# Deleting passwords and apps won't run or uninstall



## UnicornSparkle (Apr 11, 2020)

Hello, I have been having real trouble with my laptop, and I'm at my wits end with it! I accidentally installed some malware (I think!) called Web bar, which bundled other stuff like S antivirus client and Premier Opinion. I realised that S antivirus client was malware, and uninstalled it. It told me to restart my computer, which I did. When I came back I immediately realised something, my wallpaper had changed. All of my normal apps in the task bar where replaced with standard windows ones, and none of my files were on my desktop. I went into Chrome, all my passwords were non existent. I tried opening mail, wouldn't open. Attempted to open Skype, Microsoft Store, Microsoft Solitaire Collection etc. None of them opened. I tried to uninstall them, and it came up with the error code 0x80073d23. Randomly my computer keeps restarting saying 'we had a problem' and when I log back in all of the new passwords I have made have been deleted again. I have looked at other similar threads and someone said about the different users and temp files. There were temp files in users and also dell in users, which had all of my files in. It had no Skype files. I don't know why it is still showing up and I can't even try to download it again because Microsoft Store isn't working either. 
I have got AVG antivirus software (after extensive review reading, I'm more wary now!) and it isn't picking up any malware or browser threats.
I am on Windows 10 and I have an Inspiron 13 5000 series. 
Please can someone help as I am very upset and frustrated at my computer now! I cannot do hardly any of my daily tasks on my laptop now. 
Thanks for your time, any help is very much appreciated.


----------



## Couriant (Mar 26, 2002)

Let's get this thread to the malware forum to make sure you have no more malware.

It looks like your application protocol may have been changed to prevent you from opening anything.

If at all possible, please make sure you back up any important data (documents, pictures, etc) as the last possible option is to reinstall Windows.


----------



## UnicornSparkle (Apr 11, 2020)

Couriant said:


> Let's get this thread to the malware forum to make sure you have no more malware.
> 
> It looks like your application protocol may have been changed to prevent you from opening anything.
> 
> If at all possible, please make sure you back up any important data (documents, pictures, etc) as the last possible option is to reinstall Windows.


Ok, I have, thank-you so much for your help! How can I reinstall Windows?


----------



## DR.M (Sep 4, 2019)

Hello, UnicornSparkle.

Welcome to the TSG Forums. 

If you want us to check your computer for malware, please do the following:

Download F*arbar Recovery Scan Tool* and save it to your *desktop. --> IMPORTANT*

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button and wait for a while.
The scanner will produced two logs on your Desktop: *FRST.txt *and *Addition.txt*. Please copy and paste the content of these two logs in your next reply.

*NOTES:*

*1. Do not run any tool* unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

*2. Always ask before act.* Do not continue if you are not sure, or if something unexpected happens.

*3.* I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.


----------



## Couriant (Mar 26, 2002)

UnicornSparkle said:


> Ok, I have, thank-you so much for your help! How can I reinstall Windows?


We have a link in our Windows 10 forum on how to reinstall via Media Creation Tool. Dell also has it's own version but it will include all the unnecessary software, but will have all drivers needed. Let's concentrate on checking your computer first.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hello, UnicornSparkle.
> 
> Welcome to the TSG Forums.
> 
> ...


Hi thanks for your help! I have a small problem though. When I download, it says FRST.exe was blocked because it could harm your device. Shall I keep it? 
Thanks!


----------



## UnicornSparkle (Apr 11, 2020)

Couriant said:


> We have a link in our Windows 10 forum on how to reinstall via Media Creation Tool. Dell also has it's own version but it will include all the unnecessary software, but will have all drivers needed. Let's concentrate on checking your computer first.


Ok! Thank you. I will wait.


----------



## DR.M (Sep 4, 2019)

Hi, UnicorSparkle. 

There is nothing bad with FRST and it will not harm your computer. Accept it and go on.


----------



## UnicornSparkle (Apr 11, 2020)

I have tried to download on chrome and microsoft edge but it comes up with error messages. It says 'this file is not safe' and I press 'keep anyway' then I click on it once it's downloaded and I press 'open' and it doesn't do anything. I have searched for it on my computer and apparently it doesn't exist. I have downloaded both version, the 64 bit an 32 bit.


----------



## UnicornSparkle (Apr 11, 2020)

Oh, and then it says Couldn't download - Couldn't download or Couldn't download - Virus scan failed! Sorry for all this trouble.


----------



## DR.M (Sep 4, 2019)

Hi!

No trouble at all.

I just want to understand what exactly is happening.

You said: "I have downloaded both versions, the 64 bit an 32 bit."

That means that you can see on your Desktop the image attached?

Can you please take screenshots to show me the warnings you are getting?

This article (Method 2) can help you haw to take screenshots.


----------



## UnicornSparkle (Apr 11, 2020)

Ok! So It isn't on my desktop as it won't open. Here are the images.





























Thanks!


----------



## DR.M (Sep 4, 2019)

It is blocked by Windows Defender, which is not something unusual. When you choose Keep anyway, it keeps warning you as above?


----------



## Couriant (Mar 26, 2002)

Try downloading in Chrome.


----------



## DR.M (Sep 4, 2019)

I don't think that it's a browser's issue. Besides, she/he tried that already.

Assuming it is a Windows Defender issue, you could try this:

Go to Settings by pressing the Windows icon on your keyboard together with the letter I.

Then...

>Update & Security
>Virus & thread protection
>Controlled folder access
>Select Manage Controlled folder access
>Allow an app through Controlled folder access


Try to download the FRST again.


----------



## Couriant (Mar 26, 2002)

DR.M said:


> I don't think that it's a browser's issue. Besides, she/he tried that already.
> 
> If it is a Windows Defender issue, you could try this:
> 
> ...


OK, I missed that part. The old Edge had an option to turn off SmartFilter.... I don't have the new Chromium-based Edge so I don't know if it has that, but if it does, then perhaps try that as well to see if it will allow the download


----------



## DR.M (Sep 4, 2019)

Hi, Unicornsparkle.

When you see this warning, press the *three dots* and then choose *Keep.*










After that, you will get another warning:










Choose *Show more,* and then *Keep anyway.*
Now, you should be able to download the FTST tool.

*If there is still a problem, do the following:*

Go to *Settings*, by pressing the Windows icon on your keyboard, together with the letter I.

Scroll down to find *Update & Security* and Choose it.

From the menu at the left, select *Windows Security.*

With this tab selected, choose *Virus & Threat protection. *

Under Virus & threat protection settings, select *Manage settings.*

Under Controlled folder access, select *Manage Controlled folder access.*

Switch the *Controlled folder access* setting to *On.*

Choose *Allow an app through Controlled folder access,* and then *Yes.*

Select *Add an allowed app* and then *Recently blocked apps.*

Find* FRST* and choose it.

*Try to download FRST again, and post here your result. *


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hello, UnicornSparkle.
> 
> Welcome to the TSG Forums.
> 
> ...


Hi! I have successfully downloaded it, only due to your help, thanks! I have added it to my desktop and I double clicked it and it won't open. It does the little whirly blue thing first and then just does nothing. This was the 64 bit version. I tried to download the 32 bit version but I kept downloading it and pressing keep and keep anyway and then I opened files in downloads and it didn't show up most times but sometimes it did and I right clicked it and then I tried to add it to the desktop and when I clicked it it said the file does not exist! I don't know why the downloads won't show up... I have attached some photos. 
Thanks!


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, Unicornsparkle.
> 
> When you see this warning, press the *three dots* and then choose *Keep.*
> 
> ...


Oh I also did the settings thing and it came up with this.


----------



## UnicornSparkle (Apr 11, 2020)

UnicornSparkle said:


> Oh I also did the settings thing and it came up with this.


When I clicked virus and threat protection.


----------



## DR.M (Sep 4, 2019)

A question:
You said that you "did the Settings thing". But then you added that when you clicked on the Virus & Threat Protection you got the warning. So, you complete or not the instructions above?


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> A question:
> You said that you "did the Settings thing". But then you added that when you clicked on the Virus & Threat Protection you got the warning. So, you complete or not the instructions above?


Yes, I did follow the instructions by clicking on Settings, Update and Security, windows security and then virus and threat protection and it came up with the screenshot above.


----------



## UnicornSparkle (Apr 11, 2020)

Ok I have successfully opened FRST after it coming up with a warning about the app making changes to your device, which I clicked ok to. It has come up with this for FRST.txt!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2020
Ran by Dell (administrator) on ISISUNICORN (Dell Inc. Inspiron 13-5378) (16-04-2020 17:54:42)
Running from C:\Users\TEMP\Desktop
Loaded Profiles: Dell (Available Profiles: Dell) <==== ATTENTION (Temporary Profile?)
Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <3>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Digital Communications Inc -> Digital Com. Inc) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusClient.exe
(Digital Communications Inc -> Digital Com. Inc) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe
(Digital Communications Inc -> Digital Com. Inc) C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9237968 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1497048 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [976768 2017-05-08] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [156256 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] (National Instruments Corporation -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3790778226-1724361597-474460523-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-03-09] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3790778226-1724361597-474460523-1001\...\Run: [OneDrive] => C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1579368 2020-04-15] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.113\Installer\chrmstp.exe [2020-04-16] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\80.0.361.111\Installer\setup.exe [2020-04-08] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2020-03-30]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0682DCFB-1BE9-42D6-A7FA-502F998BC78B} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3790778226-1724361597-474460523-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {1239742A-ED43-4A6C-ABAB-BD4EF55E4A06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-25] (Google Inc -> Google Inc.)
Task: {33BED376-B1E9-4493-9342-0E43C4142D24} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-16] (Adobe Inc. -> Adobe)
Task: {33E8F873-6D95-4E84-9D0E-033323CB5691} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {34E68667-F92A-48CC-8C9B-E5AC77AD7424} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-16] (Adobe Inc. -> Adobe)
Task: {47170E82-A528-4397-B796-509E89804135} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {535C90CC-D12D-44B2-9AD2-C7D1D6BC0EA4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3373072 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {58D9B2CC-2D81-4421-8BB0-4667E5880018} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {5D0064CA-88FC-44E2-9819-E0CA949FDB82} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6FBFDE81-E731-4261-8EF0-C9E7D947F5E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {7520EB45-B7E9-4FA4-BE90-DE368E02F1E8} - System32\Tasks\HPCustParticipation HP LaserJet M14-M17 => C:\Program Files\HP\HP LaserJet M14-M17\Bin\HPCustPartic.exe [6662792 2018-07-04] (Hewlett Packard -> HP Inc.)
Task: {858CC683-261B-42D5-9DB8-93AEAA8B903D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-25] (Google Inc -> Google Inc.)
Task: {B45A5A99-92DE-486B-9EA3-A5E84CF5FE0B} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1497048 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {E8CCBA86-751E-4A7D-B85F-EEE0D9C6F7DB} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fee471dd-c8e9-4f2b-8d26-d737c8cbe35f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dbnwss_20_14_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDtByC0AtAzztB0C0EtCtByCtBtCzy0AtN0D0Tzu0StAtDtCtBtN1L2XzuyEtFyCtCtFtDtFtCzytCtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2SyC0A0AyD0DyC0FtCtGtDyDyCtDtGtB0ByD0AtGtCtCtCyCtGtAyEyCzztAtA0B0DtB0AtD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyzzzztD1O1OtA1RtGzyyBtAtDtGyE1OzztCtGzzyDzzzztGyDtCtBzyyCzz1SyEtByCyE1P2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzzyDyCyByBtBzyyB%26cr%3D1065337334%26a%3Dwsg_dbnwss_20_14_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome

Edge: 
======
Edge Profile: C:\Users\TEMP\AppData\Local\Microsoft\Edge\User Data\Default [2020-04-16]
Edge DefaultSearchURL: Default -> hxxps://manageyoursearch.com/?q={searchTerms}
Edge DefaultSuggestURL: Default -> hxxps://manageyoursearch.com/suggest?q={searchTerms}
Edge Extension: (Search Manager) - C:\Users\TEMP\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh [2020-04-15]
Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]
CHR HKLM\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM-x32\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]
CHR HKLM-x32\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"SAntivirusIC" => service was unlocked. <==== ATTENTION

