Jump to content

Recommended Posts

I have a number of weird things that have been happening with my computer and home network for a number of years, and I have done so many "clean" windows installs that I lost count in the hundreds.  Unfortunately, the symptoms of the "infection" seem to change around the time of a Windows Feature update, usually twice a year--and likewise every expert I've ever asked about these things have blamed it on "Microsoft Bugs" and "a misconfiguration".   I have an MSI X99A Gaming 7 motherboard with an intel I7 processor and this has been happening since before they patched any of the major chipset vulnerabilities.  My boot drive is a Samsung Evo960 M.2 drive, so I am not entirely confident in the ability of DiskPart to fully clean the drive.  It should be noted that anytime I do a clean install and install my normal apps (like dropbox, blizzard updater, chrome, etc) the machine seems to install not ONLY that app, but a copy of it, and often an "agent" app to go along with it or a system service alongside it.  Any 3rd Party firewall app that I've used in the past has gone cuckoo-bananas with notifcations of new services CONSTANTLY making new connections...I've gone thru them before and looked up EACH IP address to which they were connecting and about 1/3 of them were for AWS servers with no other company attached to them, or random edge servers elsewhere.  I KNOW that I am being remotely monitored, and have found a myriad of WEIRD and upsetting software running in the background any time I run a Linux Live distro (like 

Weird Things:

1) I have every language pack and font installed, despite my trying to get rid of it.  At an attempted deletion, windows tells me that they are all "Required System Fonts"

2) Before my last reinstall, I found a number of registry entries that did upsetting things: Persistent Driver installs for hardware that I DO NOT HAVE nor have EVER HAD, disabling defender, and condemning the PC administrator into a shell with reduced permissions.

3) I have a ridiculous number of system devices (see photo Capture.png) that seem to be for server hardware, and a crazy number of USB and Network devices (see photo Capture2.png). I disconnected anything wireless in this PC long ago when I lost control of her and strictly use 1 ethernet connection, with no VPNs or proxies.

4. No malware scanners have EVER found anything suspicious on my machine (no cookies, PUPs, NOTHING EVER) until I used the Malwarebytes Repair Tool....then it found 2 things immediately. The file scan progress also jumped from like File #986 to file #132678 in 1 second. I know MWB is fast....but how am I supposed to believe that???  But they always find thousands of files that are "inaccessible."

5. In system management settings, Windows locks away MOST THINGS from my Admin user. In fact, all signs would point to my PC being a "managed" device (like enterprise), but all I have EVER installed on this box is Windows Home edition. Licensed and everything.

6. There are hundreds of hidden files I cannot view becuase they are "in use".

7. About half of my event logs are missing. The security event log is a nightmare.

8. Windows won't let me uninstall a bunch of updates...despite WU being broken.

9. All of the IOT devices in my home have minds of their own...but only when I try to reconfigure them.  I have google Wifi as my routers, and Idunno if the  firmware/software has been tampered with because I am not that advanced. But there is a service running called ICECAP that leaves ports open (I think 8080??) that I have found mixed results about in google.

10. I use an LG 4K Smart TV as my primary monitor, it is connected to the web, and it is connected to Wifi, and it is connected to my PC via HDMI.  Can it be configured to use the TV as a Wifi Passthru device?

11. I have 239 running services on my computer.  So there's that.

12. There apparently are active directory services, distributed transaction coordinator, and desired state config running at times.  Windows HOME edition, again.

 

PLEASE HELP!!!

 

 

 

 

Results of FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2019 01
Ran by carte (administrator) on MERCURY (MSI MS-7885) (29-07-2019 00:24:13)
Running from C:\Windows\Temp\mwb3CAB.tmp
Loaded Profiles: carte (Available Profiles: carte)
Platform: Windows 10 Home Version 1903 18362.239 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\77.4.131\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\77.4.131\QtWebEngineProcess.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes Corporation) C:\Windows\Temp\mwb3CAB.tmp\mb-support.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\carte\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.235_none_5f42305c58dc2c51\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2019-04-17] (Power Software Limited -> Power Software Ltd)
HKU\S-1-5-21-3786187417-711042663-1968237578-1001\...\Run: [Shift] => C:\Users\carte\AppData\Local\Shift\app-3.8.2\Shift.exe [83861920 2019-07-27] (Redbrick Technologies Inc. -> Redbrick)
HKLM\...\Providers\Internet Print Provider: inetpp.dll [177664 2019-07-27] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: win32spl.dll [863232 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -> themeui.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> shell32.dll [2019-07-27] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-27] (Google LLC -> Google LLC)
HKLM\Software\...\Winlogon\GPExtensions: [{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] -> wlgpclnt.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{16be69fa-4209-4250-88cb-716cf41954e0}] -> auditcse.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{25537BA6-77A8-11D2-9B6C-0000F8080861}] -> fdeploy.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] -> gptext.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4d968b55-cac2-4ff5-983f-0a54603781a3}] -> WorkFoldersGPExt.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7909AD9E-09EE-4247-BAB9-7029D5F0A278}] -> dmenrollengine.dll [2019-07-27] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] -> scecli.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] -> dot3gpclnt.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}] -> pwlauncher.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C34B2751-1CF4-44F5-9262-C3FC39666591}] -> pwlauncher.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}] -> gptext.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{f3ccc681-b74c-4060-9f26-cd84525dca2a}] -> auditcse.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{FB2CA36D-0B40-4307-821B-A13B252DE56C}] -> gptext.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}] -> gptext.dll [2019-03-19] (Microsoft Windows -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1057910D-31CD-48E8-A15B-BC820C0DFFCF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {17E3C329-22B8-4EF0-AFDF-399D3C64D97B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-07-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {1B0C0498-944F-4BAA-A51E-1D4376253762} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe [40448 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {32CD66B0-2B56-47E0-A164-E3F53E17405E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-27] (Google Inc -> Google LLC)
Task: {3E3F243D-7B42-427A-A3E5-12EA535D1DA2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-07-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {5F0227D4-FB31-47BA-A0E9-4BE435E20DD2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {67C3EEA1-12AE-44D5-8CDC-9B641E5502C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-27] (Google Inc -> Google LLC)
Task: {6D9A4EED-1A77-433B-932A-32B5077B6482} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7309A0F0-09BE-4CD7-A3F0-21348EE483F4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {851C8852-0423-47AC-B21C-D355805F18BA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9F3CE0DB-1219-4B96-8D1F-6E8706846808} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [415744 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {EDC81D02-FCFA-4A3D-B9BF-2B9961155B61} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.86.1
Tcpip\..\Interfaces\{ccf56be2-bae2-4a47-b67d-df1811967876}: [DhcpNameServer] 192.168.86.1

