC\TorGuard\TorGuardDesktopQt.exe

Task: {4F48904B-3CA5-4B16-81F2-2AE7A9D8FEAA} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [58760 2019-03-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: {65FEE7EF-071A-4311-A8B0-B4CEAE55C430} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-JVA0JR8-$USER$ => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {78058606-6FD8-41CB-B857-7A7F4BBDA035} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {86CE471E-0D86-4B57-90D8-A11B84EAD138} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-JVA0JR8-$USER$ => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {95B739D2-0CCA-45FA-9E6E-4DCD6151B488} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {B42F0C2B-1A98-41F5-8971-9625F4492E02} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {B57EF442-74EB-4A48-B29C-386CB150B58F} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-03-26] (Advanced Micro Devices, Inc.) [File not signed]

Task: {C9211807-392A-4CBA-8923-80F06D4F8681} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-03-26] (Advanced Micro Devices, Inc.) [File not signed]

Task: {D52C16F7-ED32-4C67-9B9F-5DCE9AA89BDA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {E0D0D483-337F-40E5-B137-89AB55D307F7} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe

Task: {E8580276-C8D8-42FB-B207-D6B0D31614B3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {F0C5988A-3BA4-4DCA-8952-9B07D5D7B080} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [58760 2019-03-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: {F6374E38-1F8C-4303-9858-E8CC6E416F3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{6a2337ce-e0c6-42ab-8e80-9cf6ee056eca}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{c5949e16-7de1-44dc-bfb8-c0621aa74db4}: [NameServer] 10.20.74.1

Tcpip\..\Interfaces\{c5949e16-7de1-44dc-bfb8-c0621aa74db4}: [DhcpNameServer] 10.20.74.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-05-09] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-09] (Oracle America, Inc. -> Oracle Corporation)

 

FireFox:

========

FF DefaultProfile: vqrhvo6m.default

FF ProfilePath: C:\Users\$USER$\AppData\Roaming\Mozilla\Firefox\Profiles\vqrhvo6m.default [2019-06-21]

FF Homepage: Mozilla\Firefox\Profiles\vqrhvo6m.default -> www.google.com

FF NewTab: Mozilla\Firefox\Profiles\vqrhvo6m.default -> about:newtab

FF NetworkProxy: Mozilla\Firefox\Profiles\vqrhvo6m.default -> type", 0

FF Session Restore: Mozilla\Firefox\Profiles\vqrhvo6m.default -> is enabled.

FF Extension: (Pay by Privacy.com) - C:\Users\$USER$\AppData\Roaming\Mozilla\Firefox\Profiles\vqrhvo6m.default\Extensions\privacy@privacy.com.xpi [2019-05-13]

FF SearchPlugin: C:\Users\$USER$\AppData\Roaming\Mozilla\Firefox\Profiles\vqrhvo6m.default\searchplugins\bing-lavasoft-ff59.xml [2019-04-19]

FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)

FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-09] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-09] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0340998.inf_amd64_4e7ad8ec950b7e37\B340755\atiesrxx.exe [508208 2019-04-03] (Advanced Micro Devices, Inc. -> AMD)

R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-03-26] (AMD) [File not signed]

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [34568 2019-04-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)

R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-12] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )

R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0340998.inf_amd64_4e7ad8ec950b7e37\B340755\atikmdag.sys [52888368 2019-04-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0340998.inf_amd64_4e7ad8ec950b7e37\B340755\atikmpag.sys [590128 2019-04-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [102856 2019-04-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)

R1 amdpsp; C:\Windows\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )

R2 AMDRyzenMasterDriver; C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AMDRyzenMasterDriver.sys [70304 2017-11-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [107400 2018-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)

S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )

S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [47496 2019-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [337632 2019-06-04] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-04] (Microsoft Windows -> Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


 

==================== One month (created) ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2019-06-21 19:53 - 2019-06-21 20:04 - 000000564 _____ C:\Users\$USER$\Desktop\JRT.txt

2019-06-21 19:49 - 2019-06-21 19:50 - 000000000 ____D C:\AdwCleaner

2019-06-21 19:45 - 2019-06-21 19:46 - 000000913 _____ C:\Users\$USER$\Downloads\fixlist.txt