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2020-03-30] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [345960 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5552064 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110608 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2223864 2017-01-05] (Intel Corporation -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-16] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\80.0.361.111\elevation_service.exe [1093512 2020-04-08] (Microsoft Corporation -> Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333264 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [7051760 2020-03-31] (Digital Communications Inc -> Digital Com. Inc) <==== ATTENTION
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [190960 2020-03-31] (Digital Communications Inc -> Digital Com. Inc) <==== ATTENTION
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [592776 2017-05-08] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37960 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [206672 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [234840 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [179032 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61272 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16520 2020-04-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [43568 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175984 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [110064 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [85664 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [852392 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [460184 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [235768 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [317864 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-08] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [75320 2017-01-05] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [358968 2017-01-05] (Intel Corporation -> Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63496 2017-01-12] (Intel(R) Software -> Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [31328 2016-08-09] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [356608 2016-11-16] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [143984 2016-09-18] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [80496 2016-08-17] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8720384 2019-08-27] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R1 SANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusKD.sys [90096 2020-03-31] (Digital Communications Inc. -> Digital Comm. Inc) <==== ATTENTION
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [40008 2015-06-25] (Intel(R) Software -> Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-16 17:54 - 2020-04-16 17:55 - 000021152 _____ C:\Users\TEMP\Desktop\FRST.txt
2020-04-16 17:54 - 2020-04-16 17:55 - 000000000 ____D C:\FRST
2020-04-16 09:46 - 2020-04-16 09:46 - 000000000 ____D C:\Users\TEMP\AppData\Local\CrashDumps
2020-04-15 18:29 - 2020-04-15 18:29 - 000000595 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST.lnk
2020-04-15 18:21 - 2020-04-15 18:21 - 002281472 _____ (Farbar) C:\Users\TEMP\Desktop\FRST64.exe
2020-04-15 18:19 - 2020-04-15 18:19 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\AVG
2020-04-15 18:12 - 2020-04-15 18:15 - 000000000 ____D C:\Users\TEMP\AppData\Local\PlaceholderTileLogoFolder
2020-04-15 18:12 - 2020-04-15 18:12 - 000000000 ____D C:\Users\TEMP\AppData\Local\Avg
2020-04-15 18:11 - 2020-04-15 18:11 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\santivirusclient
2020-04-15 18:11 - 2020-04-15 18:11 - 000000000 ____D C:\Users\TEMP\AppData\Local\D3DSCache
2020-04-15 18:11 - 2020-04-15 18:11 - 000000000 ____D C:\Users\TEMP\AppData\Local\CEF
2020-04-15 18:11 - 2020-04-15 18:11 - 000000000 ____D C:\Users\TEMP\AppData\Local\Adobe
2020-04-15 18:10 - 2020-04-15 20:52 - 000000000 ____D C:\Users\TEMP\AppData\Local\Packages
2020-04-15 18:10 - 2020-04-15 18:15 - 000002360 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-15 18:10 - 2020-04-15 18:11 - 000000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2020-04-15 18:10 - 2020-04-15 18:11 - 000000000 ____D C:\Users\TEMP\AppData\Local\Intel
2020-04-15 18:10 - 2020-04-15 18:10 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2020-04-15 18:10 - 2020-04-15 18:10 - 000000000 ___RD C:\Users\TEMP\3D Objects
2020-04-15 18:10 - 2020-04-15 18:10 - 000000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2020-04-15 18:10 - 2020-04-15 18:10 - 000000000 ____D C:\Users\TEMP\AppData\Local\Google
2020-04-15 18:10 - 2020-04-15 18:10 - 000000000 ____D C:\Users\TEMP\AppData\Local\ConnectedDevicesPlatform
2020-04-15 17:25 - 2020-04-15 17:25 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-15 17:25 - 2020-04-15 17:25 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-15 17:25 - 2020-04-15 17:25 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-15 17:25 - 2020-04-15 17:25 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-15 17:25 - 2020-04-15 17:25 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-15 17:25 - 2020-04-15 17:25 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-15 17:24 - 2020-04-15 17:25 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-15 17:24 - 2020-04-15 17:24 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-15 17:24 - 2020-04-15 17:24 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-15 17:11 - 2020-04-15 17:11 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-15 17:11 - 2020-04-15 17:11 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-10 08:24 - 2020-04-10 08:24 - 000000000 ___HD C:\OneDriveTemp
2020-04-08 20:48 - 2020-04-08 20:48 - 001367012 _____ C:\WINDOWS\Minidump\040820-11500-01.dmp
2020-04-04 18:45 - 2020-04-04 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2020-04-04 18:45 - 2020-04-04 18:45 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2020-04-03 12:58 - 2020-04-03 12:58 - 000000000 ___HD C:\$AV_AVG
2020-04-03 12:56 - 2020-04-03 12:56 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2020-04-03 12:56 - 2020-04-03 12:56 - 000002059 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2020-04-03 12:56 - 2020-04-03 12:56 - 000002059 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk
2020-04-03 12:55 - 2020-04-16 17:36 - 000003250 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2020-04-03 12:55 - 2020-04-03 12:55 - 000852392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000460184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000337592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2020-04-03 12:55 - 2020-04-03 12:55 - 000317864 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000235768 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000234840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000206672 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000179032 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000175984 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000110064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000085664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000061272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000043568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000037960 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000016520 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2020-04-03 12:55 - 2020-04-03 12:55 - 000000000 ____D C:\Program Files\Common Files\AVG
2020-04-03 12:55 - 2020-04-03 12:55 - 000000000 ____D C:\Program Files\AVG
2020-04-03 12:52 - 2020-04-16 09:51 - 000000000 ____D C:\ProgramData\AVG
2020-04-03 12:34 - 2020-04-08 09:02 - 000001606 _____ C:\WINDOWS\ntbtlog.txt
2020-04-03 12:13 - 2020-04-03 12:13 - 000000000 ____D C:\NPE
2020-04-03 12:12 - 2020-04-03 12:12 - 000000000 ____D C:\ProgramData\Norton
2020-04-02 12:36 - 2020-04-16 09:46 - 000000000 ___RD C:\Users\TEMP\OneDrive
2020-04-02 12:30 - 2020-04-15 18:10 - 000000000 ____D C:\Users\TEMP
2020-04-02 12:28 - 2020-04-02 12:28 - 000000000 ____D C:\ProgramData\ssh
2020-04-02 09:07 - 2020-04-02 09:08 - 000000000 ___HD C:\adobeTemp
2020-04-01 09:18 - 2020-04-01 09:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion
2020-04-01 09:14 - 2020-04-01 09:14 - 000000060 _____ C:\Users\Dell\AppData\Local\kritadisplayrc
2020-03-31 21:03 - 2020-04-01 09:14 - 000016239 _____ C:\Users\Dell\AppData\Local\kritarc
2020-03-31 21:03 - 2020-03-31 21:03 - 000000000 ____D C:\Users\Dell\AppData\Roaming\krita
2020-03-31 21:03 - 2020-03-31 21:03 - 000000000 ____D C:\Users\Dell\AppData\Local\krita
2020-03-31 21:01 - 2020-03-31 21:01 - 000001733 _____ C:\Users\Public\Desktop\Krita.lnk
2020-03-31 21:01 - 2020-03-31 21:01 - 000001733 _____ C:\ProgramData\Desktop\Krita.lnk
2020-03-31 21:01 - 2020-03-31 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Krita
2020-03-31 21:00 - 2020-03-31 21:01 - 000000000 ____D C:\Users\Dell\Desktop\Krita (x64)
2020-03-31 20:58 - 2020-03-31 20:59 - 110753224 _____ (Krita Foundation) C:\Users\Dell\Downloads\krita-x64-4.2.9-setup.exe
2020-03-31 18:57 - 2020-03-31 18:57 - 000000000 ____D C:\Users\Dell\AppData\Roaming\santivirusclient
2020-03-31 18:56 - 2020-03-31 19:00 - 000000000 ____D C:\Users\Dell\AppData\Local\chromium
2020-03-31 18:56 - 2020-03-31 18:56 - 000000000 ____D C:\ProgramData\SAntivirus
2020-03-31 18:56 - 2020-03-31 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
2020-03-31 18:56 - 2020-03-31 18:56 - 000000000 ____D C:\Program Files (x86)\Digital Communications
2020-03-31 18:55 - 2020-04-03 12:58 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
2020-03-31 18:55 - 2020-03-31 19:00 - 000000000 ____D C:\Program Files (x86)\Chromium
2020-03-31 18:55 - 2020-03-31 18:58 - 000000000 ____D C:\Users\Dell\AppData\Local\{7F30496C-5B98-25D4-3600-003C1268FCA4}
2020-03-31 18:55 - 2020-03-31 18:55 - 000000000 ____D C:\ProgramData\{7910452C-5138-3D54-0960-157CE188CDA4}
2020-03-31 18:54 - 2020-03-31 19:01 - 000000000 ____D C:\ProgramData\idaaq
2020-03-31 18:54 - 2020-03-31 18:54 - 000000000 ____D C:\Users\Dell\AppData\Local\WallpaperSuite
2020-03-31 18:53 - 2020-03-31 18:53 - 002907176 _____ ( ) C:\Users\Dell\Downloads\Your File Is Ready To Download_3452282368.exe
2020-03-30 18:24 - 2020-03-30 18:24 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Opera
2020-03-30 18:22 - 2020-03-30 18:22 - 000000000 ____D C:\Users\Dell\Documents\Updater
2020-03-30 18:17 - 2020-03-30 18:17 - 000002158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2020-03-30 18:16 - 2020-03-30 18:16 - 000002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2020-03-30 18:16 - 2020-03-30 18:16 - 000001946 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2020-03-30 18:16 - 2020-03-30 18:16 - 000001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2020-03-30 18:16 - 2020-03-30 18:16 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2020.lnk
2020-03-30 18:16 - 2020-03-30 18:16 - 000000000 ____D C:\Users\Public\Documents\Adobe PDF
2020-03-30 18:16 - 2020-03-30 18:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2020-03-30 18:16 - 2020-03-30 18:16 - 000000000 ____D C:\ProgramData\Documents\Adobe PDF
2020-03-30 18:10 - 2020-03-30 18:16 - 000000000 ____D C:\Users\Dell\Documents\Adobe
2020-03-30 18:09 - 2020-03-30 18:09 - 000001342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Character Animator 2020.lnk
2020-03-30 18:06 - 2020-03-30 18:06 - 000000000 ____D C:\Users\Dell\Desktop\Technical Information
2020-03-30 18:06 - 2020-03-30 18:06 - 000000000 ____D C:\Users\Dell\Desktop\Help
2020-03-30 18:06 - 2020-03-30 18:06 - 000000000 ____D C:\Users\Dell\Desktop\Goodies
2020-03-30 18:06 - 2020-03-30 18:06 - 000000000 ____D C:\Users\Dell\Desktop\Customer Support
2020-03-30 18:05 - 2020-03-30 18:06 - 000000000 ____D C:\Users\Dell\Desktop\Adobe(R) Photoshop(R) CS2
2020-03-30 18:05 - 2020-03-30 18:05 - 000000000 ____D C:\Users\Dell\Desktop\Adobe Solutions Network
2020-03-30 18:04 - 2020-04-02 09:08 - 000000000 ___RD C:\Users\Dell\Creative Cloud Files
2020-03-30 18:01 - 2020-04-16 17:36 - 000002608 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2020-03-30 18:00 - 2020-04-15 18:16 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-03-30 18:00 - 2020-04-15 18:16 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-03-30 17:58 - 2020-03-30 18:15 - 000000000 ____D C:\ProgramData\Adobe
2020-03-30 17:58 - 2020-03-30 17:58 - 000001364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2020-03-30 17:58 - 2020-03-30 17:58 - 000001352 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2020-03-30 17:58 - 2020-03-30 17:58 - 000001352 _____ C:\ProgramData\Desktop\Adobe Creative Cloud.lnk
2020-03-30 17:57 - 2020-03-30 18:04 - 356583291 _____ (Adobe Systems Inc. ) C:\Users\Dell\Downloads\PhSp_CS2_English.exe
2020-03-30 17:56 - 2020-03-30 18:17 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-03-30 17:56 - 2020-03-30 18:16 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-03-30 17:56 - 2020-03-30 18:16 - 000000000 ____D C:\Program Files\Adobe
2020-03-30 15:46 - 2020-03-30 15:46 - 020091041 _____ C:\Users\Dell\Downloads\Desk Working Stretch Routine.mov
2020-03-28 14:23 - 2020-03-28 14:24 - 017797136 _____ C:\Users\Dell\Downloads\InstallUserTesting-v2.1.1 (1).exe
2020-03-27 09:41 - 2020-03-27 09:41 - 000006400 _____ C:\Users\Dell\Downloads\2 Bit Image (1).html
2020-03-26 13:23 - 2020-03-26 13:23 - 000006400 _____ C:\Users\Dell\Downloads\2 Bit Image.html
2020-03-26 13:16 - 2020-03-26 13:16 - 000006002 _____ C:\Users\Dell\Downloads\1 Bit Image.html
2020-03-25 20:06 - 2020-03-25 20:06 - 014714210 _____ C:\Users\Dell\Downloads\Uploading work.mov
2020-03-25 20:05 - 2020-03-25 20:05 - 006438189 _____ C:\Users\Dell\Downloads\The 5 Ks 2018.pptx
2020-03-24 16:16 - 2020-03-24 16:16 - 001135729 _____ C:\Users\Dell\Downloads\Geography.zip
2020-03-24 16:10 - 2020-03-24 16:10 - 000053493 _____ C:\Users\Dell\Downloads\6FigureGridReferences.pptx
2020-03-24 16:07 - 2020-03-24 16:07 - 000050004 _____ C:\Users\Dell\Downloads\4FigureGridReferences.pptx
2020-03-24 12:14 - 2020-03-24 12:14 - 000262116 _____ C:\Users\Dell\Downloads\Latin jazz (1).pdf
2020-03-24 12:05 - 2020-03-24 12:05 - 000335064 _____ C:\Users\Dell\Downloads\Latin jazz.pdf
2020-03-21 16:07 - 2020-03-21 16:07 - 327863410 _____ C:\Users\Dell\Downloads\testingdraw
2020-03-21 15:55 - 2020-03-21 15:55 - 055700252 _____ C:\Users\Dell\Downloads\20200321_130551.mp4
2020-03-21 15:54 - 2020-03-21 15:55 - 098125480 _____ C:\Users\Dell\Downloads\20200321_130726.mp4
2020-03-21 15:54 - 2020-03-21 15:55 - 097641040 _____ C:\Users\Dell\Downloads\20200321_130824.mp4
2020-03-21 15:54 - 2020-03-21 15:55 - 043157529 _____ C:\Users\Dell\Downloads\20200321_130632.mp4
2020-03-20 15:14 - 2020-03-20 15:14 - 011607552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-03-20 15:14 - 2020-03-20 15:14 - 009711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-03-20 15:14 - 2020-03-20 15:14 - 005502464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2020-03-20 15:14 - 2020-03-20 15:14 - 004308480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2020-03-20 15:14 - 2020-03-20 15:14 - 001541632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 025900544 _____ (Microsoft Corporation)


----------



## UnicornSparkle (Apr 11, 2020)

And the second part...