Internet Explorer:
==================
HKU\S-1-5-21-3786187417-711042663-1968237578-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-06-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.13\npGoogleUpdate3.dll [2019-07-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.13\npGoogleUpdate3.dll [2019-07-27] (Google Inc -> Google LLC)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?tab=mm#inbox","hxxps://www.clover.com/dashboard/login","hxxps://www.bankofamerica.com/smallbusiness/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\carte\AppData\Local\Google\Chrome\User Data\Default [2019-07-29]
CHR Extension: (Google Drive) - C:\Users\carte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-27]
CHR Extension: (YouTube) - C:\Users\carte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-27]
CHR Extension: (uBlock Origin) - C:\Users\carte\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-27]
CHR Extension: (VTchromizer) - C:\Users\carte\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2019-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\carte\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\carte\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-07-27]
CHR Extension: (Morpheon Dark) - C:\Users\carte\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2019-07-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\carte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-27]
CHR Extension: (Gmail) - C:\Users\carte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\carte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-07-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-07-27] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\System32\DbxSvc.exe [51024 2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dbx; C:\Windows\System32\DRIVERS\dbx.sys [47600 2019-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [145920 2019-03-19] (Microsoft Windows -> Qualcomm Atheros, Inc.)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-29] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-07-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-07-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116112 2019-07-29] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvaki.inf_amd64_b69bc036024da737\nvlddmkm.sys [21858904 2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [47496 2019-07-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [344288 2019-07-27] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-27] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-29 00:24 - 2019-07-29 00:24 - 000000000 ____D C:\FRST
2019-07-29 00:23 - 2019-07-29 00:23 - 064756040 _____ (Malwarebytes ) C:\Windows\SysWOW64\mb-setup.exe
2019-07-29 00:23 - 2019-07-29 00:23 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-07-29 00:23 - 2019-07-29 00:23 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-07-29 00:23 - 2019-07-29 00:23 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-07-29 00:23 - 2019-07-29 00:23 - 000116112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-07-29 00:23 - 2019-07-29 00:23 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-07-29 00:23 - 2019-07-29 00:23 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-29 00:23 - 2019-07-29 00:23 - 000000000 ___HD C:\OneDriveTemp
2019-07-29 00:23 - 2019-07-29 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-29 00:23 - 2019-07-29 00:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-29 00:23 - 2019-07-29 00:23 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-29 00:23 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-07-29 00:23 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-07-29 00:21 - 2019-07-29 00:21 - 008367832 _____ C:\Users\carte\Downloads\MB-SupportTool.exe
2019-07-29 00:21 - 2019-07-29 00:21 - 002095104 _____ (Farbar) C:\Users\carte\Downloads\FRSTEnglish.exe
2019-07-29 00:13 - 2019-07-29 00:13 - 064333800 _____ (Malwarebytes ) C:\Users\carte\Downloads\mb3-setup-1878.1878-3.8.3.2965.exe
2019-07-29 00:07 - 2019-07-29 00:07 - 000000633 _____ C:\Users\carte\Downloads\HPD7B9EF.crt
2019-07-28 23:01 - 2019-07-28 23:01 - 000000738 _____ C:\Users\carte\Netshdmp.txt
2019-07-28 10:22 - 2019-07-28 10:22 - 000001299 _____ C:\Users\carte\Desktop\Dropbox.lnk
2019-07-28 10:22 - 2019-07-28 10:22 - 000000000 ___RD C:\Users\carte\Dropbox
2019-07-27 18:31 - 2019-07-27 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMymoney 4.8.3
2019-07-27 18:31 - 2019-07-27 18:31 - 000000000 ____D C:\Program Files\kmymoney
2019-07-27 14:33 - 2019-07-27 13:37 - 000000000 ____D C:\Windows\Panther
2019-07-27 14:11 - 2019-07-27 14:12 - 000000000 ____D C:\Windows\system32\MRT
2019-07-27 14:11 - 2019-07-27 14:11 - 136618864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 025902080 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 025444864 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 022625280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 019849216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 019811328 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 018017792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 017786368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 014816256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 009917752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 008011776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 007887440 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 007758336 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 007636616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 007242312 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 007175168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 007008768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 006534712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 006224296 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 006218752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 006068840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 005919744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 005745504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 005500416 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 004863488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 004578816 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 004562920 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 004552336 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 004481536 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 004470784 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 004348408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 004306432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 004129416 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 004012032 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 004008960 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Service.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003914480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 003837440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003748864 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003725312 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 003698176 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003654656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003590968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 003550720 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003525592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003487232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003372952 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003327256 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003263488 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003261440 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003243080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003106304 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 003084800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002990608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 002956984 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002876416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002871824 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 002870784 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002798592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 002771008 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002763552 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-07-27 14:09 - 2019-07-27 14:09 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-07-27 14:09 - 2019-07-27 14:09 - 002725376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 002697728 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002656768 