2019-06-21 19:08 - 2019-06-21 19:08 - 000043784 _____ C:\Users\$USER$\Downloads\Addition.txt

2019-06-21 19:07 - 2019-06-21 20:06 - 000015245 _____ C:\Users\$USER$\Downloads\FRST.txt

2019-06-21 19:06 - 2019-06-21 20:06 - 000000000 ____D C:\FRST

2019-06-21 19:05 - 2019-06-21 19:05 - 007025360 _____ (Malwarebytes) C:\Users\$USER$\Downloads\AdwCleaner.exe

2019-06-21 19:05 - 2019-06-21 19:05 - 001790024 _____ (Malwarebytes) C:\Users\$USER$\Downloads\JRT.exe

2019-06-21 19:03 - 2019-06-21 19:03 - 002418688 _____ (Farbar) C:\Users\$USER$\Downloads\FRST64.exe

2019-06-21 18:53 - 2019-06-21 19:58 - 000000000 ____D C:\Program Files\Mozilla Firefox

2019-06-20 15:56 - 2019-06-21 18:16 - 086144442 _____ C:\Users\$USER$\Desktop\Aztec Calendar [with background.ai

2019-06-18 03:20 - 2019-06-18 03:20 - 000000000 ____D C:\Program Files\UNP

2019-06-15 18:11 - 2019-06-15 18:11 - 000000678 _____ C:\Users\$USER$\Desktop\tomato-RT-AC3200-AT-ARM7-3.5-140-AIO-64K.trx - Shortcut.lnk

2019-06-14 22:51 - 2019-06-14 22:51 - 001993528 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll

2019-06-14 17:07 - 2019-06-14 17:09 - 000002430 _____ C:\Users\$USER$\Desktop\Player 2.lnk

2019-06-14 17:07 - 2019-06-14 17:08 - 000002362 _____ C:\Users\$USER$\Desktop\Player 1.lnk

2019-06-14 15:48 - 2019-06-14 15:48 - 000000221 _____ C:\Users\$USER$\Desktop\Borderlands 2.url

2019-06-11 18:24 - 2019-06-11 18:24 - 026808320 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 023438336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 022114960 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 020816384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 018999296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 017484800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 015221248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 012869120 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 012162048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 009682744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 007884288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 007875072 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 007724992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 007687576 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 006926336 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 006547144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 006441472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 006309256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 006068224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 005764608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 005588184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 005297152 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 005210904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 005112792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 005086208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 004997096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 004883968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 004661760 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 004627456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 003983872 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 003906560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 003743744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 003637248 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 003426816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 003385344 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 003363640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 003344896 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 003270144 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 003091968 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 002999808 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 002928640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 002926096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 002777736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 002707968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 002690048 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 002653696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 002638336 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 002627600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 002422272 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 002323696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 002276192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 002189312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 002096128 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2019-06-11 18:24 - 2019-06-11 18:24 - 002085168 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 002017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2019-06-11 18:24 - 2019-06-11 18:24 - 001929216 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001903616 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001899160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001860608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001860096 ____R (The ICU Project) C:\Windows\system32\icuin.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001761280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001750016 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001700312 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2019-06-11 18:24 - 2019-06-11 18:24 - 001670840 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001644544 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001618944 ____R (The ICU Project) C:\Windows\SysWOW64\icuin.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001616384 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001605120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001483872 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001471040 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 001466496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001462272 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001342904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2019-06-11 18:24 - 2019-06-11 18:24 - 001331536 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001315328 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001298952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001260048 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi

2019-06-11 18:24 - 2019-06-11 18:24 - 001256448 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001255936 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001254912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001253688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 001229824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 001223168 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001219424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryPS.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001180184 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 001098136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001054712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 001048592 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 001032704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001005056 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 001000448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000927744 _____ (Microsoft Corporation) C:\Windows\system32\assignedaccessmanagersvc.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000924160 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000898048 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000887808 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000863544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000853504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000850760 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000804352 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000791040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000787456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000773632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000769536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000758688 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000752144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000735232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000730592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000699392 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Language.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000692736 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000676048 _____ (Microsoft Corporation) C:\Windows\system32\StateRepository.Core.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapi.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000651576 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000651064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000618496 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessManager.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000615440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000604344 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000586040 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000570368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000555232 _____ (Microsoft Corporation) C:\Windows\system32\AppResolver.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000553664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000540720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StateRepository.Core.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000532992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000531968 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000515152 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000513904 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000506192 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000495616 _____ (Microsoft Corporation) C:\Windows\system32\DDDS.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000478720 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000474936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2019-06-11 18:24 - 2019-06-11 18:24 - 000462136 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000451104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000430904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000427688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppResolver.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\SDDS.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000419368 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000404792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000398848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000398208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000389120 _____ (Microsoft Corporation) C:\Windows\system32\BingASDS.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000386576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000375544 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000375296 _____ (Microsoft Corporation) C:\Windows\system32\esentutl.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000365056 _____ (Microsoft Corporation) C:\Windows\system32\NotificationControllerPS.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000362496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000359936 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000351232 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esentutl.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapibase.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000292664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000287912 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000282424 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000262160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicCapsule.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000247608 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthAgent.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000246784 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\JpnServiceDS.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000240128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000228352 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000218624 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000201728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000196920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryUpgrade.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000177152 _____ (Microsoft Corporation) C:\Windows\system32\spacebridge.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000177152 _____ (Microsoft Corporation) C:\Windows\system32\LanguageComponentsInstaller.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\FilterDS.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spacebridge.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000165376 _____ (Microsoft Corporation) C:\Windows\system32\CompPkgSrv.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000156984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000152896 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000152400 _____ (Microsoft Corporation) C:\Windows\system32\KerbClientShared.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000137056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000125528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KerbClientShared.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000122680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000114648 _____ (Microsoft Corporation) C:\Windows\system32\CompPkgSup.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000101176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\BingFilterDS.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000091424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CompPkgSup.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000090424 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000087864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000080400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys

2019-06-11 18:24 - 2019-06-11 18:24 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicAgent.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerUI.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessRuntime.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerUI.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\UsoClient.exe

2019-06-11 18:24 - 2019-06-11 18:24 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AssignedAccessRuntime.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryCore.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2019-06-11 18:24 - 2019-06-11 18:24 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin

2019-06-11 18:24 - 2019-06-11 18:24 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin

2019-06-11 18:24 - 2019-06-11 18:24 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin

2019-06-11 18:24 - 2019-06-11 18:24 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin

2019-06-11 18:24 - 2019-06-11 18:24 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin

2019-06-11 18:24 - 2019-06-11 18:24 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin

2019-06-11 18:24 - 2019-06-11 18:24 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin

2019-06-11 18:24 - 2019-06-11 18:24 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin

2019-06-11 06:18 - 2019-06-21 18:45 - 071775145 _____ C:\Users\$USER$\Desktop\Aztec Calendar.ai

2019-06-11 06:15 - 2019-06-11 06:15 - 071223236 _____ C:\Users\$USER$\Desktop\Aztec Calendar.pdf

2019-06-09 09:20 - 2019-06-14 16:02 - 000000000 ____D C:\Users\$USER$\Documents\My Games

2019-06-09 09:18 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2019-06-09 09:18 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2019-06-09 09:18 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2019-06-09 09:18 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2019-06-09 09:18 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2019-06-09 09:18 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2019-06-09 09:18 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll

2019-06-08 13:35 - 2019-06-08 13:42 - 000000000 ____D C:\ProgramData\SecTaskMan

 

==================== One month (modified) ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2019-06-21 20:02 - 2019-04-13 21:56 - 000795988 _____ C:\Windows\system32\PerfStringBackup.INI

2019-06-21 20:02 - 2018-09-15 00:31 - 000000000 ____D C:\Windows\INF

2019-06-21 19:59 - 2019-04-13 22:48 - 000003118 _____ C:\Windows\System32\Tasks\AMDLinkUpdate