C:\WINDOWS\system32\edgehtml.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 007259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 004855808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 004348408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 003819520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 003243296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-03-20 15:13 - 2020-03-20 15:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-03-20 15:13 - 2020-03-20 15:13 - 002315680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 002230232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 002224952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 002072664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 002031104 _____ C:\WINDOWS\system32\rdpnano.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001835128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001770552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001555904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001490640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001417976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001282944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001273856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001272360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001218632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001108040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001088000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000757632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbc32.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000669496 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbc32.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000510768 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2020-03-20 15:13 - 2020-03-20 15:13 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000486400 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2020-03-20 15:13 - 2020-03-20 15:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000366416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacEncoder.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFMCP.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapisrv.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\srrstr.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacEncoder.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2020-03-20 15:13 - 2020-03-20 15:13 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\recdisc.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-03-20 15:13 - 2020-03-20 15:13 - 000186880 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWSD.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWSD.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfrgui.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dfrgui.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000059221 _____ C:\WINDOWS\system32\srms.dat
2020-03-20 15:13 - 2020-03-20 15:13 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2020-03-20 15:13 - 2020-03-20 15:13 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrTasks.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000042296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2020-03-20 15:13 - 2020-03-20 15:13 - 000019768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2020-03-20 15:13 - 2020-03-20 15:13 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 006436352 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 006084344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 005112832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 004048896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 003971808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 003371720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 002875904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 002861568 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 002773568 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 002740736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directml.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 002703872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 002698040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 002259872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 002021888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001985104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001972536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 001916744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001562424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001482040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001396152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-03-20 15:12 - 2020-03-20 15:12 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001283600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-03-20 15:12 - 2020-03-20 15:12 - 001264128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 001213752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001195008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001190912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 001170960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001154448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001071184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 001051448 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001031680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 001007672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000935040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000929144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000904504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000891736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000877232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000857088 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-03-20 15:12 - 2020-03-20 15:12 - 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000824848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000796904 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000776488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000768488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000758800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000741392 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000734720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetup.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000673080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000661816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000637440 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000636848 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxs.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000627216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000605896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000597816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000587064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000568120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000551824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxs.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000542288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000518456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000516648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000478792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000467952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000453432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000441072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000422008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000416056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2020-03-20 15:12 - 2020-03-20 15:12 - 000405632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000375504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000335448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpviewerax.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000320312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000300392 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcomapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000274464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpviewerax.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000260920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000248064 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000234984 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000221200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000213984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\regapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000179720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000165832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000165504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000164776 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Winlangdb.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000150536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000143160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000136328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000133944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000133464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47mrm.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\profapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000132624 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000130112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000120560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000120048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GraphicsCapture.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000102760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000098104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\globinputhost.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000089616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000068408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceReactivation.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000063288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmRes.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Websocket.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000042336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afunix.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcicda.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000037392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmprovhost.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Websocket.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxstrace.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxstrace.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Drivers\afunix.sys
2020-03-20 15:12 - 2020-03-20 15:12 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciwave.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciseq.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msauserext.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000020944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msauserext.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MUILanguageCleanup.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\LangCleanupSysprepAction.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmplpxy.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchTM.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchTM.exe
2020-03-20 15:12 - 2020-03-20 15:12 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCertResources.dll
2020-03-20 15:12 - 2020-03-20 15:12 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 007905784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 006231200 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 004622280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 004471296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 004140544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 004005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 003260928 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 003143168 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 002870272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 002808832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 002522112 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 002474496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 002289152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 002157056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 002071552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001885184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001823232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001581056 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001505592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001481216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 001372160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 001092096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000945384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000833616 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000804872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000802304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000732200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000678928 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000642216 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2020-03-20 15:11 - 2020-03-20 15:11 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000531768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-03-20 15:11 - 2020-03-20 15:11 - 000522384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000429880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000369504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000355000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Acx01000.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000306696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountCloudAP.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000250896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2dp.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000224056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000222520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Winlangdb.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000208696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000201744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000199992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000186672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47mrm.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000183608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000180232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000174392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000151568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000141840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000131896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\globinputhost.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000128312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationControlCSP.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000117264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingExperienceMEM.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2020-03-20 15:11 - 2020-03-20 15:11 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSystray.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000066336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlrmdr.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguageProfileCallback.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000056632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAProfileNotificationHandler.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcicda.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000048256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2020-03-20 15:11 - 2020-03-20 15:11 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciwave.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciseq.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000030008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000029712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tbs.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000028936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000019984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelide.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpnotify.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000016912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys
2020-03-20 15:11 - 2020-03-20 15:11 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe
2020-03-20 15:11 - 2020-03-20 15:11 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2020-03-20 15:11 - 2020-03-20 15:11 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUserRes.dll
2020-03-17 11:11 - 2020-03-17 11:11 - 012283849 _____ C:\Users\Dell\Downloads\roi2-s-78-light-and-materials-experiment-powerpoint.pptx
2020-03-17 08:36 - 2020-04-08 09:08 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-03-17 08:36 - 2020-04-08 09:08 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-03-17 08:36 - 2020-04-08 09:08 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-03-17 08:35 - 2020-04-16 17:36 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-03-17 08:35 - 2020-04-16 17:36 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-03-17 08:33 - 2020-04-08 20:48 - 000000000 ____D C:\WINDOWS\Minidump
2020-03-17 08:33 - 2020-03-17 08:33 - 001403500 _____ C:\WINDOWS\Minidump\031720-13812-01.dmp
2020-03-17 08:15 - 2020-03-17 08:15 - 000040417 _____ C:\WINDOWS\system32\energy-report.html

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-16 17:36 - 2019-12-04 22:30 - 000002642 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP LaserJet M14-M17
2020-04-16 17:36 - 2019-09-15 09:09 - 000003720 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-16 17:36 - 2019-09-15 09:09 - 000003404 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-04-16 17:36 - 2019-09-15 09:09 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-04-16 17:36 - 2019-09-15 09:09 - 000003306 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{1694A19D-2945-40D3-9EF6-F89601232488}
2020-04-16 17:36 - 2019-09-15 09:09 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-04-16 17:36 - 2019-09-15 09:09 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3790778226-1724361597-474460523-1001
2020-04-16 17:36 - 2019-09-15 09:09 - 000002304 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_PushButton
2020-04-16 17:34 - 2019-09-15 09:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-04-16 17:34 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-16 17:28 - 2019-09-15 09:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-16 09:48 - 2018-09-25 17:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-16 09:48 - 2018-09-25 17:52 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-16 09:48 - 2018-09-25 17:52 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-16 09:47 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-16 09:47 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-16 09:46 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-16 09:46 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-15 18:16 - 2019-09-15 09:11 - 000795992 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-15 18:10 - 2018-08-15 00:43 - 000000000 __SHD C:\Users\Dell\IntelGraphicsProfiles
2020-04-15 18:10 - 2018-08-04 06:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-04-15 18:09 - 2019-09-15 09:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-15 18:09 - 2019-09-15 09:00 - 000552736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-15 18:09 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-15 18:09 - 2019-03-19 05:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-15 18:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-10 08:20 - 2019-04-12 20:25 - 000000000 ____D C:\Users\Dell\AppData\Local\bbciplayerdownloads
2020-04-10 08:19 - 2019-04-12 20:25 - 000002717 _____ C:\Users\Dell\Desktop\BBCiPlayerDownloads.lnk
2020-04-03 12:55 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-02 12:30 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-04-02 12:29 - 2019-09-15 09:02 - 000000000 ____D C:\Users\Dell
2020-04-02 12:28 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-04-02 12:28 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-04-02 12:28 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-04-02 12:28 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-04-02 12:28 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-04-02 12:28 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-04-02 12:28 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-04-02 12:28 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-04-02 12:28 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-04-02 12:28 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-04-02 12:28 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-04-02 12:28 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\servicing
2020-04-02 10:27 - 2018-08-15 00:38 - 000000000 ___RD C:\Users\Dell\OneDrive
2020-04-02 10:26 - 2018-08-15 00:39 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-04-01 09:17 - 2018-11-19 09:25 - 000000000 ____D C:\Users\Dell\AppData\Local\D3DSCache
2020-03-30 18:41 - 2019-07-16 16:04 - 000000000 ____D C:\Users\Dell\AppData\Local\Adobe
2020-03-30 18:24 - 2018-04-12 00:38 - 000000092 _____ C:\WINDOWS\win.ini
2020-03-30 18:22 - 2018-08-04 06:47 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Adobe
2020-03-30 18:01 - 2018-09-03 09:30 - 000000000 ____D C:\ProgramData\Packages
2020-03-30 18:01 - 2018-08-04 06:47 - 000000000 ____D C:\Users\Dell\AppData\Local\Packages
2020-03-30 17:57 - 2018-11-01 20:27 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-30 17:56 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-03-30 15:39 - 2018-09-06 15:44 - 000000000 ____D C:\Users\Dell\Documents\Sound recordings
2020-03-30 09:07 - 2018-09-18 21:41 - 000000000 ___RD C:\Users\Dell\iCloudDrive
2020-03-29 16:49 - 2018-08-04 06:47 - 000000000 ____D C:\Users\Dell\AppData\Local\Publishers
2020-03-28 14:30 - 2020-03-10 08:30 - 000000000 ____D C:\Users\Dell\Documents\UserTesting
2020-03-28 14:25 - 2020-03-10 08:28 - 000000000 ____D C:\Users\Dell\AppData\Local\UserTestingPlugin
2020-03-25 11:30 - 2018-08-04 06:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-03-24 10:09 - 2018-08-04 06:47 - 000000000 ____D C:\Users\Dell\AppData\Local\ConnectedDevicesPlatform
2020-03-21 16:14 - 2018-08-15 00:39 - 000000000 ____D C:\Users\Dell\AppData\Local\PlaceholderTileLogoFolder
2020-03-21 16:00 - 2020-01-01 18:32 - 000000000 ____D C:\Users\Dell\Desktop\Languages
2020-03-19 12:28 - 2018-11-01 11:46 - 000000000 ____D C:\Users\Dell\AppData\Roaming\WhatsApp
2020-03-18 22:45 - 2019-09-15 09:02 - 000002360 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-17 08:38 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-03-17 08:33 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP

==================== Files in the root of some directories ========

2018-09-05 08:12 - 2019-12-27 10:20 - 000000009 _____ () C:\Users\Dell\style.dat
2020-04-15 18:16 - 2020-04-15 18:16 - 000000000 _____ () C:\Users\TEMP\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


----------



## UnicornSparkle (Apr 11, 2020)

Then addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2020
Ran by Dell (16-04-2020 17:56:39)
Running from C:\Users\TEMP\Desktop
Windows 10 Home Version 1903 18362.778 (X64) (2019-09-15 08:09:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3790778226-1724361597-474460523-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3790778226-1724361597-474460523-503 - Limited - Disabled)
Dell (S-1-5-21-3790778226-1724361597-474460523-1001 - Administrator - Enabled) => C:\Users\TEMP
Guest (S-1-5-21-3790778226-1724361597-474460523-501 - Limited - Disabled)
saman (S-1-5-21-3790778226-1724361597-474460523-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3790778226-1724361597-474460523-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Character Animator 2020 (HKLM-x32\...\CHAR_3_2) (Version: 3.2 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_4) (Version: 14.0.4 - Adobe Inc.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Autodesk SketchBook (HKLM\...\{AE6C5657-8710-4968-BEB5-1E2ED89CB2D2}) (Version: 8.71.0000 - Autodesk)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.2.3116 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brackets (HKLM-x32\...\{9CB3A036-0B7E-49B7-A60B-291E245CA6B2}) (Version: 1.13.17696 - brackets.io)
Canon MG6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series) (Version: - )
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Edraw Max 9.3 (HKLM-x32\...\Edraw Max_is1) (Version: - EdrawSoft)
Fuze Basic (HKLM\...\fuzebasic) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.113 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HP LaserJet M14-M17 Basic Device Software (HKLM\...\{DBD3A5B4-0A41-4C1B-A3EE-DA05AA5D5D70}) (Version: 46.2.2636.18185 - HP Inc.)
HP LaserJet M14-M17 Help (HKLM-x32\...\{860F83D4-E1ED-425C-9A5F-C07867AE1EC5}) (Version: 0.00.0005 - HP)
iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Krita (x64) 4.2.9 (HKLM\...\Krita_x64) (Version: 4.2.9.0 - Krita Foundation)
LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)
LEGO MINDSTORMS EV3 Home Content (HKLM-x32\...\{336475F0-51BA-4D15-9A19-08FB3DC48805}) (Version: 1.3.9 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home Edition (HKLM-x32\...\{D977D412-7728-4B45-9A17-D1A4B31A33F8}) (Version: 1.3.8 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home English Support (HKLM-x32\...\{7BB50FF6-F974-4D77-8338-6B50D98BDC5A}) (Version: 1.3.7 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Uninstaller (HKLM-x32\...\{5F3092B9-4240-4037-A287-BF6F9A2996BC}) (Version: 1.0.11 - The LEGO Group) Hidden
LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{0189C6FA-7333-4873-8E0B-3A1BE8E6726B}) (Version: 1.31.5.0 - LEGO)
LibreOffice 6.2 Help Pack (English (United Kingdom)) (HKLM\...\{7F3D2481-D36B-4A25-B3E8-CF1DA7C6FA54}) (Version: 6.2.5.2 - The Document Foundation)
LibreOffice 6.2.4.2 (HKLM\...\{B8FF8670-C6F4-4868-9DB2-C23324C0E575}) (Version: 6.2.4.2 - The Document Foundation)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{83D2491E-E25D-4CEB-9AFD-CEF77BF03974}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9179.0 - Waves Audio Ltd.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 80.0.361.111 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.125.27 - )
Microsoft OneDrive (HKU\S-1-5-21-3790778226-1724361597-474460523-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
NI .NET Framework 4.0 (HKLM-x32\...\{0C43BB65-C604-4D94-A83A-54DCB42780B8}) (Version: 4.01.49154 - National Instruments) Hidden
NI EulaDepot (HKLM-x32\...\{87F60C46-07E2-46B4-B872-680DE4184C0A}) (Version: 3.20.363 - National Instruments) Hidden
NI MDF Support (HKLM-x32\...\{FA35D849-889D-4454-9532-6BE2008D2CDF}) (Version: 3.20.363 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (HKLM\...\{4A78D9E6-D349-4CCA-9295-45B12BE5BC6C}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (HKLM-x32\...\{20124E21-206B-485F-838F-14BB88161045}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Uninstaller (HKLM-x32\...\{C7743231-5899-418D-8CA5-22B0F654D894}) (Version: 3.20.363 - National Instruments) Hidden
NI VC2008MSMs x64 (HKLM\...\{07E00E94-7A78-40FA-9BEF-71C190E98041}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (HKLM-x32\...\{E84997A1-4D6F-4C0B-B60D-F85B360D2666}) (Version: 9.0.401 - National Instruments) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.3.2 - pdfforge GmbH)
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.338.319 - VoiceFive, Inc.) <==== ATTENTION
Product Improvement Study for HP LaserJet M14-M17 (HKLM\...\{44899623-FEB7-4FE2-BC7C-3D22C2F4D84C}) (Version: 46.2.2636.18185 - HP Inc.)
Python 3.7.1 Core Interpreter (32-bit) (HKLM-x32\...\{5439005C-640E-473B-8374-5AA6BA9F8780}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Development Libraries (32-bit) (HKLM-x32\...\{D1F1A0E0-328E-438D-A18C-ACE71BCE10B7}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Documentation (32-bit) (HKLM-x32\...\{DAB8D967-E729-443C-96A7-BFE581D8B0B0}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Executables (32-bit) (HKLM-x32\...\{FFE80953-6126-49BF-9CC0-57113A8AAA37}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 pip Bootstrap (32-bit) (HKLM-x32\...\{4CAAB4B2-69D4-437A-870B-9AB2D0703E56}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Standard Library (32-bit) (HKLM-x32\...\{E8A32F30-F5EC-4724-8F99-A51B69176B2F}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{AC008439-97C6-4079-B451-069A1AC86C9D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Test Suite (32-bit) (HKLM-x32\...\{A9C09A2F-4ABC-41EF-B3F7-629C8178186B}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Utility Scripts (32-bit) (HKLM-x32\...\{D3397B2B-DC1F-4EDF-BFAE-827431206FB6}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C3A1C6B1-9096-47A7-AB5C-09114002A996}) (Version: 3.7.6501.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8158 - Realtek Semiconductor Corp.)
SAntivirus Realtime Protection Lite (HKLM-x32\...\SAntivirus) (Version: 1.0.21.49 - Digital Com. Inc) <==== ATTENTION
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Vita Concert Grand LE (HKLM\...\{CB5D721E-C919-4CDF-8356-D6F84490FB3F}) (Version: 2.4.0.96 - MAGIX Software GmbH) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2018-11-13] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxDTCM.dll [2018-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2018-12-26 11:38 - 2018-12-26 11:38 - 000116736 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2019-01-01 13:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3790778226-1724361597-474460523-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F28A8E64-BACF-4119-9A99-B03026D0CCC1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{6A3E19D8-31CA-48F7-93B3-B287D9A5F9F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{B28413B6-999A-4103-B628-E057C7B06AE5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{639DE6D8-C152-493C-845A-E1D6875B8D5A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{E69030EB-CF45-4577-AEAC-9E5B85D154BD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{8041F4D0-94CE-4B9F-9E44-938084BFDBD6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{B69464D7-C47E-4884-BA28-29DDBB1B1175}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{19766A71-903D-4C7B-8D64-4B7B2B53BEE4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{860EC32C-9F85-4B9A-9FEC-F393120DD18F}] => (Allow) C:\Users\Dell\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{05FE1B68-24EF-4965-B189-7BC878027DFA}] => (Allow) C:\Users\Dell\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7ED2CC1B-967D-406B-B14A-DA5E8D244480}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{31CECD98-F8C4-4F5E-965D-EBD721AEBBD3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [UDP Query User{5F8B8938-604C-46AC-86B1-C73BD90EC958}C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe] => (Allow) C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe (National Instruments) [File not signed]
FirewallRules: [TCP Query User{1509D4B7-7000-4C1F-B069-BFA4653B907F}C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe] => (Allow) C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe (National Instruments) [File not signed]
FirewallRules: [TCP Query User{F468232A-782C-4386-AF14-03CFA72EB0FB}C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe (National Instruments) [File not signed]
FirewallRules: [UDP Query User{68E46633-8DC3-499C-A590-8A85F5FE92AD}C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe (National Instruments) [File not signed]
FirewallRules: [{B90EC05F-AF8D-409B-BC8F-DB1339571F22}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{26BB58B3-CE93-49BC-861B-7048FEAF3DE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD6B6F5E-D8CE-4DFA-9DBC-B0C2587A2D26}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{04DBA85E-2192-4517-8E1A-9A8B37C90633}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7F7BE050-30CD-4F04-B1E5-FD538BABB8CD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{FE61EC11-DE69-4A03-B79C-74C82B97668A}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [TCP Query User{3E0B28C0-5454-48D7-B83E-8935C322090A}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [{CAA133E6-2825-497B-8BA9-1B3BEED1A4F6}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS710C\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{C6ABEAFA-048F-4151-96F1-A42BFE9339CC}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS710C\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{46B8923F-A9B8-4E91-AADD-2BE3B7633A5B}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\bin\EWSProxy.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{3606C66C-2484-4A28-9750-82E6AAED8AC0}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{F890F4FD-947E-4A19-AE18-DEEE4311552C}] => (Allow) LPort=5357
FirewallRules: [{C3989B7C-F4E4-4D69-9A75-35A3294D83A6}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{B8F70699-63C0-4B05-A09E-32B3ACC7DF38}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{433E7DCA-401A-418E-8F16-6AEF89442FEF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4604C228-8E98-4C92-A064-341EBF0356E1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FA6FD34E-80AD-4B9E-B28C-64C3A57F43F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2BD3852B-97FD-4E2D-B3F9-3EE91FDA2D39}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E09B1FD3-4D37-4296-B209-7B1F7FC1CFD1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB726F6E-4F54-4577-A080-0C4C812994E8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F7FDAED0-4D07-493D-89DD-719AE1740DA1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{085FD68E-6BB8-44C8-B803-0BCD33B5BCB4}C:\program files (x86)\premieropinion\pmropn.exe] => (Block) C:\program files (x86)\premieropinion\pmropn.exe No File
FirewallRules: [UDP Query User{9420F883-C5AD-4B58-A0B8-DD0DA62B3982}C:\program files (x86)\premieropinion\pmropn.exe] => (Block) C:\program files (x86)\premieropinion\pmropn.exe No File
FirewallRules: [{D5CFEDE6-988D-4A78-B8A7-D2BF565F880B}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FFE2515E-E7E6-402D-879C-CF559770FF1A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.64 GB) (Free:62.39 GB) (53%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/16/2020 09:46:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 19.232.1124.10, time stamp: 0x1482ea94
Faulting module name: SyncEngine.DLL, version: 19.232.1124.10, time stamp: 0x2b910737
Exception code: 0xc0000005
Fault offset: 0x001f8a97
Faulting process ID: 0x3224
Faulting application start time: 0x01d613497a791f66
Faulting application path: C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\19.232.1124.0010\SyncEngine.DLL
Report ID: 59984646-45aa-4c93-b37a-e13ef72b7d20
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/15/2020 06:10:17 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Explorer (7664,R,98) TILEREPOSITORYS-1-5-21-3790778226-1724361597-474460523-1001: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\TEMP\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/15/2020 06:09:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: ISISUNICORN)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (04/14/2020 09:09:53 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4248,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/13/2020 09:06:57 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4836,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/13/2020 05:42:39 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8320,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/13/2020 11:13:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8224,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/13/2020 10:40:30 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11404,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (04/16/2020 05:38:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (04/16/2020 05:36:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (04/15/2020 06:13:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d23: 9NBLGGH6BNG3-A278AB0D.DISNEYMAGICKINGDOMS.