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002587328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002561536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002550584 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002494232 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002490712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002449456 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002443264 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002398208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002306048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002281984 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002258336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002235936 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002232960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002216448 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002117160 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002081976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 002072152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001999440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001979392 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001954960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001945600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001918976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001884672 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001866064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001856000 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001856000 _____ (Microsoft Corporation) C:\Windows\system32\ConstraintIndex.Search.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001841152 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001815040 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001781248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001761792 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001754232 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-07-27 14:09 - 2019-07-27 14:09 - 001745920 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001743672 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001721344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001721144 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001717560 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001697792 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001697280 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001690624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001687552 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001657856 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001651848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001647280 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001635328 _____ (Microsoft Corporation) C:\Windows\system32\TaskFlowDataEngine.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001633648 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001608704 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001608192 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001555688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001539584 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001535288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001509936 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 001480704 _____ (Microsoft Corporation) C:\Windows\system32\rdpsharercom.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001458176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001437184 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 001413704 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001393960 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001391416 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 001375232 _____ (Microsoft Corporation) C:\Windows\system32\APMon.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001366528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001366128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-07-27 14:09 - 2019-07-27 14:09 - 001362432 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001345024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001337656 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001321472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001319936 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001304888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001273344 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001273176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001262864 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001261568 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001260032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpsharercom.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001250432 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 001214976 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001192096 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 001182232 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 001151816 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001149928 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 001146880 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001124864 _____ (Microsoft Corporation) C:\Windows\system32\CBDHSvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001101312 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001092096 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001071928 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 001067008 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001063944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001042944 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2019-07-27 14:09 - 2019-07-27 14:09 - 001040896 _____ (Microsoft Corporation) C:\Windows\system32\WpcRefreshTask.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001012792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001007104 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001006592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 001000960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000986112 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000984376 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000950784 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000947712 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000947200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000928776 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000923136 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000919040 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000916480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000912896 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000910272 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000892696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000889656 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000879792 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2019-07-27 14:09 - 2019-07-27 14:09 - 000876856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000875008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000862720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Service.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000858112 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000843776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000833536 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000830976 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000829544 _____ (Microsoft Corporation) C:\Windows\system32\BioIso.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000821696 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000818656 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000813568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000810512 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000801592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000782120 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000774152 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000772656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000771584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000769336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000765440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000751256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000743424 _____ (Microsoft Corporation) C:\Windows\system32\FrameServer.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000740664 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000735232 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000706544 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000705536 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000702464 _____ (Microsoft Corporation) C:\Windows\system32\agentactivationruntime.