2019-06-21 19:58 - 2019-04-13 22:24 - 000065536 _____ C:\Windows\system32\spu_storage.bin

2019-06-21 19:58 - 2019-04-13 22:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2019-06-21 19:58 - 2019-04-13 21:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2019-06-21 19:58 - 2018-09-15 00:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2019-06-21 19:58 - 2018-09-14 23:09 - 000524288 _____ C:\Windows\system32\config\BBI

2019-06-21 19:24 - 2019-04-13 22:22 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

2019-06-21 19:24 - 2019-04-13 22:22 - 000000000 ____D C:\Users\$USER$\AppData\LocalLow\Mozilla

2019-06-21 19:21 - 2019-04-14 21:25 - 000000000 ____D C:\Program Files\PerformanceTest

2019-06-21 18:40 - 2019-04-13 21:50 - 000000000 ____D C:\Windows\system32\SleepStudy

2019-06-21 17:46 - 2019-04-24 19:24 - 000000000 ____D C:\Users\$USER$\AppData\Roaming\vlc

2019-06-21 17:32 - 2019-05-08 21:57 - 000000000 ____D C:\Users\$USER$\AppData\Local\ElevatedDiagnostics

2019-06-21 06:44 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\AppReadiness

2019-06-20 15:50 - 2019-04-13 22:50 - 000000000 ____D C:\Program Files (x86)\Steam

2019-06-20 04:44 - 2019-04-13 22:49 - 000000000 ____D C:\Users\$USER$\AppData\Local\D3DSCache

2019-06-19 18:08 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\LiveKernelReports

2019-06-18 07:03 - 2019-05-01 17:20 - 000013423 _____ C:\Windows\BRRBCOM.INI

2019-06-17 17:58 - 2018-09-15 00:33 - 000000000 ___HD C:\Program Files\WindowsApps

2019-06-16 02:27 - 2019-04-13 22:21 - 000003386 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3989820645-2074584471-1737573846-1001

2019-06-16 02:27 - 2019-04-13 22:21 - 000000000 ___RD C:\Users\$USER$\OneDrive

2019-06-16 02:27 - 2019-04-13 22:19 - 000002376 _____ C:\Users\$USER$\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2019-06-15 18:21 - 2019-04-24 19:19 - 000000000 ____D C:\Users\$USER$\AppData\Local\RadeonSettings

2019-06-14 22:51 - 2018-09-15 00:23 - 000000000 ____D C:\Windows\CbsTemp

2019-06-13 22:52 - 2019-04-13 22:20 - 000000000 __RHD C:\Users\Public\AccountPictures

2019-06-13 22:52 - 2019-04-13 22:20 - 000000000 ___RD C:\Users\$USER$\3D Objects

2019-06-13 22:52 - 2019-04-13 21:50 - 000257904 _____ C:\Windows\system32\FNTCACHE.DAT

2019-06-13 22:51 - 2018-09-15 00:33 - 000000000 ___RD C:\Program Files\Windows Defender

2019-06-13 22:51 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\system32\migwiz

2019-06-13 22:51 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\bcastdvr

2019-06-11 18:22 - 2019-04-14 00:55 - 000000000 ____D C:\Windows\system32\MRT

2019-06-11 18:21 - 2019-04-14 00:55 - 135349160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2019-06-09 15:41 - 2018-09-15 00:33 - 000000000 ____D C:\Windows\system32\NDF

2019-06-08 21:26 - 2019-04-13 22:19 - 000000000 ____D C:\Users\$USER$

2019-06-08 13:19 - 2019-04-19 09:45 - 000000000 ____D C:\Users\$USER$\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AirVPN

2019-06-08 13:16 - 2019-04-29 16:37 - 000000000 ____D C:\Users\$USER$\AppData\Local\CrashDumps

2019-06-08 07:18 - 2019-04-19 18:19 - 000000000 ____D C:\Users\$USER$\Documents\Art

2019-06-06 16:43 - 2019-04-13 22:20 - 000000000 ____D C:\Users\$USER$\AppData\Roaming\Adobe