Error: (04/15/2020 06:09:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cbVSCService11 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/15/2020 06:09:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the cbVSCService11 service to connect.

Error: (04/15/2020 06:09:01 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a pre-shutdown control.

Error: (04/12/2020 09:08:49 PM) (Source: DCOM) (EventID: 10010) (User: ISISUNICORN)
Description: The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXx19q0gyvntjc9d3jsjsfaertqgy617se.mca did not register with DCOM within the required timeout.

Error: (04/12/2020 09:08:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d23: 9NBLGGH4LS1F-Microsoft.StorePurchaseApp.

Windows Defender:
===================================
Date: 2020-03-17 21:17:58.901
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8E6B1EE1-0E26-4DCD-8C08-CF74DB01C5C2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-17 10:24:09.769
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1722F6D0-3E20-4AB6-8D4D-9212645E7F52}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-08 16:55:53.356
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F6D38FE1-8EC0-4119-87C1-CB6B4AE99A82}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-08 16:41:55.859
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C58F4585-3C53-4EAC-A2D5-40A1DB889671}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-02-08 19:58:45.153
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4C36BB76-A3CE-4910-98FA-99F87885AC7D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-02-14 07:40:47.534
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.309.857.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16700.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-12-08 12:21:57.863
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.22.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-04-16 17:54:14.553
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-16 17:54:14.512
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-16 17:54:13.994
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-16 17:54:01.435
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-16 17:51:22.632
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-16 17:51:21.115
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-16 17:51:21.088
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-16 17:51:12.436
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.27.0 01/18/2019
Motherboard: Dell Inc. 0WH5C0
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 84%
Total physical RAM: 3962.14 MB
Available physical RAM: 626.72 MB
Total Virtual: 9850.14 MB
Available Virtual: 5194.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.64 GB) (Free:62.39 GB) NTFS

\\?\Volume{3d36e852-0d7c-4e57-b0bf-f96529817c40}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{fb26560b-a463-4523-b3e4-d588e3177790}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: CE1E5D40)

Partition: GPT.

==================== End of Addition.txt =======================
Sorry, I'm afraid they are rather long!!!
Thank you!


----------



## DR.M (Sep 4, 2019)

Finally!!!!









OK, give me some time to review your logs now.


----------



## UnicornSparkle (Apr 11, 2020)

Haha!! Thank you so much!


----------



## Couriant (Mar 26, 2002)

Just a reference for the next time you need to upload data that large, you can simply upload the text file by clicking on the attached files icon below.


----------



## DR.M (Sep 4, 2019)

Couriant said:


> Just a reference for the next time you need to upload data that large, you can simply upload the text file by clicking on the attached files icon below.


Actually, if the Forum now allows the copy and paste option for the long logs, I prefer it.


----------



## DR.M (Sep 4, 2019)

Hi, Unicornsparkle. 

It seems that your computer is running from a temporary profile, stored in *C:\Users\TEMP.* That's why you don't see your files on the Desktop, that's why your passwords cannot be saved. The computer has also other issues, but let's first fix this temporary profile issue.

1. Press on the *Start* button.
2. Click on your *account icon.*
3. Choose *Sign out.*
4.* Restart *the computer.









*Please tell me if you got your Desktop back.

You can make also this additional check:*

In the *Search* area type *Users,* and select it from the items appeared.
Check if in there, there is a profile account named *TEMP.* We do *not *want this to exist.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, Unicornsparkle.
> 
> It seems that your computer is running from a temporary profile, stored in *C:\Users\TEMP.* That's why you don't see your files on the Desktop, that's why your passwords cannot be saved. The computer has also other issues, but let's first fix this temporary profile issue.
> 
> ...


Hi! I tried the method a few times, clicking start, my account profile, and sign-out and it unfortunately doesn't work.  I figured my computer had quite a few problems...!


----------



## UnicornSparkle (Apr 11, 2020)

Oh sorry, the temp folder still exists in users as well.


----------



## DR.M (Sep 4, 2019)

Hi, Unicornsparkle.

In the Users folder, check if you see your normal account (possibly named Dell). Double click to open it. I would recommend at this stage, to save your documents, videos, pictures, music in an external drive, in any case.

I will be back to you as soon as possible.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, Unicornsparkle.
> 
> In the Users folder, check if you see your normal account (possibly named Dell). Double click to open it. I would recommend at this stage, to save your documents, videos, pictures, music in an external drive, in any case.
> 
> I will be back to you as soon as possible.


Ok, I will do! Thanks!


----------



## DR.M (Sep 4, 2019)

Hi, Unicornsparkle.

Assuming that you saved what you want, please do the following:

*1. Uninstall programs*

*PremierOpinion* is an adware program that displays pop-up ads and unwanted advertisements on web pages that you visit.

*Segurazo antivirus* (also known as SAntivirus) is described as anti-virus software that includes real-time protection, threat detection, and protection of data and passwords. In fact, this program is a potentially unwanted program (PUP), since it is distributed through the download or installation set-ups of other software. Many people download and install software of this type unintentionally.

I recommend you to uninstall these programs.

Press the *Windows Key + R.*
Type *appwiz.cpl *in the Run box and click *OK.*
The Add/Remove Programs list will open. Locate the following program on the list:


```
SAntivirus Realtime Protection Lite
PremierOpinion
```

Select the above program and click *Uninstall.*
*Restart* the computer.

*2. Uninstall Avast*

Please go here and download the *Avast Software Uninstall Utility.*
*Save it *on your Dekstop.
Double click to *run it *and *follow the instructions.*
*Restart *the computer.

*3. FRST fix*

*Please do the following to run a FRST fix:

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system*

Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.


```
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dbnwss_20_14_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDtByC0AtAzztB0C0EtCtByCtBtCzy0AtN0D0Tzu0StAtDtCtBtN1L2XzuyEtFyCtCtFtDtFtCzytCtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2SyC0A0AyD0DyC0FtCtGtDyDyCtDtGtB0ByD0AtGtCtCtCyCtGtAyEyCzztAtA0B0DtB0AtD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyzzzztD1O1OtA1RtGzyyBtAtDtGyE1OzztCtGzzyDzzzztGyDtCtBzyyCzz1SyEtByCyE1P2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzzyDyCyByBtBzyyB%26cr%3D1065337334%26a%3Dwsg_dbnwss_20_14_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge DefaultSearchURL: Default -> hxxps://manageyoursearch.com/?q={searchTerms}
Edge DefaultSuggestURL: Default -> hxxps://manageyoursearch.com/suggest?q={searchTerms}
CHR HKLM\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]
CHR HKLM\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM-x32\...\Chrome\Extension: [codhflfnidhlkphogdmhfhjmkehlfjjk]
CHR HKLM-x32\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [7051760 2020-03-31] (Digital Communications Inc -> Digital Com. Inc) <==== ATTENTION
R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [190960 2020-03-31] (Digital Communications Inc -> Digital Com. Inc) <==== ATTENTION
R1 SANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusKD.sys [90096 2020-03-31] (Digital Communications Inc. -> Digital Comm. Inc) <==== ATTENTION
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus
C:\Program Files (x86)\PremierOpinion
C:\Program Files (x86)\Chromium
C:\Users\Dell\AppData\Local\{7F30496C-5B98-25D4-3600-003C1268FCA4}
C:\ProgramData\{7910452C-5138-3D54-0960-157CE188CDA4}
FirewallRules: [{860EC32C-9F85-4B9A-9FEC-F393120DD18F}] => (Allow) C:\Users\Dell\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{05FE1B68-24EF-4965-B189-7BC878027DFA}] => (Allow) C:\Users\Dell\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{085FD68E-6BB8-44C8-B803-0BCD33B5BCB4}C:\program files (x86)\premieropinion\pmropn.exe] => (Block) C:\program files (x86)\premieropinion\pmropn.exe No File
FirewallRules: [UDP Query User{9420F883-C5AD-4B58-A0B8-DD0DA62B3982}C:\program files (x86)\premieropinion\pmropn.exe] => (Block) C:\program files (x86)\premieropinion\pmropn.exe No File
C:\Program Files (x86)\Digital Communications
EmptyTemp:
End::
```

*Please right-click on FRST64 on your Desktop,* to run it as administrator. When the tool opens, click *"yes"* to the disclaimer.
Press the *Fix* button once and wait.
FRST will process *fixlist.txt.*
When finished, it will produce a log *fixlog.txt* on your Desktop.
*Please paste the fixlog in your next reply. --> IMPORTANT : Do that first and then move on to the Step 4. *

*4. Run DISM and SFC with FRST*

*NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system*

Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.


```
Start::
CreateRestorePoint:
CloseProcesses:
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: type C:\Windows\Logs\DISM
CMD: SFC /scannow
CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log
Reboot:
End::
```

*Please right-click on FRST64 on your Desktop,* to run it as administrator. When the tool opens, click *"yes"* to the disclaimer.
Press the *Fix* button once and wait.
FRST will process *fixlist.txt*
When finished, it will produce a log *fixlog.txt* on your Desktop.
*Please post the log in your next reply (attach it).*

*5. Restart the computer*

*In your next reply please post:*

The two fixlog.txt


----------



## UnicornSparkle (Apr 11, 2020)

Hi I tried to uninstall Premier opinion and it said it did not exist so I removed it from the apps and programs list, thinking that would uninstall it but it didn't and it still shows up when I type it. Also, I tried to uninstall Antivirus CLient and it came up with this?