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000701952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000700928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapi.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000680760 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000680448 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000679368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000675328 _____ (Microsoft Corporation) C:\Windows\system32\agentactivationruntimewindows.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000674816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000674072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000673152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000673080 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000667272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000645632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\cdpsvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000642008 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000637968 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000611328 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000602432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000601088 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000589592 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000588464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000586552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000568336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000531976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2019-07-27 14:09 - 2019-07-27 14:09 - 000531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000531464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000523912 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000516752 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000516608 _____ (Microsoft Corporation) C:\Windows\system32\usosvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000513336 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000511288 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000510768 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000500224 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-07-27 14:09 - 2019-07-27 14:09 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000481592 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000477496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-07-27 14:09 - 2019-07-27 14:09 - 000474112 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000472576 _____ (Microsoft Corporation) C:\Windows\system32\SharedRealitySvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000472064 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000467968 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000467456 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2019-07-27 14:09 - 2019-07-27 14:09 - 000464696 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000460288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.ConversationalAgent.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000443904 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000441144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000435000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000427008 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000425264 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-07-27 14:09 - 2019-07-27 14:09 - 000415800 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000415544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\DispBroker.Desktop.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000390456 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000388608 _____ (Microsoft Corporation) C:\Windows\system32\NotificationControllerPS.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000387584 _____ (Microsoft Corporation) C:\Windows\system32\provplatformdesktop.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000386016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcLayers.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000368128 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000366184 _____ (Microsoft Corporation) C:\Windows\system32\mfsensorgroup.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000357376 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000353960 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\ncryptprov.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.BlueLightReduction.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000339520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000336928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000336752 _____ (Microsoft Corporation) C:\Windows\system32\AudioSrvPolicyManager.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapibase.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000324624 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000323584 _____ (Microsoft Corporation) C:\Windows\system32\sppcommdlg.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000317952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000316216 _____ (Microsoft Corporation) C:\Windows\system32\computestorage.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000300184 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000296976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\TDLMigration.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_AnalogShell.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000283136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000280576 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000271872 _____ (Microsoft Corporation) C:\Windows\system32\WpcTok.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptprov.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000268288 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000268216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000267528 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000257536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provplatformdesktop.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000257536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbaudio2.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\UpdateDeploymentProvider.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000248088 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000246784 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerCsp.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000242688 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000227840 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000220680 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000214032 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000210440 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000204800 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000202040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000201728 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000199176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\Win32CompatibilityAppraiserCSP.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000193848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000193800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\weretw.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000187920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\AarSvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000183808 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngOnline.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000182072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000180536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000180024 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\SpatialAudioLicenseSrv.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000164152 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BitLockerCsp.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000149512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000146920 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\oleprn.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000142544 _____ (Microsoft Corporation) C:\Windows\system32\LicensingUI.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000142136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\Chakrathunk.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000138752 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000132096 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000130560 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000129848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000129088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000127296 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000123912 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinAUG.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000120352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000117048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleprn.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000115120 _____ (Microsoft Corporation) C:\Windows\system32\phoneactivate.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000114176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakrathunk.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000102216 _____ (Microsoft Corporation) C:\Windows\system32\changepk.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000099712 _____ (Microsoft Corporation) C:\Windows\system32\FsIso.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000093496 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000093312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000089544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000088560 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\EditBufferTestHook.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000084280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\CustomInstallExec.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\autopilot.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\efsext.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000071720 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EditBufferTestHook.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000065064 _____ (Microsoft Corporation) C:\Windows\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iemigplugin.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000058825 _____ C:\Windows\system32\srms.dat
2019-07-27 14:09 - 2019-07-27 14:09 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\audioresourceregistrar.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efsext.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\BdeUISrv.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000047000 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\WiredNetworkCSP.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\UpgradeResultsUI.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000042296 _____ (Microsoft Corporation) C:\Windows\system32\SysResetErr.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\WordBreakers.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WiFiConfigSP.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000036152 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WordBreakers.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\KNetPwrDepBroker.sys
2019-07-27 14:09 - 2019-07-27 14:09 - 000028936 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspipe.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\autopilotdiag.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000021304 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\bindflt.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\pacjsworker.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.exe
2019-07-27 14:09 - 2019-07-27 14:09 - 000003584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCertResources.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000003584 _____ (Microsoft Corporation) C:\Windows\system32\TpmCertResources.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2019-07-27 14:09 - 2019-07-27 14:09 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2019-07-27 14:06 - 2019-07-27 14:05 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-07-27 14:03 - 2019-07-27 14:03 - 000000000 ____D C:\Users\carte\AppData\Roaming\Google
2019-07-27 14:03 - 2019-07-27 08:36 - 000000000 ____D C:\ProgramData\Packages
2019-07-27 13:57 - 2019-07-27 13:57 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-27 13:57 - 2019-07-27 13:57 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-27 13:57 - 2019-07-27 13:57 - 000000946 _____ C:\Users\Public\Desktop\GIMP 2.10.12.lnk
2019-07-27 13:57 - 2019-07-27 13:57 - 000000946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.12.lnk
2019-07-27 13:57 - 2019-07-27 13:57 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.2
2019-07-27 13:57 - 2019-07-27 13:57 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2019-07-27 13:57 - 2019-07-27 13:57 - 000000000 ____D C:\Program Files\LibreOffice
2019-07-27 13:57 - 2019-07-17 17:10 - 005435192 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2019-07-27 13:57 - 2019-07-17 17:10 - 002637352 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2019-07-27 13:57 - 2019-07-17 17:10 - 001767920 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2019-07-27 13:57 - 2019-07-17 17:10 - 000650608 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2019-07-27 13:57 - 2019-07-17 17:10 - 000451056 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2019-07-27 13:57 - 2019-07-17 17:10 - 000125424 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2019-07-27 13:57 - 2019-07-17 17:10 - 000083440 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2019-07-27 13:57 - 2019-07-16 04:18 - 008642772 _____ C:\Windows\system32\nvcoproc.bin
2019-07-27 13:57 - 2019-03-24 12:54 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2019-07-27 13:56 - 2019-07-27 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-07-27 13:56 - 2019-07-27 13:56 - 000000000 ____D C:\Program Files\GIMP 2
2019-07-27 13:55 - 2019-07-27 13:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-07-27 13:55 - 2019-07-27 13:55 - 000003998 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2019-07-27 13:55 - 2019-07-27 13:55 - 000003766 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2019-07-27 13:55 - 2019-07-27 13:55 - 000000000 ____D C:\Users\Public\Foxit Software
2019-07-27 13:55 - 2019-07-27 13:55 - 000000000 ____D C:\Users\carte\AppData\Roaming\Foxit Software
2019-07-27 13:55 - 2019-07-27 13:55 - 000000000 ____D C:\Users\carte\AppData\Roaming\Foxit AgentInformation
2019-07-27 13:55 - 2019-07-27 13:55 - 000000000 ____D C:\Users\carte\AppData\Roaming\Dropbox
2019-07-27 13:55 - 2019-07-27 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2019-07-27 13:55 - 2019-07-27 13:55 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2019-07-27 13:55 - 2019-07-27 13:55 - 000000000 ____D C:\ProgramData\Dropbox
2019-07-27 13:55 - 2019-07-27 13:55 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2019-07-27 13:55 - 2019-07-27 09:41 - 000000938 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-07-27 13:55 - 2019-07-27 09:41 - 000000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-07-27 13:55 - 2019-07-18 15:15 - 001006800 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-07-27 13:55 - 2019-07-18 15:15 - 001006800 _____ C:\Windows\system32\vulkan-1.dll
2019-07-27 13:55 - 2019-07-18 15:15 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-07-27 13:55 - 2019-07-18 15:15 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-07-27 13:55 - 2019-07-18 15:15 - 000552144 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-07-27 13:55 - 2019-07-18 15:15 - 000456912 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-07-27 13:55 - 2019-07-18 15:15 - 000286416 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-07-27 13:55 - 2019-07-18 15:15 - 000286416 _____ C:\Windows\system32\vulkaninfo.exe
2019-07-27 13:55 - 2019-07-18 15:15 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-07-27 13:55 - 2019-07-18 15:15 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-07-27 13:55 - 2019-07-18 15:14 - 011059408 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2019-07-27 13:55 - 2019-07-18 15:14 - 009492680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 040411904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 035269568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 020193184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 017470416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 005426104 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 004767912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 002042272 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 001721816 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6443160.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 001543824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 001472600 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 001468320 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6443160.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 001164376 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 001136024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 000914520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 000822016 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 000810912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 000677256 _____ C:\Windows\system32\nvofapi64.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 000656792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 000633488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 000543944 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-07-27 13:55 - 2019-07-18 15:13 - 000523920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-07-27 13:55 - 2019-07-18 12:11 - 005087208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2019-07-27 13:55 - 2019-07-18 12:11 - 004342528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-07-27 13:55 - 2019-07-17 19:56 - 001682368 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2019-07-27 13:55 - 2019-07-17 19:56 - 000228608 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2019-07-27 13:55 - 2019-07-17 19:56 - 000052622 _____ C:\Windows\system32\nvinfo.pb