2019-06-04 07:08 - 2019-04-13 21:50 - 000000000 ____D C:\Windows\system32\Drivers\wd

2019-05-31 20:21 - 2019-05-11 00:55 - 000000028 _____ C:\Users\$USER$\AppData\Roaming\kulerdata.json

2019-05-31 11:03 - 2018-09-15 00:36 - 000835688 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe

2019-05-31 11:03 - 2018-09-15 00:36 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2019-05-28 16:03 - 2019-04-13 22:36 - 000000000 ____D C:\ProgramData\Packages

 

==================== Files in the root of some directories ================

 

2019-05-01 18:03 - 2019-05-10 22:50 - 000000033 _____ () C:\Users\$USER$\AppData\Roaming\AdobeWLCMCache.dat

2019-05-11 00:55 - 2019-05-31 20:21 - 000000028 _____ () C:\Users\$USER$\AppData\Roaming\kulerdata.json

2019-05-06 05:39 - 2019-05-06 05:39 - 000000000 _____ () C:\Users\$USER$\AppData\Local\oobelibMkey.log

2019-04-19 10:30 - 2019-04-19 10:30 - 000000218 _____ () C:\Users\$USER$\AppData\Local\recently-used.xbel

 

==================== FLock ================

 

2019-04-13 21:54 C:\Windows\CSC

 

==================== SigCheck ===============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ============================




 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019

Ran by $USER$ (21-06-2019 20:07:06)

Running from C:\Users\$USER$\Downloads

Windows 10 Pro Version 1809 17763.557 (X64) (2019-04-14 04:52:20)

Boot Mode: Normal

==========================================================


 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3989820645-2074584471-1737573846-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3989820645-2074584471-1737573846-503 - Limited - Disabled)

Guest (S-1-5-21-3989820645-2074584471-1737573846-501 - Limited - Disabled)

WDAGUtilityAccount (S-1-5-21-3989820645-2074584471-1737573846-504 - Limited - Disabled)

$USER$ (S-1-5-21-3989820645-2074584471-1737573846-1001 - Administrator - Enabled) => C:\Users\$USER$

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)

Adobe Illustrator CC 2019 (HKLM-x32\...\ILST_23_0_1) (Version: 23.0.1 - Adobe Systems Incorporated)

Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)

Amazon.com Fire_Devices (HKLM\...\Fire_Devices Drivers) (Version: 2 - Amazon.com)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.4.1 - Advanced Micro Devices, Inc.)

Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden

BrLauncher (HKLM-x32\...\{474764AE-5A67-4312-ADD3-449798BD96D1}) (Version: 1.1.21.0 - Brother Industries Ltd.) Hidden

BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden

Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden

Brother Printer Driver (HKLM-x32\...\{64C9622E-3570-43B1-AF11-9AECC73988A2}) (Version: 1.6.0.0 - Brother Industries Ltd.) Hidden

Brother Scanner Driver (HKLM-x32\...\{3922F26C-3827-42B9-9085-9F881210A36B}) (Version: 1.0.27.1 - Brother Industries Ltd.) Hidden

BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden

BrSupportTools (HKLM-x32\...\{83626DDE-99CD-4FF2-804E-36BE82143315}) (Version: 1.0.14.0 - Brother Industries Ltd.) Hidden

Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)

ControlCenter4 (HKLM-x32\...\{CAFE5834-5440-41B8-8C56-4DD946A1A5E1}) (Version: 4.6.21.1 - Brother Industries, Ltd.) Hidden

ControlCenter4 CSDK (HKLM-x32\...\{1E89F75C-EF46-406C-9AAC-615B3CCC1D3D}) (Version: 4.3.2.1 - Brother Insutries Ltd.) Hidden

CrystalDiskMark 5.5.0 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.5.0 - Crystal Dew World)

DeviceDetect (HKLM-x32\...\{9C27CE44-0F33-42CC-8A30-4A08369EB7B3}) (Version: 1.3.1.0 - Brother Industries Ltd.) Hidden

HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden

Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3989820645-2074584471-1737573846-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)

Mozilla Firefox 67.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 67.0.4 (x64 en-US)) (Version: 67.0.4 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)