I'm not sure if this is safe or not. When I downloaded Avast Software uninstall utility it came up with this.







Shall I put it in safe mode or not? Thanks!


----------



## UnicornSparkle (Apr 11, 2020)

Hi! I have run FRST as an administrator and pressed fix. I told me to restart my computer, which I did. Now, however, the following has happened.
























Thanks!


----------



## DR.M (Sep 4, 2019)

Hi, Unicornsparkle.

Can you please tell me when you get this warning?

Running FRST fix means that you uninstalled the programs you had to? (Premier Opinion, SAntivirus, Avast)?

Can you please show me the FRST icon on the Desktop in another screenshot?

Please don't move on with issues unsolved.

Be patient, and I will be with you as soon as possible.


----------



## DR.M (Sep 4, 2019)

Hey, Unicornsparkle. 

Are you still with me?


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, Unicornsparkle.
> 
> Can you please tell me when you get this warning?
> 
> ...


Hi, I am so stupid, I am soooo sorry. I tried to uninstall premier opinion and it said it didn't exist even though when i typed it, it came up. I thought that by doing the FRST fix, it would sort things out. It didn't. It has made things even worse now and FRST deleted itself. I am so sorry, I should've followed your instructions by number and I didn't. I am so, so, so, so sorry.


----------



## DR.M (Sep 4, 2019)

Hi.

Let's go from the beginning, doing steps 1 and 2 here. If something doesn't work, please ask before do anything.

1. About *Premium Opinion:* What do you mean by " it still shows up when I type it" and "when i typed it, it came up "?

2. About *Segurazo (SAntivirus)* and assuming you didn't uninstall it: When you get that warning, press *Remove protection *and go on.

3. About *Avast,* and assuming you didn't uninstall it, press *Yes*, to run the tool in *Safe mode.*

If restarting doesn't get you in Safe mode, please see here, choosing the option *From the sign-in screen.

Please report here what you did. *


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi.
> 
> Let's go from the beginning, doing steps 1 and 2 here. If something doesn't work, please ask before do anything.
> 
> ...


Hi! When I type into the search bar, 'premier opinion' it doesnt not show it exists. I never formally uninstalled it however, as when I went to do so, it said it may have been moved or deleted previously.
I think I have uninstalled S Antivurus, but is there a way to double check?
With avast, i downloaded the uninstaller for avast that you recommended and opened it in safe mode. When it restarted in safe mode, Avast is still there and the avast uninstaller isn't. Is safe mode meant to turn the background black and make it so that you can't search in the windows search bar for programs and it doesn't play sound or connect to the internet? Thanks! 😁


----------



## DR.M (Sep 4, 2019)

Hi, Unicornsparkle.

Let's create a new user account, with administrator's privileges, so we can run our fixes, and then see how we can deal with the temporary profile.

Press *Windows icon* on your Desktop, together with the* letter R.*
Type *cmd*, and press *Ctrl + Shift + Enter* to run Command Prompt as administrator.
Copy and paste the following command lines, one by one, and press* Enter* after each to execute them:


```
net user Dell2 /add
net localgroup Administrators Dell2 /add
```

When the commands completed successfully, the new administrator account will be created successfully.
*Restart *the computer, and log in with Dell2 account.
Please report back what you did.


----------



## UnicornSparkle (Apr 11, 2020)

Hi! I pressed the windows button on my keyboard and the r button on my keyboard then typed in cmd and typed in the code, line by line pressing enter after each line. I restarted my computer with the power key and logged into Dell2. My computer now looks like this, it still has all of the apps that my other account had? Is this meant to happen?
Also should I take it out of safe mode yet because it didnt uninstall AVG when I opened the AVG uninstaller you reccomended, restarted the computer in safe mode, but it still didn't uninstall AVG? Thanks!


----------



## UnicornSparkle (Apr 11, 2020)

Hi! I tried to uninstall S antivirus client first because premier opinion was not on the list but it said 
'Warning
There are other users logged on to this computer.
If you uninstall this program while another user is running it, the program might not uninstall completely.
To properly uninstall or change this program, switch to and log off each user before you continue.'
It then has three buttons a 'switch user' a 'continue' and a 'cancel' which one shall I choose?
Thanks!


----------



## DR.M (Sep 4, 2019)

Press the Start button, click on your profile icon, and sign out. Then, try to log in with Dell2. You will know that you are logged in with a new account, because you will get screens with instructions to set up your new account. The Desktop should be empty, with the icons of the Recycle Bin and Edge only.

Please report back what you did and what you see.


----------



## UnicornSparkle (Apr 11, 2020)

Hi! I tried to uninstall S antivirus client first because premier opinion wasot on the list but it said
'Warning
There are other users logged on to this computer.
If you uninstall this program while another user is running it, the program might not uninstall completely.
To properly uninstall or change this program, switch to and log off each user before you continue.'
It then has three buttons a 'switch user' a 'continue' and a 'cancel' which one shall I choose?
Thanks!


DR.M said:


> Press the Start button, click on your profile icon, and sign out. Then, try to log in with Dell2. You will know that you are logged in with a new account, because you will get screens with instructions to set up your new account. The Desktop should be empty, with the icons of the Recycle Bin and Edge only.
> 
> Please report back what you did and what you see.


Hi, so when i first logged in to dell2 it said setting up.... For ages and then loaded the desktop with all of my apps on it. Please see the pictures below for what I did.


----------



## UnicornSparkle (Apr 11, 2020)

UnicornSparkle said:


> Hi! I tried to uninstall S antivirus client first because premier opinion wasot on the list but it said
> 'Warning
> There are other users logged on to this computer.
> If you uninstall this program while another user is running it, the program might not uninstall completely.
> ...


So i pressed sign information dell2. Thanks!


----------



## DR.M (Sep 4, 2019)

And what you see now?


----------



## UnicornSparkle (Apr 11, 2020)

Hi, so when i first logged in to dell2 it said setting up.... For ages and then loaded the desktop with all of my apps on it. Please see the pictures below for what I did.
[/QUOTE]
I see this


----------



## DR.M (Sep 4, 2019)

I've already seen what you did the first time. What about next, when you signed out and signed in with Dell2?


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> I've already seen what you did the first time. What about next, when you signed out and signed in with Dell2?


Sorry, I misunderstood you. I have tried to log in again, and the desktop is exactly the same as the first photograph.
Thanks!


----------



## DR.M (Sep 4, 2019)

Hi, Unicornsparkle.

Let's look further at the contents of the user profile list in the registry. This will give us more information about what is happening.

Press *Windows icon* on your Desktop, together with the* letter R.*
Type *cmd*, and press *Ctrl + Shift + Enter* to run Command Prompt as administrator.
Copy and paste the following command line and press* Enter*.


```
reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt
```

In the *Search area *type *File Explorer* and choose it from the items appeared.
In the *address area* type *C:\Profile.txt *and press *Enter.*
From the list, choose *C:\Profile.txt,* double click to open it.
Select the content of the file, copy and paste it in your next reply.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, Unicornsparkle.
> 
> Let's look further at the contents of the user profile list in the registry. This will give us more information about what is happening.
> 
> ...


Hi! I did the following but I can't type in the search bar so I opened file explorer on the bar at the bottom instead. I opened local disk and found the document. Unfortunately, I cannot copy and paste as my computer is in safe mode, so I am replying on my phone. I have taken a picture instead though.
Thanks!


----------



## DR.M (Sep 4, 2019)

Hello!

Can you, please, restart in normal mode and repeat the above steps, pasting here the content of the txt file?

For existing Safe mode, see the instructions under the title:
How to exit Safe mode in Windows 10


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hello!
> 
> Can you, please, restart in normal mode and repeat the above steps, pasting here the content of the txt file?
> 
> ...


Hi! I attempted to come out of safe mode per the instructions in the link and it came up with this warning? Shall I press yes? I have absolutely no idea what BitLocker Drive Encryption is and I have never downloaded it.
Thanks!


----------



## DR.M (Sep 4, 2019)

Hi, UnicornSparkle.

Click *NO* when you get this message.

Press *Windows icon* on your Desktop, together with the* letter R.*
Type *cmd*, and press *Ctrl + Shift + Enter* to run Command Prompt as administrator.
Copy and paste the following command line and press* Enter*.


```
manage-bde -status
```
Please take a screenshot about what you get.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, UnicornSparkle.
> 
> Click *NO* when you get this message.
> 
> ...


Hi! Here is what I found. I cannot screenshot becayse i am in safe mode, but I took a picture instead. Thanks!


----------



## DR.M (Sep 4, 2019)

Hi, UnicornSparkle.

Press *Windows icon* on your Desktop, together with the* letter R.*
Type *cmd*, and press *Ctrl + Shift + Enter* to run Command Prompt as administrator.
Copy and paste the following command line and press* Enter*.


```
manage-bde -off C:
```

A message that decryption is now in progress will appear.
When it finishes, try to get out of Safe mode again, and log in to Dell2 profile account.
Get a screenshot of what you get.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, UnicornSparkle.
> 
> Press *Windows icon* on your Desktop, together with the* letter R.*
> Type *cmd*, and press *Ctrl + Shift + Enter* to run Command Prompt as administrator.
> ...


Hi! This is the result.
Everything opens now! Like calendar etc but there are still my old applications on the desktop. When I first logged in in normal mode it came up with all of the location service data acceptance things etc like setting up new computer. Anyway, I have attached the images. Thank you! It seems to be working!


----------



## UnicornSparkle (Apr 11, 2020)

Oh no I was just looking at my apps and s antivirus is still there even though I uninstalled it! Also the other users are still there and the temp folder is too but when I click on it it says I dont have access to this folder? Thanks!


----------



## DR.M (Sep 4, 2019)

OK! That's a good sign. Let's go a bit backwards and try again the steps here.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> OK! That's a good sign. Let's go a bit backwards and try again the steps here.


Yes, it's a very good sign! I did the steps previously, and it came up with this?
Thank-you so much!


----------



## DR.M (Sep 4, 2019)

Yes and Enter.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Yes and Enter.


Hi! The command prompt closed so I did it again and it came up with this?
Thanks!


----------



## DR.M (Sep 4, 2019)

Can you find the profile.txt in C now? If yes, please copy its contents and paste them here.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Can you find the profile.txt in C now? If yes, please copy its contents and paste them here.


I think this is it? It came up in recent files in Local Disk C:?
Thanks! 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"Default"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,\
76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,00,65,00,66,\
00,61,00,75,00,6c,00,74,00,00,00
"ProfilesDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,\
00,69,00,76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,00,00
"ProgramData"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,\
00,76,00,65,00,25,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
61,00,74,00,61,00,00,00
"Public"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,\
00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,50,00,75,00,62,00,\
6c,00,69,00,63,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"=dword:0000000c
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00
"RefCount"=dword:00000001
"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,\
00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3790778226-1724361597-474460523-1001]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,54,00,45,00,4d,00,50,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00004b04
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,72,af,f2,e1,7d,ab,c7,66,6b,b1,47,\
1c,e9,03,00,00
"LocalProfileLoadTimeLow"=dword:e73dd7c2
"LocalProfileLoadTimeHigh"=dword:01d6188f
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3790778226-1724361597-474460523-1001.bak]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,44,00,65,00,6c,00,6c,00,00,00
"Flags"=dword:00000000
"State"=dword:00008000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,72,af,f2,e1,7d,ab,c7,66,6b,b1,47,\
1c,e9,03,00,00
"FullProfile"=dword:00000001
"Migrated"=hex:e0,1e,d5,f7,9b,6b,d5,01
"LocalProfileLoadTimeLow"=dword:d6a23415
"LocalProfileLoadTimeHigh"=dword:01d5fc2e
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:5bee5143
"LocalProfileUnloadTimeHigh"=dword:01d59ce6

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3790778226-1724361597-474460523-1005]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,44,00,65,00,6c,00,6c,00,32,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000304
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,72,af,f2,e1,7d,ab,c7,66,6b,b1,47,\
1c,ed,03,00,00
"LocalProfileLoadTimeLow"=dword:a3de047c
"LocalProfileLoadTimeHigh"=dword:01d6199e
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000


----------



## DR.M (Sep 4, 2019)

Thank you!

Now, you will wait a bit.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Thank you!
> 
> Now, you will wait a bit.


Ok! Thank-you so much for your time and patience.


----------



## DR.M (Sep 4, 2019)

Can you please open a command prompt again, as you did before, type *whoami* and press Enter? Can you take a screenshot of what you get?


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Can you please open a command prompt again, as you did before, type *whoami* and press Enter? Can you take a screenshot of what you get?


Hi! Here is the screenshot. Thanks!


----------



## DR.M (Sep 4, 2019)

Hi, UnicornSparkle.

i just wanted to tell you that I’m currently discussing your computer issues and trying to find a solution.

I will be back to you as soon as possible.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, UnicornSparkle.
> 
> i just wanted to tell you that I'm currently discussing your computer issues and trying to find a solution.
> 
> I will be back to you as soon as possible.


Ok! Thanks for the update! 
Thank you so much!


----------



## DR.M (Sep 4, 2019)

Hi, again. 

*Copy* the contents of the code below to *Notepad* (To open Notepad, type Notepad in the Search area and select it when the specific item appeared).
Make sure to leave an *empty line at the end* of the script.
Name the file as* fix.reg*
Change the *Save as Type* to *All Files* and *Save *it on the desktop.
Once saved, *double click on the fix.reg* file and* merge it* into the Registry.


```
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3790778226-1724361597-474460523-1001]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,44,00,65,00,6c,00,6c,00,00,00
"Flags"=dword:00000000
"State"=dword:00008000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,72,af,f2,e1,7d,ab,c7,66,6b,b1,47,\
1c,e9,03,00,00
"FullProfile"=dword:00000001
"Migrated"=hex:e0,1e,d5,f7,9b,6b,d5,01
"LocalProfileLoadTimeLow"=dword:d6a23415
"LocalProfileLoadTimeHigh"=dword:01d5fc2e
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:5bee5143
"LocalProfileUnloadTimeHigh"=dword:01d59ce6

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3790778226-1724361597-474460523-1001.bak]
```

Restart in normal mode, and sign in with Dell.
Can you see the TEMP profile in C:\Users now?