2019-07-27 13:55 - 2019-07-17 19:56 - 000046848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2019-07-27 13:54 - 2019-07-27 13:54 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-27 13:54 - 2019-07-27 13:54 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-27 13:54 - 2019-07-27 13:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-27 13:54 - 2019-07-27 13:54 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-27 13:54 - 2019-07-27 13:54 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-07-27 13:54 - 2019-07-27 13:54 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-07-27 13:54 - 2019-07-27 13:54 - 000000000 ____D C:\ProgramData\Mozilla
2019-07-27 13:54 - 2019-07-27 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-07-27 13:54 - 2019-07-27 13:54 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-07-27 13:54 - 2019-07-27 13:54 - 000000000 ____D C:\Program Files\7-Zip
2019-07-27 13:54 - 2019-07-27 13:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-07-27 13:54 - 2019-07-27 13:54 - 000000000 ____D C:\Program Files (x86)\Google
2019-07-27 13:49 - 2019-07-29 00:22 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-27 13:49 - 2019-07-27 14:03 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-07-27 13:49 - 2019-07-27 13:57 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-07-27 13:49 - 2019-07-27 13:57 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-07-27 13:48 - 2019-07-29 00:23 - 000000000 ___RD C:\Users\carte\OneDrive
2019-07-27 13:48 - 2019-07-27 13:49 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3786187417-711042663-1968237578-1001
2019-07-27 13:48 - 2019-07-27 13:48 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-07-27 13:47 - 2019-07-27 13:47 - 000000000 ___HD C:\Users\carte\MicrosoftEdgeBackups
2019-07-27 13:47 - 2019-07-27 13:47 - 000000000 ____D C:\Users\carte\AppData\Roaming\Adobe
2019-07-27 13:47 - 2019-07-27 09:41 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-27 13:45 - 2019-07-28 23:01 - 000000000 ____D C:\Users\carte
2019-07-27 13:45 - 2019-07-27 13:49 - 000002363 _____ C:\Users\carte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-27 13:45 - 2019-07-27 13:45 - 000000020 ___SH C:\Users\carte\ntuser.ini
2019-07-27 13:42 - 2019-07-27 18:25 - 000795988 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-27 13:40 - 2019-07-27 13:40 - 000000000 ____D C:\ProgramData\USOShared
2019-07-27 13:40 - 2019-06-11 21:29 - 002874368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2019-07-27 13:38 - 2019-07-27 13:38 - 000000000 _SHDL C:\Documents and Settings
2019-07-27 13:38 - 2019-07-27 13:38 - 000000000 ____D C:\Windows\minidump
2019-07-27 13:36 - 2019-07-29 00:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-27 13:36 - 2019-07-28 22:19 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-07-27 13:36 - 2019-07-27 18:31 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-07-27 13:36 - 2019-07-27 13:36 - 000000000 ____D C:\Windows\ServiceProfiles
2019-07-27 13:36 - 2019-07-27 09:41 - 000458192 _____ C:\Windows\system32\FNTCACHE.DAT
2019-07-27 09:41 - 2019-07-27 09:41 - 106593184 _____ (Shift) C:\Users\carte\Downloads\shift-windows-v3.8.2 (1).exe
2019-07-27 09:40 - 2019-07-27 09:40 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-07-27 09:14 - 2019-07-27 09:14 - 000000982 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2019-07-27 09:14 - 2019-07-27 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2019-07-27 09:12 - 2019-07-27 09:17 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2019-07-27 09:12 - 2019-07-27 09:12 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2019-07-27 09:11 - 2019-07-27 09:12 - 000000000 ____D C:\Users\carte\AppData\Roaming\Battle.net
2019-07-27 09:10 - 2019-07-27 09:11 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-07-27 09:10 - 2019-07-27 09:10 - 000000936 _____ C:\Users\Public\Desktop\Battle.net.lnk
2019-07-27 09:10 - 2019-07-27 09:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2019-07-27 09:10 - 2019-07-27 09:10 - 000000000 ____D C:\ProgramData\Battle.net
2019-07-27 09:09 - 2019-07-27 09:12 - 000000000 ____D C:\Users\carte\Desktop\Install
2019-07-27 09:08 - 2019-07-27 09:41 - 000000000 ___RD C:\Users\carte\3D Objects
2019-07-27 09:06 - 2019-07-29 00:23 - 000001987 _____ C:\Users\carte\Desktop\Shift.lnk
2019-07-27 09:06 - 2019-07-27 09:06 - 000000000 ____D C:\Users\carte\Desktop\Misc Photos
2019-07-27 09:06 - 2019-07-27 09:06 - 000000000 ____D C:\Users\carte\Desktop\2019-06-13 14-00-48
2019-07-27 09:06 - 2019-06-13 13:15 - 000002363 _____ C:\Users\carte\Desktop\OneDrive.lnk
2019-07-27 09:02 - 2019-07-27 09:02 - 005143520 _____ (Power Software Ltd) C:\Users\carte\Downloads\PowerISO7-x64.exe
2019-07-27 08:46 - 2019-07-27 08:46 - 000000853 _____ C:\Users\Public\Desktop\PowerISO.lnk
2019-07-27 08:46 - 2019-07-27 08:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2019-07-27 08:46 - 2019-07-27 08:46 - 000000000 ____D C:\Program Files\PowerISO
2019-07-27 08:46 - 2017-06-06 20:36 - 000138296 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2019-07-27 08:45 - 2019-07-29 00:23 - 000000000 ____D C:\Users\carte\AppData\Roaming\Shift
2019-07-27 08:45 - 2019-07-29 00:22 - 000000000 ____D C:\Users\carte\AppData\Roaming\brave
2019-07-27 08:45 - 2019-07-27 08:45 - 106593184 _____ (Shift) C:\Users\carte\Downloads\shift-windows-v3.8.2.exe
2019-07-27 08:45 - 2019-07-27 08:45 - 000000000 ____D C:\Users\carte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redbrick
2019-07-27 08:45 - 2019-07-27 08:45 - 000000000 ____D C:\Users\carte\AppData\Roaming\.Shift
2019-07-16 17:25 - 2019-07-16 17:25 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-07-16 17:25 - 2019-07-16 17:25 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-07-16 17:25 - 2019-07-16 17:25 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-07-16 17:25 - 2019-07-16 17:25 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-07-16 17:25 - 2019-07-16 17:25 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-29 00:23 - 2019-03-19 00:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-07-29 00:22 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-29 00:22 - 2019-03-19 00:37 - 000524288 _____ C:\Windows\system32\config\BBI
2019-07-28 23:02 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\NDF
2019-07-28 20:21 - 2019-03-19 00:37 - 000000000 ____D C:\Windows\CbsTemp
2019-07-28 04:22 - 2019-03-19 00:50 - 000000000 ____D C:\Windows\INF
2019-07-28 04:21 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\appcompat
2019-07-27 18:31 - 2019-03-19 00:52 - 000000000 ____D C:\Program Files\Windows Defender
2019-07-27 14:33 - 2019-03-19 00:49 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-07-27 14:03 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\ServiceState
2019-07-27 13:57 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\Help
2019-07-27 13:45 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2019-07-27 13:42 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\USOPrivate
2019-07-27 13:40 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\spool
2019-07-27 13:40 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-07-27 13:36 - 2019-03-19 00:52 - 000000000 ___RD C:\Windows\PrintDialog
2019-07-27 13:36 - 2019-03-19 00:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-07-27 13:36 - 2019-03-19 00:37 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-07-27 09:40 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\SystemResources
2019-07-27 09:40 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\oobe
2019-07-27 09:40 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\migwiz
2019-07-27 09:40 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\system32\appraiser
2019-07-27 09:40 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\ShellExperiences
2019-07-27 09:40 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\bcastdvr
2019-07-27 09:04 - 2019-03-19 00:52 - 000000000 ____D C:\Windows\AppReadiness
2019-07-27 08:36 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-27 08:24 - 2019-03-19 00:37 - 000000000 ____D C:\Windows\servicing