NetworkRepairTool (HKLM-x32\...\{947DE453-69FD-4CF6-A682-04D1308C79AF}) (Version: 1.2.15.0 - Brother Industries, Ltd.) Hidden

PC-FAXReceive (HKLM-x32\...\{9C609AF4-9CC1-45F0-B954-29DF7DD40329}) (Version: 1.8.004.0 - Brother Insutries Ltd.) Hidden

PCFaxTx (HKLM-x32\...\{3C17737F-A6C4-4528-9A60-06DD0D4B3A63}) (Version: 1.0.18.1 - Brother Industries Ltd.) Hidden

RemoteSetup (HKLM-x32\...\{BDD8C463-1183-4A91-9EC8-BF68E4ECA9B6}) (Version: 3.9.2.1 - Brother Industries Ltd.) Hidden

ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden

StatusMonitor (HKLM-x32\...\{624AB804-EE0E-4AD5-AB8F-15BB29C54065}) (Version: 1.22.8.0 - Brother Insutries Ltd.) Hidden

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden

VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)

WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

 

Packages:

=========

Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-29] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-13] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-13] (Microsoft Corporation) [MS Ad]

Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-13] (Microsoft Corporation) [MS Ad]

MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-04-13] (Microsoft Corporation) [MS Ad]

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-3989820645-2074584471-1737573846-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-03-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)


 

==================== Loaded Modules (Whitelisted) ==============

 

2018-03-13 04:47 - 2018-03-13 04:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll

2018-03-13 04:47 - 2018-03-13 04:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll

2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll

2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll

2019-05-01 17:20 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\Windows\system32\BrSNMP64.dll

2019-03-26 23:38 - 2019-03-26 23:38 - 000043008 _____ (AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe

2019-03-26 23:38 - 2019-03-26 23:38 - 000572928 _____ (AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe

2019-05-01 17:20 - 2013-03-08 15:44 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)


 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-3989820645-2074584471-1737573846-1001\...\localhost -> localhost

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2018-09-15 00:31 - 2018-09-15 00:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\

HKU\S-1-5-21-3989820645-2074584471-1737573846-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

If an entry is included in the fixlist, it will be removed.

 

HKLM\...\StartupApproved\Run: => "SecurityHealth"

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run32: => "SecurityHealth"

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"

HKLM\...\StartupApproved\Run32: => "I16A"

HKLM\...\StartupApproved\Run32: => "BrHelp"

HKLM\...\StartupApproved\Run32: => "BrStsMon00"

HKLM\...\StartupApproved\Run32: => "ControlCenter4"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKU\S-1-5-21-3989820645-2074584471-1737573846-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-3989820645-2074584471-1737573846-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-3989820645-2074584471-1737573846-1001\...\StartupApproved\Run: => "uTorrent"

HKU\S-1-5-21-3989820645-2074584471-1737573846-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

HKU\S-1-5-21-3989820645-2074584471-1737573846-1001\...\StartupApproved\Run: => "ApowerMirror"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{4E72195C-5163-432F-8E5A-BD479BA73CEB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{1365657F-94C4-472D-8E49-86B7A21A65CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{3E835E71-F4F4-4982-9712-29AAA5FC673C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

FirewallRules: [{0B45A312-F4D0-41B3-87C9-588274F6F9B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

FirewallRules: [{E9FC5A4D-CC2D-4C9E-987B-9CF746853D68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungreed\Dungreed.exe () [File not signed]

FirewallRules: [{F8085249-4492-4624-80C7-7574A18E84D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungreed\Dungreed.exe () [File not signed]

FirewallRules: [{5B106BA3-D25F-4CE4-B5EF-E7D4F9D7D5D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathway\Pathway.exe () [File not signed]

FirewallRules: [{1B8EAF14-F01A-4706-A20A-506583A1706F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathway\Pathway.exe () [File not signed]

FirewallRules: [{A6387962-034A-47C8-8E5D-9903340128B8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{B7FF147C-7D45-4E49-82FA-5951660ED873}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{DEB88682-E2B4-4A58-9641-F12BF280586B}] => (Allow) LPort=7573