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, again.
> 
> *Copy* the contents of the code below to *Notepad* (To open Notepad, type Notepad in the Search area and select it when the specific item appeared).
> Make sure to leave an *empty line at the end* of the script.
> ...


I am already in normal mode though? Thanks!


----------



## DR.M (Sep 4, 2019)

OK, go on.


----------



## UnicornSparkle (Apr 11, 2020)

Hi! I still cannot access TEMP folder. It comes up with this.







Shall I press continue?
Thanks!


----------



## DR.M (Sep 4, 2019)

Can you give me a screenshot of what you see in C:\Users folder?


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Can you give me a screenshot of what you see in C:\Users folder?


Yes sure! Thanks!


----------



## DR.M (Sep 4, 2019)

And once again, can you export the profile.txt, as instructed here?


----------



## UnicornSparkle (Apr 11, 2020)

Hi! It comes up with this. Shall I over-write it? Thanks!


----------



## DR.M (Sep 4, 2019)

Yes please.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Yes please.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"Default"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,\
76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,00,65,00,66,\
00,61,00,75,00,6c,00,74,00,00,00
"ProfilesDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,\
00,69,00,76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,00,00
"ProgramData"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,\
00,76,00,65,00,25,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
61,00,74,00,61,00,00,00
"Public"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,\
00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,50,00,75,00,62,00,\
6c,00,69,00,63,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"=dword:0000000c
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00
"RefCount"=dword:00000001
"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,\
00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3790778226-1724361597-474460523-1001]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,44,00,65,00,6c,00,6c,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00008000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,72,af,f2,e1,7d,ab,c7,66,6b,b1,47,\
1c,e9,03,00,00
"LocalProfileLoadTimeLow"=dword:d6a23415
"LocalProfileLoadTimeHigh"=dword:01d5fc2e
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"Migrated"=hex:e0,1e,d5,f7,9b,6b,d5,01
"LocalProfileUnloadTimeLow"=dword:5bee5143
"LocalProfileUnloadTimeHigh"=dword:01d59ce6

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3790778226-1724361597-474460523-1005]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,44,00,65,00,6c,00,6c,00,32,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,72,af,f2,e1,7d,ab,c7,66,6b,b1,47,\
1c,ed,03,00,00
"LocalProfileLoadTimeLow"=dword:8c1f5925
"LocalProfileLoadTimeHigh"=dword:01d61ebf
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:7d03bb81
"LocalProfileUnloadTimeHigh"=dword:01d61ebf

There it is! I also have another question. Can I dowload things from the microsoft store? I would like to download skype for my work. Also, can I log into office 365? Or will something bad happen if there is still malware?
Thank-you so much!


----------



## DR.M (Sep 4, 2019)

You can try to download Skype or use Office365. 

I think we are making some progress here. I will back to you later today.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> You can try to download Skype or use Office365.
> 
> I think we are making some progress here. I will back to you later today.


Yay! Thank-you so much, I feel we are definitely making some progress as well.


----------



## UnicornSparkle (Apr 11, 2020)

My organisation allows me to download office apps for free powerpoint etc. is this safe to do so? It downloads it from office.com online. Thanks!


----------



## DR.M (Sep 4, 2019)

Hi, UnicornSparkle.

*Copy* the contents of the code below to *Notepad* (To open Notepad, type Notepad in the Search area and select it when the specific item appeared).
Make sure to leave an *empty line at the end* of the script.
Name the file as* fix.reg*
Change the *Save as Type* to *All Files* and *Save *it on the desktop.
Once saved, *double click on the fix.reg* file and* merge it* into the Registry.


```
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3790778226-1724361597-474460523-1001]
"State"="dword:00000000"
```

*Restart*, and sign in with *Dell.*
After the restart, please *export the profile.txt,* as instructed here. Choose Yes when you are asked to overwrite the file.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, UnicornSparkle.
> 
> *Copy* the contents of the code below to *Notepad* (To open Notepad, type Notepad in the Search area and select it when the specific item appeared).
> Make sure to leave an *empty line at the end* of the script.
> ...


Hi! Shall I replace it? Thanks!


----------



## DR.M (Sep 4, 2019)

Yes, please.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, UnicornSparkle.
> 
> *Copy* the contents of the code below to *Notepad* (To open Notepad, type Notepad in the Search area and select it when the specific item appeared).
> Make sure to leave an *empty line at the end* of the script.
> ...


Hi! When I do the command prompt and copy and paste the code, it comes up with this? Thanks!


----------



## DR.M (Sep 4, 2019)

Restart, sign in with Dell as instructed and repeat please. You did not run the command in as administrator before.

Press *Windows icon* on your Desktop, together with the* letter R.*
Type *cmd*, and press *Ctrl + Shift + Enter* to run Command Prompt as administrator.
Copy and paste the following command line and press* Enter*.


```
reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt
```

In the *Search area *type *File Explorer* and choose it from the items appeared.
In the *address area* type *C:\Profile.txt *and press *Enter.*
From the list, choose *C:\Profile.txt,* double click to open it.
Select the content of the file, copy and paste it in your next reply.


----------



## UnicornSparkle (Apr 11, 2020)

Sorry, which one do you mean? Dell2 or Isis Nice-Rowe? Neither are called Dell.


----------



## UnicornSparkle (Apr 11, 2020)

Hi so I restarted in Dell and it came up with setting up your computer. It is now on a black screen with a cursor showing and if I click it comes up with a sound but I cannot see anything. Thanks!


----------



## UnicornSparkle (Apr 11, 2020)

UnicornSparkle said:


> Hi so I restarted in Dell and it came up with setting up your computer. It is now on a black screen with a cursor showing and if I click it comes up with a sound but I cannot see anything. Thanks!


It looks like this.


----------



## DR.M (Sep 4, 2019)

Hi, UnicornSparkle.

Please sign in with Dell 2 and check if the same thing happens.

If you don't have issues, please run the command to export the profile.txt again.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, UnicornSparkle.
> 
> Please sign in with Dell 2 and check if the same thing happens.
> 
> If you don't have issues, please run the command to export the profile.txt again.


Hi! Dell2 works fine. Thanks!


----------



## DR.M (Sep 4, 2019)

Please run the command to export the profile.txt again. 

Press *Windows icon* on your Desktop, together with the* letter R.*
Type *cmd*, and press *Ctrl + Shift + Enter* to run Command Prompt as administrator.
Copy and paste the following command line and press* Enter*.


```
reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt
```

In the *Search area *type *File Explorer* and choose it from the items appeared.
In the *address area* type *C:\Profile.txt *and press *Enter.*
From the list, choose *C:\Profile.txt,* double click to open it.
Select the content of the file, copy and paste it in your next reply.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Please run the command to export the profile.txt again.
> 
> Press *Windows icon* on your Desktop, together with the* letter R.*
> Type *cmd*, and press *Ctrl + Shift + Enter* to run Command Prompt as administrator.
> ...


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"Default"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,\
76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,44,00,65,00,66,\
00,61,00,75,00,6c,00,74,00,00,00
"ProfilesDirectory"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,\
00,69,00,76,00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,00,00
"ProgramData"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,\
00,76,00,65,00,25,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,\
61,00,74,00,61,00,00,00
"Public"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,\
00,65,00,25,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,50,00,75,00,62,00,\
6c,00,69,00,63,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"=dword:0000000c
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,63,00,6f,00,6e,00,66,00,69,00,67,00,5c,00,73,00,79,00,73,00,74,00,65,\
00,6d,00,70,00,72,00,6f,00,66,00,69,00,6c,00,65,00,00,00
"RefCount"=dword:00000001
"Sid"=hex:01,01,00,00,00,00,00,05,12,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,6f,00,63,00,61,00,6c,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"Flags"=dword:00000000
"ProfileImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,50,00,\
72,00,6f,00,66,00,69,00,6c,00,65,00,73,00,5c,00,4e,00,65,00,74,00,77,00,6f,\
00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"State"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3790778226-1724361597-474460523-1001]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,44,00,65,00,6c,00,6c,00,2e,00,49,00,53,00,49,00,53,00,55,00,4e,00,49,00,\
43,00,4f,00,52,00,4e,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000304
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,72,af,f2,e1,7d,ab,c7,66,6b,b1,47,\
1c,e9,03,00,00
"LocalProfileLoadTimeLow"=dword:d9f8d8fe
"LocalProfileLoadTimeHigh"=dword:01d61fab
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"Migrated"=hex:e0,1e,d5,f7,9b,6b,d5,01
"LocalProfileUnloadTimeLow"=dword:5bee5143
"LocalProfileUnloadTimeHigh"=dword:01d59ce6

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3790778226-1724361597-474460523-1005]
"ProfileImagePath"=hex(2):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,\
00,44,00,65,00,6c,00,6c,00,32,00,00,00
"Flags"=dword:00000000
"FullProfile"=dword:00000001
"State"=dword:00000000
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,72,af,f2,e1,7d,ab,c7,66,6b,b1,47,\
1c,ed,03,00,00
"LocalProfileLoadTimeLow"=dword:898e26ec
"LocalProfileLoadTimeHigh"=dword:01d61f98
"ProfileAttemptedProfileDownloadTimeLow"=dword:00000000
"ProfileAttemptedProfileDownloadTimeHigh"=dword:00000000
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RunLogonScriptSync"=dword:00000000
"LocalProfileUnloadTimeLow"=dword:d67f87c8
"LocalProfileUnloadTimeHigh"=dword:01d61f91

Thanks!


----------



## DR.M (Sep 4, 2019)

Hi, again.

Unfortunately, it seems that your first Dell profile account has to be deleted. I advised you to backup your files (documents, pictures, music, videos) at an earlier stage. I hope you did. You may want to transfer them in Dell2, now or later (considering you have saved them in an external disk).

Next, please do that:

In the *Search area *type *Control Panel.*
Choose the *Control Panel* from the items appeared.
In* View by Category *mode, choose* Users Accounts.*
Choose *Users Accounts.*
Manage another account.
Take a screenshot of what you see and post it in your reply.


----------



## UnicornSparkle (Apr 11, 2020)

Hi! Here it is! Thanks!


----------



## DR.M (Sep 4, 2019)

Thanks, UnicornSparkle.

Just to confirm before move on: Have you transferred your files from the Dell (Isis Nice-Rowe) to the Dell2 account? Or saved them in an external disk to transfer them later?


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Thanks, UnicornSparkle.
> 
> Just to confirm before move on: Have you transferred your files from the Dell (Isis Nice-Rowe) to the Dell2 account? Or saved them in an external disk to transfer them later?


Hi! I had few files or pictures of importance on my computer, the few that were important, I backed up on my onedrive account online. Thanks!


----------



## DR.M (Sep 4, 2019)

Hello!

Good. So we can delete the problematic account and, essentially, check the computer for malware.

*1. Delete the problematic profile account:*

 In the *Search area* type Control Panel.
 Choose the *Control Panel* from the items appeared.
 In View by *Category mode,* choose *Users Accounts.*
 Choose *Users Accounts.*
 *Manage another account.*
 Choose the* Isis Nice-Rowe* account.
 *Delete* the account.
 Follow the instructions, and *restart* the computer.

*2. Download and run FRST*

Please download F*arbar Recovery Scan Tool* and save it to your *desktop. --> IMPORTANT*

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button and wait for a while.
The scanner will produced two logs on your Desktop: *FRST.txt *and *Addition.txt*.
Please copy and paste the content of these two logs in your next reply.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hello!
> 
> Good. So we can delete the problematic account and, essentially, check the computer for malware.
> 
> ...


Hi! I deleted dell (isis nice-rowe). Ok so when I opened FRST it said I would have to find another app to open this type of file and then it loaded. It said the following (in the screenshot) it has also created a fixlog.txt file. 
I did not press anything else except for openeing the program. Shall I still go ahead with the above?
The fixlog file is as follows,
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-05-2020 07:29:24)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus => moved successfully
C:\Program Files (x86)\Digital Communications => Is moved successfully

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\SAntivirusIC => removed successfully
HKLM\System\CurrentControlSet\Services\SAntivirusSvc => removed successfully
HKLM\System\CurrentControlSet\Services\SANTIVIRUSKD => removed successfully

==== End of Fixlog 07:29:24 ====

Also, S antivirus product is gone. Thanks!


----------



## DR.M (Sep 4, 2019)

Yes, please. Go with the instructions in my previous post. FRST is on your Desktop. No need to download it again.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Yes, please. Go with the instructions in my previous post. FRST is on your Desktop. No need to download it again.