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

 

Additional:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01
Ran by carte (29-07-2019 00:25:17)
Running from C:\Windows\Temp\mwb3CAB.tmp
Windows 10 Home Version 1903 18362.239 (X64) (2019-07-27 17:38:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3786187417-711042663-1968237578-500 - Administrator - Disabled)
carte (S-1-5-21-3786187417-711042663-1968237578-1001 - Administrator - Enabled) => C:\Users\carte
DefaultAccount (S-1-5-21-3786187417-711042663-1968237578-503 - Limited - Disabled)
Guest (S-1-5-21-3786187417-711042663-1968237578-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3786187417-711042663-1968237578-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 77.4.131 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.6.0.25114 - Foxit Software Inc.)
GIMP 2.10.12 (HKLM\...\GIMP-2_is1) (Version: 2.10.12 - The GIMP Team)
Google Chrome (HKLM\...\{04DBEDAC-DFA9-3823-937A-FE754A7AD6F7}) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
KMymoney 4.8.3 (HKLM-x32\...\kmymoney) (Version: 4.8.3 - kde.org)
LibreOffice 6.2.5.2 (HKLM\...\{207F3229-8AA5-4544-BDB7-7995538A5ED5}) (Version: 6.2.5.2 - The Document Foundation)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3786187417-711042663-1968237578-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.1 - Mozilla)
NVIDIA Graphics Driver 431.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 431.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.4 - Power Software Ltd)
Shift (HKU\S-1-5-21-3786187417-711042663-1968237578-1001\...\Shift) (Version: 3.8.2 - Shift)

Packages:
=========
GNews -> C:\Program Files\WindowsApps\65465Fetisenko.186926BDE572F_1.5.0.0_x64__806cg6g6fmyng [2019-07-27] (Fetisenko) [MS Ad]
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-27] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-27] (Microsoft Corporation) [MS Ad]
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_17.30.3.0_x64__8wekyb3d8bbwe [2019-07-27] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0 [2019-07-27] (Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3786187417-711042663-1968237578-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\carte\Dropbox [2019-07-28 10:22]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-07-16] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-07-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-07-29 00:21 - 2019-03-25 11:17 - 000313344 _____ (Malwarebytes Corporation) [File not signed] C:\Windows\TEMP\mwb3CAB.tmp\mbchkrpt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2019-03-19 00:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3786187417-711042663-1968237578-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\carte\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\blades.jpg
DNS Servers: 192.168.86.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName0 -> unimdm.tsp (Microsoft Windows -> Microsoft Corporation)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName1 -> kmddsp.tsp (Microsoft Windows -> Microsoft Corporation)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> hidphone.tsp (Microsoft Windows -> Microsoft Corporation)
HKLM\software\wow6432node\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName0 -> unimdm.tsp (Microsoft Windows -> Microsoft Corporation)
HKLM\software\wow6432node\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName1 -> kmddsp.tsp (Microsoft Windows -> Microsoft Corporation)
HKLM\software\wow6432node\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> hidphone.tsp (Microsoft Windows -> Microsoft Corporation)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{551619F0-4FC0-46C7-B422-9E78E7FACF8B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EA2AA3B0-3D81-48F4-9402-C095D6F4EA52}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DD50C746-BA18-4C9C-A3BF-EAF47CC31A54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C23F9BAB-51F2-4815-B46A-AF77F633A2B6}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{9E1D5C40-D3BE-4437-9A0A-4A267C0A3971}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{770AE44A-55C4-4183-A8A5-E0099E015AF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6DEF4A2A-C58B-4E46-817A-D4F150DF6C9B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9BB19E67-C5C9-4F43-8D50-9F7E100A0922}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B6A47ABB-ACE4-44EB-9E88-30CD827CBF62}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{967E57E3-8B5B-4D7D-B2DD-52EDB6E0639F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F348BE8E-8804-419E-BB64-72D8CF148A1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6C76DB55-87A2-4446-8776-E578EB968592}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

28-07-2019 20:21:08 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2019 12:23:14 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (07/29/2019 12:23:14 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (07/29/2019 12:23:14 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (07/29/2019 12:23:14 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (07/29/2019 12:23:12 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (07/28/2019 10:22:12 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (07/28/2019 10:22:12 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.

Error: (07/28/2019 10:22:11 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.


System errors:
=============
Error: (07/29/2019 12:22:30 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12

Error: (07/29/2019 12:22:02 AM) (Source: DCOM) (EventID: 10010) (User: MERCURY)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (07/27/2019 06:21:01 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x12

Error: (07/27/2019 06:21:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:42:39 on ‎2019-‎07-‎27 was unexpected.

Error: (07/27/2019 01:56:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DbxSvc service failed to start due to the following error: 
The system cannot find the file specified.

Error: (07/27/2019 01:40:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/27/2019 01:37:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error: 
A device attached to the system is not functioning.