FirewallRules: [{2AD7ABDF-B4D0-4B6D-9E61-57E53E20964E}] => (Allow) LPort=11953

FirewallRules: [{1500048A-C60C-4926-8E0A-B88838D46AB1}] => (Allow) LPort=50003

FirewallRules: [{645D363F-1460-4927-9473-AFB209870461}] => (Allow) LPort=7573

FirewallRules: [{9AC381DF-A1A5-4B39-8983-EA00D792CF74}] => (Allow) LPort=50003

FirewallRules: [{8274FF44-0491-40FF-9C70-A03CFD68BE68}] => (Allow) LPort=11953

FirewallRules: [{07D72118-38B2-4A2D-A079-4CA138B58605}] => (Allow) LPort=7573

FirewallRules: [{05817F06-4009-45E4-9BB7-2D8267AEAEAC}] => (Allow) LPort=7573

FirewallRules: [{818464BB-8B76-4CA7-85BE-BAF07BAFDE60}] => (Allow) LPort=50003

FirewallRules: [{0D91A8B2-E09A-4B77-BE7C-0F0C3BC2792F}] => (Allow) LPort=50003

FirewallRules: [{FDF6D57B-F6FB-4020-ADA0-8F587F6F3815}] => (Allow) LPort=11953

FirewallRules: [{93099380-F3B6-4D3B-B2A7-99D4BB62087F}] => (Allow) LPort=11953

FirewallRules: [{B6BDA6CA-22EF-4849-8689-724CC5F63243}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)

FirewallRules: [{B5C5F6CC-52AE-40BE-9B3E-ECCE46D336C5}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)

FirewallRules: [{3340DEBA-7DE1-4A4E-92BC-4219ABBD3ECA}] => (Allow) LPort=54925

FirewallRules: [{5D9AE84F-99DA-4240-A327-D62180BDA34B}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]

FirewallRules: [{3122B8DE-2C90-401C-A679-C1F728DB24BC}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]

FirewallRules: [TCP Query User{2D7EDC99-8721-41F3-928B-79A7DC4A82B1}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe

FirewallRules: [UDP Query User{216E3256-BB29-4EE9-8DDB-85860E5090C1}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe

FirewallRules: [{99CE7208-5F58-4675-A695-D285D9215F9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File

FirewallRules: [{242AAD90-6B17-4996-B570-079507ADE8FA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File

FirewallRules: [{1E91AE8F-3C8F-4FE0-8937-301D88BC3668}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File

FirewallRules: [{A18DCF12-F1E3-473D-B485-BF8C98E159D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File

FirewallRules: [{CF74EB7E-B7C6-462A-BE2C-4E12A7D455FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe (Gearbox Software) [File not signed]

FirewallRules: [{50C6B018-A2DF-4A07-9756-56BE78E67D3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe (Gearbox Software) [File not signed]

FirewallRules: [TCP Query User{FA7CFD0B-7786-4DD4-93C6-3EF8DBCB64BC}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe (Take-Two Interactive Software, Inc.) [File not signed]

FirewallRules: [UDP Query User{ABF50D2C-3AD9-4B79-9492-8A5E983014DB}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe (Take-Two Interactive Software, Inc.) [File not signed]

FirewallRules: [{432A96B0-35CE-40A8-9964-E7E74FB717A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software)

FirewallRules: [{A0076BB3-CE20-4B56-88DA-384E33D542D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software)

FirewallRules: [{D34583CB-C062-4393-87B9-B30D65CB18C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.)

FirewallRules: [{E6E59725-55BB-4FC1-9D8A-7A0AB06E14F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.)