Hi! Here they are...!
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-04-2020
Ran by Dell2 (administrator) on ISISUNICORN (Dell Inc. Inspiron 13-5378) (03-05-2020 07:37:58)
Running from C:\Users\Dell2\Desktop
Loaded Profiles: Dell2 (Available Profiles: Dell2)
Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <2>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\IntelCpHeciSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <23>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Dell2\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9237968 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1497048 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [976768 2017-05-08] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [156256 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] (National Instruments Corporation -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3790778226-1724361597-474460523-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3790778226-1724361597-474460523-1005\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-03-09] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-29] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\Installer\setup.exe [2020-04-29] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2020-03-30]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0682DCFB-1BE9-42D6-A7FA-502F998BC78B} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3790778226-1724361597-474460523-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {1239742A-ED43-4A6C-ABAB-BD4EF55E4A06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-25] (Google Inc -> Google Inc.)
Task: {33BED376-B1E9-4493-9342-0E43C4142D24} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-16] (Adobe Inc. -> Adobe)
Task: {33E8F873-6D95-4E84-9D0E-033323CB5691} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {34E68667-F92A-48CC-8C9B-E5AC77AD7424} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-16] (Adobe Inc. -> Adobe)
Task: {47170E82-A528-4397-B796-509E89804135} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {535C90CC-D12D-44B2-9AD2-C7D1D6BC0EA4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3373072 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {58D9B2CC-2D81-4421-8BB0-4667E5880018} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {5D0064CA-88FC-44E2-9819-E0CA949FDB82} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6FBFDE81-E731-4261-8EF0-C9E7D947F5E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {7520EB45-B7E9-4FA4-BE90-DE368E02F1E8} - System32\Tasks\HPCustParticipation HP LaserJet M14-M17 => C:\Program Files\HP\HP LaserJet M14-M17\Bin\HPCustPartic.exe [6662792 2018-07-04] (Hewlett Packard -> HP Inc.)
Task: {858CC683-261B-42D5-9DB8-93AEAA8B903D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-25] (Google Inc -> Google Inc.)
Task: {B45A5A99-92DE-486B-9EA3-A5E84CF5FE0B} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1497048 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {E8CCBA86-751E-4A7D-B85F-EEE0D9C6F7DB} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fee471dd-c8e9-4f2b-8d26-d737c8cbe35f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================

Edge: 
======
Edge Profile: C:\Users\Dell2\AppData\Local\Microsoft\Edge\User Data\Default [2020-05-03]
Edge Notifications: Default -> hxxps://forums.techguy.org; hxxps://teams.microsoft.com

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2020-03-30] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [345960 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5552064 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110608 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2223864 2017-01-05] (Intel Corporation -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-16] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\elevation_service.exe [1125264 2020-04-29] (Microsoft Corporation -> Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333264 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [592776 2017-05-08] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37960 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [206672 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [234840 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [179032 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61272 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16520 2020-04-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [43568 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175984 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [110064 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [85664 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [852392 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [459992 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [235768 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [317864 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-08] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [75320 2017-01-05] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [358968 2017-01-05] (Intel Corporation -> Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63496 2017-01-12] (Intel(R) Software -> Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [31328 2016-08-09] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [356608 2016-11-16] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [143984 2016-09-18] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [80496 2016-08-17] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8720384 2019-08-27] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [40008 2015-06-25] (Intel(R) Software -> Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-03 07:37 - 2020-05-03 07:38 - 000018846 _____ C:\Users\Dell2\Desktop\FRST.txt
2020-05-03 07:29 - 2020-05-03 07:29 - 000000571 _____ C:\Users\Dell2\Desktop\Fixlog.txt
2020-05-03 07:28 - 2020-05-03 07:28 - 002283520 _____ (Farbar) C:\Users\Dell2\Desktop\FRST64.exe
2020-05-02 16:36 - 2020-05-02 16:36 - 000000000 ___RD C:\Users\Dell2\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2020-05-01 12:30 - 2020-05-01 12:30 - 000000020 ___SH C:\Users\Dell.ISISUNICORN\ntuser.ini
2020-05-01 12:30 - 2020-05-01 12:30 - 000000000 ____D C:\Users\Dell.ISISUNICORN
2020-05-01 12:30 - 2019-03-19 05:46 - 000001105 _____ C:\Users\Dell.ISISUNICORN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-05-01 10:09 - 2020-05-01 10:09 - 000000000 ____D C:\Users\Dell\AppData\Roaming\AVG
2020-05-01 10:07 - 2020-05-01 10:07 - 000000000 ____D C:\Users\Dell\AppData\Local\Avg
2020-05-01 09:59 - 2020-05-01 09:59 - 000000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2020-04-30 17:52 - 2020-04-30 17:52 - 001579591 _____ C:\Users\Dell2\Downloads\Nominative Plural.pptx
2020-04-30 17:52 - 2020-04-30 17:52 - 000060806 _____ C:\Users\Dell2\Downloads\Latin Stage 4 consolidation + actores.pptx
2020-04-30 17:34 - 2020-04-30 17:34 - 000000000 ____D C:\Users\Dell2\AppData\Roaming\Apple Computer
2020-04-30 08:55 - 2020-04-30 08:55 - 000000000 ____D C:\Users\Dell2\AppData\Roaming\LibreOffice
2020-04-30 08:15 - 2020-05-01 09:23 - 000000191 _____ C:\Users\Dell2\Desktop\fix.reg
2020-04-30 08:15 - 2020-04-30 08:15 - 000001028 _____ C:\Users\Dell2\Documents\fix.reg
2020-04-29 19:46 - 2020-04-29 19:46 - 000000000 ____D C:\Users\Dell2\AppData\Roaming\Autodesk
2020-04-28 19:30 - 2019-03-19 05:46 - 000001105 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-28 19:03 - 2020-04-28 19:03 - 000000000 ____D C:\Users\Dell2\AppData\Local\Apple
2020-04-28 16:30 - 2020-04-28 16:30 - 000000000 ____D C:\Users\Dell2\AppData\Roaming\AVG
2020-04-28 16:23 - 2020-05-02 17:38 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3790778226-1724361597-474460523-1005
2020-04-28 16:23 - 2020-04-28 16:24 - 000000000 ___RD C:\Users\Dell2\OneDrive
2020-04-28 16:21 - 2020-05-02 15:59 - 000000000 ____D C:\Users\Dell2\AppData\Local\Comms
2020-04-28 16:21 - 2020-05-01 10:14 - 000000000 ____D C:\Users\Dell2\AppData\Local\PlaceholderTileLogoFolder
2020-04-28 16:20 - 2020-04-28 16:20 - 000000000 ____D C:\Users\Dell2\AppData\Local\D3DSCache
2020-04-28 16:20 - 2020-04-28 16:20 - 000000000 ____D C:\Users\Dell2\AppData\Local\Avg
2020-04-28 16:20 - 2020-04-28 16:20 - 000000000 ____D C:\Users\Dell2\AppData\Local\Adobe
2020-04-28 16:19 - 2020-04-28 16:19 - 000000000 ____D C:\Users\Dell2\AppData\Local\Publishers
2020-04-28 16:19 - 2020-04-28 16:19 - 000000000 ____D C:\Users\Dell2\AppData\Local\LEGO
2020-04-28 16:19 - 2020-04-28 16:19 - 000000000 ____D C:\Users\Dell2\AppData\Local\CEF
2020-04-28 16:18 - 2020-05-01 10:11 - 000000000 __SHD C:\Users\Dell2\IntelGraphicsProfiles
2020-04-28 16:18 - 2020-04-30 09:10 - 000000000 ____D C:\Users\Dell2\AppData\Local\Packages
2020-04-28 16:18 - 2020-04-28 16:24 - 000000000 ____D C:\Users\Dell2\AppData\Roaming\Adobe
2020-04-28 16:18 - 2020-04-28 16:19 - 000000000 ____D C:\Users\Dell2\AppData\Local\Intel
2020-04-28 16:18 - 2020-04-28 16:18 - 000000000 ___RD C:\Users\Dell2\3D Objects
2020-04-28 16:18 - 2020-04-28 16:18 - 000000000 ____D C:\Users\Dell2\AppData\Local\VirtualStore
2020-04-28 16:18 - 2020-04-28 16:18 - 000000000 ____D C:\Users\Dell2\AppData\Local\Google
2020-04-28 16:18 - 2020-04-28 16:18 - 000000000 ____D C:\Users\Dell2\AppData\Local\ConnectedDevicesPlatform
2020-04-28 16:17 - 2020-04-28 16:17 - 000000000 ____D C:\WINDOWS\pss
2020-04-26 13:36 - 2020-05-01 17:36 - 000008006 _____ C:\Profile.txt
2020-04-24 11:19 - 2020-04-24 11:19 - 000000000 ____D C:\Users\Dell2\AppData\Local\CrashDumps
2020-04-23 19:41 - 2020-04-23 19:41 - 000000000 ____D C:\Users\Dell2\AppData\Local\ElevatedDiagnostics
2020-04-23 19:40 - 2020-05-01 10:11 - 000000000 ____D C:\Users\Dell2
2020-04-23 19:40 - 2020-04-28 16:24 - 000002363 _____ C:\Users\Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-23 19:40 - 2020-04-23 19:40 - 000000020 ___SH C:\Users\Dell2\ntuser.ini
2020-04-22 11:22 - 2020-04-28 19:30 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2020-04-22 11:22 - 2020-04-23 19:40 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-04-21 08:42 - 2020-04-21 08:42 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\ConnectedDevicesPlatform
2020-04-21 08:42 - 2020-04-21 08:42 - 000000000 ____D C:\Users\defaultuser100000
2020-04-17 18:51 - 2020-04-17 18:51 - 000000000 ___HD C:\OneDriveTemp
2020-04-16 17:54 - 2020-05-03 07:38 - 000000000 ____D C:\FRST
2020-04-15 17:25 - 2020-04-15 17:25 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-15 17:25 - 2020-04-15 17:25 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-15 17:25 - 2020-04-15 17:25 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-15 17:25 - 2020-04-15 17:25 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-15 17:25 - 2020-04-15 17:25 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-15 17:25 - 2020-04-15 17:25 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-15 17:24 - 2020-04-15 17:25 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-15 17:24 - 2020-04-15 17:24 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-15 17:24 - 2020-04-15 17:24 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-15 17:11 - 2020-04-15 17:11 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-15 17:11 - 2020-04-15 17:11 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-08 20:48 - 2020-04-08 20:48 - 001367012 _____ C:\WINDOWS\Minidump\040820-11500-01.dmp
2020-04-04 18:45 - 2020-04-04 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2020-04-04 18:45 - 2020-04-04 18:45 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2020-04-03 12:58 - 2020-04-03 12:58 - 000000000 ___HD C:\$AV_AVG
2020-04-03 12:56 - 2020-04-03 12:56 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2020-04-03 12:56 - 2020-04-03 12:56 - 000002059 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2020-04-03 12:56 - 2020-04-03 12:56 - 000002059 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk
2020-04-03 12:55 - 2020-05-02 17:38 - 000003250 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2020-04-03 12:55 - 2020-04-17 16:05 - 000459992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000852392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000337592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2020-04-03 12:55 - 2020-04-03 12:55 - 000317864 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000235768 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000234840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000206672 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000179032 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000175984 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000110064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000085664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000061272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000043568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000037960 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000016520 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2020-04-03 12:55 - 2020-04-03 12:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2020-04-03 12:55 - 2020-04-03 12:55 - 000000000 ____D C:\Program Files\Common Files\AVG
2020-04-03 12:55 - 2020-04-03 12:55 - 000000000 ____D C:\Program Files\AVG
2020-04-03 12:52 - 2020-04-28 19:26 - 000000000 ____D C:\ProgramData\AVG
2020-04-03 12:34 - 2020-04-08 09:02 - 000001606 _____ C:\WINDOWS\ntbtlog.txt
2020-04-03 12:13 - 2020-04-03 12:13 - 000000000 ____D C:\NPE
2020-04-03 12:12 - 2020-04-03 12:12 - 000000000 ____D C:\ProgramData\Norton

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-03 07:32 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-02 20:48 - 2019-09-15 09:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-02 17:38 - 2020-03-30 18:01 - 000002608 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2020-05-02 17:38 - 2020-03-17 08:35 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-05-02 17:38 - 2020-03-17 08:35 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-05-02 17:38 - 2019-12-04 22:30 - 000002642 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP LaserJet M14-M17
2020-05-02 17:38 - 2019-09-15 09:09 - 000003720 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-05-02 17:38 - 2019-09-15 09:09 - 000003404 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-05-02 17:38 - 2019-09-15 09:09 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-05-02 17:38 - 2019-09-15 09:09 - 000003306 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{1694A19D-2945-40D3-9EF6-F89601232488}
2020-05-02 17:38 - 2019-09-15 09:09 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-05-02 17:38 - 2019-09-15 09:09 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3790778226-1724361597-474460523-1001
2020-05-02 17:38 - 2019-09-15 09:09 - 000002304 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_PushButton
2020-05-02 17:38 - 2019-09-15 09:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-05-02 15:58 - 2020-03-30 18:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-05-02 15:58 - 2020-03-30 18:00 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-05-01 10:16 - 2019-09-15 09:11 - 000795992 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-05-01 10:16 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-05-01 10:11 - 2019-09-15 09:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-01 10:10 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-01 10:02 - 2019-09-15 09:02 - 000002360 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-05-01 10:02 - 2018-08-15 00:38 - 000000000 ___RD C:\Users\Dell\OneDrive
2020-05-01 09:57 - 2018-08-15 00:43 - 000000000 __SHD C:\Users\Dell\IntelGraphicsProfiles
2020-05-01 09:57 - 2018-08-04 06:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-05-01 09:57 - 2018-08-04 06:47 - 000000000 ___RD C:\Users\Dell\3D Objects
2020-05-01 09:57 - 2018-08-04 06:47 - 000000000 ____D C:\Users\Dell\AppData\Local\Packages
2020-05-01 09:33 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-29 21:00 - 2020-03-17 08:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-04-29 21:00 - 2020-03-17 08:36 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-04-29 21:00 - 2020-03-17 08:36 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-04-29 10:58 - 2018-09-25 17:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-29 10:58 - 2018-09-25 17:52 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-29 10:58 - 2018-09-25 17:52 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-28 19:30 - 2020-04-02 12:30 - 000000000 ____D C:\Users\TEMP
2020-04-22 11:21 - 2019-03-19 05:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-04-20 14:14 - 2018-09-14 07:49 - 000000000 ____D C:\Users\Dell\AppData\LocalLow\Temp
2020-04-20 10:42 - 2020-04-02 12:36 - 000000000 ___RD C:\Users\TEMP\OneDrive
2020-04-16 09:46 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-16 09:46 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-15 18:09 - 2019-09-15 09:00 - 000552736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-15 18:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-10 08:20 - 2019-04-12 20:25 - 000000000 ____D C:\Users\Dell\AppData\Local\bbciplayerdownloads
2020-04-10 08:19 - 2019-04-12 20:25 - 000002717 _____ C:\Users\Dell\Desktop\BBCiPlayerDownloads.lnk
2020-04-08 20:48 - 2020-03-17 08:33 - 000000000 ____D C:\WINDOWS\Minidump
2020-04-03 12:55 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

==================== Files in the root of some directories ========

2018-09-05 08:12 - 2019-12-27 10:20 - 000000009 _____ () C:\Users\Dell\style.dat
2020-04-28 16:24 - 2020-04-28 16:24 - 000000000 _____ () C:\Users\Dell2\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