Error: (07/27/2019 01:37:47 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. H.H2 06/13/2019
Motherboard: MSI X99A GAMING 7 (MS-7885)
Processor: Intel(R) Core(TM) i7-5820K CPU @ 3.30GHz
Percentage of memory in use: 11%
Total physical RAM: 32671.04 MB
Available physical RAM: 28991.2 MB
Total Virtual: 37791.04 MB
Available Virtual: 32340.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.13 GB) (Free:372.07 GB) NTFS

\\?\Volume{616ffd03-ebf8-4ac9-9a62-b36b917dff46}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.13 GB) NTFS
\\?\Volume{64492c2b-a5a9-40ea-af5b-6d5586ccdbda}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9B4097DD)

Partition: GPT.

==================== End of Addition.txt ============================

 

mbst-grab-results.zip

Link to post
Share on other sites

Hi,  @nihilzero     :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

If I may be permitted to be very frank, your lists describe a ton of quirky issues.  What we can help you on here is to assist you in running a few scans looking for malware.

Failing to find malware,  I will be then recommending you either restore the system from a known good recent backup, OR, else to wipe the disc and then do a fresh clean new Windows install.

Again, I can help you on looking for infectious actual malware.

I notice that this system is a Windows 10 with a Trial version of Malwarebytes for Windows.

 

Please be sure you only just Attach report files or logs from this point on.  Do not Paste the contents into the reply area-box.

 

Lets start by doing a new thorough scan with Malwarebytes for Windows.   The goal is to see whether there is an infection or P U P.

 

Let's do one new run with Malwarebytes for Windows.

Start Malwarebytes.

Click Settings. Click Protection tab & scroll down to Scan options.

On the section "Potential Threat Protection"
look down at the one "Potentially Unwanted Programs (PUPs)" look and make sure it is set to
"Always detect PUPS ".

and

look down at the one "Potential Unwanted Modifications (PUM)" look and make sure it is set to
"Always detect PUM ".

and
scroll all the way down to the section Automatic Quarantine
On the line "Automatically quarantine detected malware" be sure it is ON



Then once all set there, click on SCAN button
Then insure Threat scan has a check mark. Then click Start scan.
Review the results list.
Then I would suggest you make sure all lines have a check mark

To that end, if you click the very top left checkbox you can force all detected lines ( if any are detected)  to be selected for removal. Be sure each line is checked.

image.png.54e9bf371e05bc02ef31539aa2c3a045.png



Then you can proceed to click on the blue button Quarantine selected.


In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your next reply 

 

Edited by Maurice Naggar
updated for scan run
Link to post
Share on other sites

YES!  Sorry I was locked out of my account for a few days.  I am SO GLAD TO HEAR that you acknowledge that something is definitely wrong with my PC and that "the call is coming from inside the house" so to speak. My family thinks I am NUTS!

I ran the scan as instructed, and it found NO malware of course.  Attached is the log.  It should be noted that I selected in the options to give DETAILED logs...and the detail here seems to be a bit lacking.  

I have found breadcrumbs that would lead me to believe that the FIRMWARE of my motherboard/ram/Harddrive/or video card may have been flashed to create this 'whateverthisis'.  So I also attached some screenshots from my "system Information" panels that I would like you to see.

Capture1.PNG

Capture3.PNG

Capture4.PNG

Capture5.PNG

Capture6.PNG

Capture7.PNG

Capture8.PNG

Capture09.PNG

Capture9.PNG

Capture2.PNG

malwarebytesScan.txt mb-licenseinfo.txt desktop.ini.txt

Link to post
Share on other sites

The Malwarebytes scan run report is perfect.  No malware & no P U P  are present.

The screen grabs are normal. 

You can do this next special scan just to have a second opinion.

.

Whatever it is in Python would be from some past downloads.   No, there is no basis for jumping to a conclusion that there is some other OS.

 

You may run a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

 

Link to post
Share on other sites

I don't mean to second-guess you....but it seems awfully strange that my FIRST network device is installed as a kernel network debugger, and that I have something like 7-8 remote access servers on Windows 10 HOME edition, some of which map to a network protocol that I have barely even heard of.  There might not be any distinct MALWARE on my system, but rather it seems that someone has tinkered around with an Active Directory/Enterprise Domain and taken ownership of my machines and DNS settings.   

I may have neglected to mention, but for the last month I've noticed that EVERY TIME I download driver files for my system, I scan them with VirusTotal and they contain a trojan nearly every time.  What would be the steps to take to regain control of a compromised active directory?   To just buy my own?

Thanks for your help in all this mess. I will be scanning with ESET later tonight after work.  

Link to post
Share on other sites

I have to wonder if all this is a network at your home ?  

Quote

that I have something like 7-8 remote access servers on Windows 10 HOME edition

If you have a business network it seems to me all user-stations ought to be on Windows PRO editions.

If you see a suspicious device , drill down in Device Manager & then in driver Properties to document the driver publisher and version.

You did not mention the result of the ESET Online scan !   That is a important checkpoint in analyzing this case.

Please do that run !.

 

Also, you can run this special scan with Malwarebytes Anti-rootkit tool.

Please read all of these lines first so that it is all clear to you about our plan. I need a one time run of MBAR like listed here, please.

Please download Malwarebytes Anti-Rootkit (MBAR) from this link here

and save it to your desktop.

 

Doubleclick on the MBAR file and allow it to run.

•Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next', then click the Scan button.

With some infections, you may see two messages boxes:

1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, press the Cleanup button when the scan completes. .

Please attach the log it produces, you'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
 

 

 

 

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.