 

==================== Restore Points =========================

 

09-06-2019 09:18:14 Installed Microsoft Visual C++ 2005 Redistributable

09-06-2019 09:18:33 Installed Microsoft Visual C++ 2005 Redistributable

14-06-2019 00:57:18 Windows Update

14-06-2019 00:57:28 Windows Update

21-06-2019 19:19:14 Removed Bonjour

21-06-2019 19:52:03 JRT Pre-Junkware Removal

21-06-2019 20:02:56 JRT Pre-Junkware Removal

 

==================== Faulty Device Manager Devices =============


 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/21/2019 07:59:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0xC004F074

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

 

Error: (06/21/2019 07:58:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007139F

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

 

Error: (06/21/2019 06:46:38 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0xC004F074

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

 

Error: (06/21/2019 06:18:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0xC004F074

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

 

Error: (06/21/2019 06:17:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0xC004F074

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

 

Error: (06/21/2019 06:16:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0xC004F074

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

 

Error: (06/20/2019 06:25:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0xC004F074

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent

 

Error: (06/19/2019 06:25:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0xC004F074

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable


 

System errors:

=============

Error: (06/21/2019 08:00:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

Windows.SecurityCenter.WscDataProtection

and APPID

Unavailable

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (06/21/2019 07:59:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

and APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (06/21/2019 07:59:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

and APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (06/21/2019 07:58:40 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)

Description: A TCG Command has returned an error.

Desc: AuthenticateSession

Param1: 0x1

Param2: 0x60000001c

Param3: 0x900000006

Param4: 0x0

Status: 0x1

 

Error: (06/21/2019 07:58:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (06/21/2019 07:51:04 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JVA0JR8)

Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.17763.1_neutral_neutral_cw5n1h2txyewy!App.AppXyvyv4mghdjas8j88defq0w1hc410kvzt.mca did not register with DCOM within the required timeout.

 

Error: (06/21/2019 07:50:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JVA0JR8)

Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

 

Error: (06/21/2019 07:50:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JVA0JR8)

Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.


 

Windows Defender:

===================================

Date: 2019-06-09 15:20:53.846

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {662850A7-0CEE-4AA9-B45F-5B08C8E037D2}

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2019-06-03 07:10:27.462

Description:

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.293.2760.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.15900.4

Error code: 0x80072ee2

Error description: The operation timed out

 

CodeIntegrity:

===================================

 

Date: 2019-06-21 19:19:18.233

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

 

Date: 2019-06-21 19:19:18.232

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

 

Date: 2019-06-21 19:15:27.289

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

 

Date: 2019-06-21 19:15:27.288

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

 

Date: 2019-06-21 18:59:42.658

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

 

Date: 2019-06-21 18:59:42.656

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

 

Date: 2019-06-21 18:49:17.985

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

 

Date: 2019-06-21 18:49:17.983

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

 

==================== Memory info ===========================

 

BIOS: American Megatrends Inc. A.00 06/26/2018

Motherboard: Micro-Star International Co., Ltd B450-A PRO (MS-7B86)

Processor: AMD Ryzen 5 2600 Six-Core Processor

Percentage of memory in use: 14%

Total physical RAM: 16335.15 MB

Available physical RAM: 13971.77 MB

Total Virtual: 18895.15 MB

Available Virtual: 15387.39 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:953.27 GB) (Free:571.26 GB) NTFS

Drive d: (Encrypted Storage) (Fixed) (Total:476.45 GB) (Free:11.33 GB) NTFS

Drive g: (Media Server Backup) (Fixed) (Total:1863.01 GB) (Free:1209.12 GB) NTFS

 

\\?\Volume{14e97152-9cdb-45b0-94df-765253149465}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.09 GB) NTFS

\\?\Volume{b7f7b9a3-0000-0000-0000-c01c77000000}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS

\\?\Volume{fa55b26c-1386-4b38-8da7-f06024b26291}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

========================================================

Disk: 1 (Size: 232.9 GB) (Disk ID: 8EA57B1E)

Partition 1: (Active) - (Size=232.9 GB) - (Type=83)

 

========================================================

Disk: 2 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: B7F7B9A3)

Partition 1: (Not Active) - (Size=476.4 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=501 MB) - (Type=27)

 

========================================================

Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 5C7C6365)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Root Admin

Hello @padmapani and :welcome:

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Malewarebytes and Adwcleanser said the system has no suspicious files. Can you analyze the logs I posted before and determine what I can do? I have discovered my registry has been edited to redirect to a different location for windows defender so there is definitely something fishy going on 😕

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.