----------



## UnicornSparkle (Apr 11, 2020)

And addition.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2020
Ran by Dell2 (03-05-2020 07:39:59)
Running from C:\Users\Dell2\Desktop
Windows 10 Home Version 1903 18362.778 (X64) (2019-09-15 08:09:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3790778226-1724361597-474460523-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3790778226-1724361597-474460523-503 - Limited - Disabled)
Dell2 (S-1-5-21-3790778226-1724361597-474460523-1005 - Administrator - Enabled) => C:\Users\Dell2
Guest (S-1-5-21-3790778226-1724361597-474460523-501 - Limited - Disabled)
saman (S-1-5-21-3790778226-1724361597-474460523-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3790778226-1724361597-474460523-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Character Animator 2020 (HKLM-x32\...\CHAR_3_2) (Version: 3.2 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_4) (Version: 14.0.4 - Adobe Inc.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Autodesk SketchBook (HKLM\...\{AE6C5657-8710-4968-BEB5-1E2ED89CB2D2}) (Version: 8.71.0000 - Autodesk)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.2.3116 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brackets (HKLM-x32\...\{9CB3A036-0B7E-49B7-A60B-291E245CA6B2}) (Version: 1.13.17696 - brackets.io)
Canon MG6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series) (Version: - )
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Edraw Max 9.3 (HKLM-x32\...\Edraw Max_is1) (Version: - EdrawSoft)
Fuze Basic (HKLM\...\fuzebasic) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HP LaserJet M14-M17 Basic Device Software (HKLM\...\{DBD3A5B4-0A41-4C1B-A3EE-DA05AA5D5D70}) (Version: 46.2.2636.18185 - HP Inc.)
HP LaserJet M14-M17 Help (HKLM-x32\...\{860F83D4-E1ED-425C-9A5F-C07867AE1EC5}) (Version: 0.00.0005 - HP)
iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Krita (x64) 4.2.9 (HKLM\...\Krita_x64) (Version: 4.2.9.0 - Krita Foundation)
LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)
LEGO MINDSTORMS EV3 Home Content (HKLM-x32\...\{336475F0-51BA-4D15-9A19-08FB3DC48805}) (Version: 1.3.9 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home Edition (HKLM-x32\...\{D977D412-7728-4B45-9A17-D1A4B31A33F8}) (Version: 1.3.8 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home English Support (HKLM-x32\...\{7BB50FF6-F974-4D77-8338-6B50D98BDC5A}) (Version: 1.3.7 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Uninstaller (HKLM-x32\...\{5F3092B9-4240-4037-A287-BF6F9A2996BC}) (Version: 1.0.11 - The LEGO Group) Hidden
LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{0189C6FA-7333-4873-8E0B-3A1BE8E6726B}) (Version: 1.31.5.0 - LEGO)
LibreOffice 6.2 Help Pack (English (United Kingdom)) (HKLM\...\{7F3D2481-D36B-4A25-B3E8-CF1DA7C6FA54}) (Version: 6.2.5.2 - The Document Foundation)
LibreOffice 6.2.4.2 (HKLM\...\{B8FF8670-C6F4-4868-9DB2-C23324C0E575}) (Version: 6.2.4.2 - The Document Foundation)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{83D2491E-E25D-4CEB-9AFD-CEF77BF03974}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9179.0 - Waves Audio Ltd.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 81.0.416.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.127.15 - )
Microsoft OneDrive (HKU\S-1-5-21-3790778226-1724361597-474460523-1005\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
NI .NET Framework 4.0 (HKLM-x32\...\{0C43BB65-C604-4D94-A83A-54DCB42780B8}) (Version: 4.01.49154 - National Instruments) Hidden
NI EulaDepot (HKLM-x32\...\{87F60C46-07E2-46B4-B872-680DE4184C0A}) (Version: 3.20.363 - National Instruments) Hidden
NI MDF Support (HKLM-x32\...\{FA35D849-889D-4454-9532-6BE2008D2CDF}) (Version: 3.20.363 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (HKLM\...\{4A78D9E6-D349-4CCA-9295-45B12BE5BC6C}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (HKLM-x32\...\{20124E21-206B-485F-838F-14BB88161045}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Uninstaller (HKLM-x32\...\{C7743231-5899-418D-8CA5-22B0F654D894}) (Version: 3.20.363 - National Instruments) Hidden
NI VC2008MSMs x64 (HKLM\...\{07E00E94-7A78-40FA-9BEF-71C190E98041}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (HKLM-x32\...\{E84997A1-4D6F-4C0B-B60D-F85B360D2666}) (Version: 9.0.401 - National Instruments) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.3.2 - pdfforge GmbH)
Product Improvement Study for HP LaserJet M14-M17 (HKLM\...\{44899623-FEB7-4FE2-BC7C-3D22C2F4D84C}) (Version: 46.2.2636.18185 - HP Inc.)
Python 3.7.1 Core Interpreter (32-bit) (HKLM-x32\...\{5439005C-640E-473B-8374-5AA6BA9F8780}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Development Libraries (32-bit) (HKLM-x32\...\{D1F1A0E0-328E-438D-A18C-ACE71BCE10B7}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Documentation (32-bit) (HKLM-x32\...\{DAB8D967-E729-443C-96A7-BFE581D8B0B0}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Executables (32-bit) (HKLM-x32\...\{FFE80953-6126-49BF-9CC0-57113A8AAA37}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 pip Bootstrap (32-bit) (HKLM-x32\...\{4CAAB4B2-69D4-437A-870B-9AB2D0703E56}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Standard Library (32-bit) (HKLM-x32\...\{E8A32F30-F5EC-4724-8F99-A51B69176B2F}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{AC008439-97C6-4079-B451-069A1AC86C9D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Test Suite (32-bit) (HKLM-x32\...\{A9C09A2F-4ABC-41EF-B3F7-629C8178186B}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Utility Scripts (32-bit) (HKLM-x32\...\{D3397B2B-DC1F-4EDF-BFAE-827431206FB6}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C3A1C6B1-9096-47A7-AB5C-09114002A996}) (Version: 3.7.6501.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8158 - Realtek Semiconductor Corp.)
SAntivirus Realtime Protection Lite (HKLM-x32\...\SAntivirus) (Version: 1.0.21.49 - Digital Com. Inc) <==== ATTENTION
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Vita Concert Grand LE (HKLM\...\{CB5D721E-C919-4CDF-8356-D6F84490FB3F}) (Version: 2.4.0.96 - MAGIX Software GmbH) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2018-11-13] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxDTCM.dll [2018-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-12-26 11:38 - 2018-12-26 11:38 - 000116736 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2019-01-01 13:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3790778226-1724361597-474460523-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3790778226-1724361597-474460523-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F28A8E64-BACF-4119-9A99-B03026D0CCC1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{6A3E19D8-31CA-48F7-93B3-B287D9A5F9F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{B28413B6-999A-4103-B628-E057C7B06AE5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{639DE6D8-C152-493C-845A-E1D6875B8D5A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{E69030EB-CF45-4577-AEAC-9E5B85D154BD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{8041F4D0-94CE-4B9F-9E44-938084BFDBD6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{B69464D7-C47E-4884-BA28-29DDBB1B1175}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{19766A71-903D-4C7B-8D64-4B7B2B53BEE4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{7ED2CC1B-967D-406B-B14A-DA5E8D244480}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{31CECD98-F8C4-4F5E-965D-EBD721AEBBD3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [UDP Query User{5F8B8938-604C-46AC-86B1-C73BD90EC958}C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe] => (Allow) C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe (National Instruments) [File not signed]
FirewallRules: [TCP Query User{1509D4B7-7000-4C1F-B069-BFA4653B907F}C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe] => (Allow) C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe (National Instruments) [File not signed]
FirewallRules: [TCP Query User{F468232A-782C-4386-AF14-03CFA72EB0FB}C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe (National Instruments) [File not signed]
FirewallRules: [UDP Query User{68E46633-8DC3-499C-A590-8A85F5FE92AD}C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe (National Instruments) [File not signed]
FirewallRules: [{B90EC05F-AF8D-409B-BC8F-DB1339571F22}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{26BB58B3-CE93-49BC-861B-7048FEAF3DE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD6B6F5E-D8CE-4DFA-9DBC-B0C2587A2D26}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{04DBA85E-2192-4517-8E1A-9A8B37C90633}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7F7BE050-30CD-4F04-B1E5-FD538BABB8CD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{FE61EC11-DE69-4A03-B79C-74C82B97668A}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [TCP Query User{3E0B28C0-5454-48D7-B83E-8935C322090A}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [{CAA133E6-2825-497B-8BA9-1B3BEED1A4F6}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS710C\HPDiagnosticCoreUI.exe No File
FirewallRules: [{C6ABEAFA-048F-4151-96F1-A42BFE9339CC}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS710C\HPDiagnosticCoreUI.exe No File
FirewallRules: [{46B8923F-A9B8-4E91-AADD-2BE3B7633A5B}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\bin\EWSProxy.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{3606C66C-2484-4A28-9750-82E6AAED8AC0}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{F890F4FD-947E-4A19-AE18-DEEE4311552C}] => (Allow) LPort=5357
FirewallRules: [{C3989B7C-F4E4-4D69-9A75-35A3294D83A6}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{B8F70699-63C0-4B05-A09E-32B3ACC7DF38}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{433E7DCA-401A-418E-8F16-6AEF89442FEF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4604C228-8E98-4C92-A064-341EBF0356E1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FA6FD34E-80AD-4B9E-B28C-64C3A57F43F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2BD3852B-97FD-4E2D-B3F9-3EE91FDA2D39}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E09B1FD3-4D37-4296-B209-7B1F7FC1CFD1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB726F6E-4F54-4577-A080-0C4C812994E8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F7FDAED0-4D07-493D-89DD-719AE1740DA1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB2344C3-7018-456D-8E86-C701E27C858F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{18247264-D152-4FFA-B48E-A01182D9AB66}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B464D732-0667-4362-B3FD-2311F335FEAC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ABA8239E-61CD-44ED-8F80-4BBA729D3E43}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{21D27E9F-01DC-46D4-90B8-2F0EB6D2DDDD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{85EE12FF-4A44-49D6-8A7C-1707AF17518C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AA0933B1-FAFF-4713-A9C7-0EFC8B31FBD0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{206816DC-3DCD-4082-A538-63D083C30190}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12106.2.48003.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2315198-21CF-4A6F-A0D8-1C20BB923C9B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{42D75EC0-185A-4A9B-B8D2-7B48FF72C7B6}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

20-04-2020 14:11:58 Restore Point Created by FRST
29-04-2020 20:05:24 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/03/2020 07:28:22 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11004,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/02/2020 05:26:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (16684,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/02/2020 04:09:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7448,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/02/2020 12:48:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14588,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 05:42:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13624,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 05:38:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.18362.693 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1ac4

Start Time: 01d61f988ae2eb23

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: a9d5c054-3efb-42c1-a38c-13526c50a16d

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (05/01/2020 04:00:36 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10060,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 12:30:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 11732, ProfSvc PID: 1716.

System errors:
=============
Error: (05/01/2020 10:11:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAntivirusSvc service failed to start due to the following error: 
The system cannot find the file specified.

Error: (05/01/2020 10:11:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAntivirusIC service failed to start due to the following error: 
The system cannot find the file specified.

Error: (05/01/2020 10:11:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cbVSCService11 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (05/01/2020 10:11:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the cbVSCService11 service to connect.

Error: (05/01/2020 10:11:39 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 09:33:13 on ‎01/‎05/‎2020 was unexpected.

Error: (04/28/2020 05:00:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAntivirusIC service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/28/2020 05:00:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAntivirusSvc service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/28/2020 05:00:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cbVSCService11 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Windows Defender:
===================================
Date: 2020-03-17 21:17:58.901
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8E6B1EE1-0E26-4DCD-8C08-CF74DB01C5C2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-17 10:24:09.769
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1722F6D0-3E20-4AB6-8D4D-9212645E7F52}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-08 16:55:53.356
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F6D38FE1-8EC0-4119-87C1-CB6B4AE99A82}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-08 16:41:55.859
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C58F4585-3C53-4EAC-A2D5-40A1DB889671}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-02-08 19:58:45.153
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4C36BB76-A3CE-4910-98FA-99F87885AC7D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-02-14 07:40:47.534
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.309.857.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16700.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-12-08 12:21:57.863
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.22.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-05-03 07:39:40.384
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-03 07:39:30.215
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-03 07:39:28.316
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-03 07:39:25.749
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-03 07:39:19.224
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-03 07:39:18.599
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-03 07:39:11.630
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-03 07:34:25.510
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.27.0 01/18/2019
Motherboard: Dell Inc. 0WH5C0
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 91%
Total physical RAM: 3962.15 MB
Available physical RAM: 333.93 MB
Total Virtual: 10618.15 MB
Available Virtual: 4967.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.64 GB) (Free:56.63 GB) NTFS

\\?\Volume{3d36e852-0d7c-4e57-b0bf-f96529817c40}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{fb26560b-a463-4523-b3e4-d588e3177790}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: CE1E5D40)

Partition: GPT.

==================== End of Addition.txt =======================

Thank-you so, so much!


----------



## DR.M (Sep 4, 2019)

Thank you, UnicornSparkle! 

I will be back to you later today!


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Thank you, UnicornSparkle!
> 
> I will be back to you later today!


Thank-you so much!


----------



## DR.M (Sep 4, 2019)

Hi, UnicornSparkle!

I'm glad we essentially have these logs!

We have some work to do here. 
* 
1. Uninstall SAntivirus*

This stubborn program still shows in your Programs list, so let's go and uninstall it:

Press the *Windows Key + R.*
Type *appwiz.cpl *in the Run box and click *OK.*
The Add/Remove Programs list will open. Locate the following program on the list:


```
SAntivirus Realtime Protection Lite
```

Select the above program and click *Uninstall.*
*Restart* the computer.

*2. Run FRST fix*

*NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system*

Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.


```
Start::
CreateRestorePoint:
CloseProcesses:
Task: {58D9B2CC-2D81-4421-8BB0-4667E5880018} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
C:\ProgramData\Norton
C:\Program Files\Common Files\AVAST Software
C:\Program Files\AVAST Software
FirewallRules: [{7ED2CC1B-967D-406B-B14A-DA5E8D244480}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{31CECD98-F8C4-4F5E-965D-EBD721AEBBD3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
EmptyTemp:
End::
```

*Please right-click on FRST64 on your Desktop,* to run it as administrator. When the tool opens, click *"yes"* to the disclaimer.
Press the *Fix* button once and wait.
FRST will process *fixlist.txt*
When finished, it will produce a log *fixlog.txt* on your Desktop.
*Please post the log in your next reply.*

*3. Running MBAM*

Download *Malwarebytes* and save it to your Desktop.
Once downloaded, close all programs and Windows on your computer.
Double-click on the icon on your desktop named *MBSetup.exe*. This will start the installation of MBAM onto your computer.
Follow the instructions to install the program.
When finished, *double click* the program's icon created on your Desktop.
Click the little gear on the top right *(Settings) *and when it opens, click the *Security *tab and make sure about the following:


```
Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) is unchecked.
    Under the title Potentially unwanted items are set to Always.
```

Click on the little gear to return to the main menu and select *Scan. *The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
When finished, you will see the *Thread Scan Summary* window open.
*If threads are not found,* click *View Report *and proceed to the *two last steps below. *
*If threats are found,* make sure that *all threats are not selected,* close the program and proceed to the next steps below.
Open *Malwarebytes* again, click on the *Scanner,* and then on the *Reports *tab.
Find the report with the most recent date and *double click on it.*
Click on *Export* and then *Copy to Clipboard.*
*Paste its content here, in your next reply.*

*4. Running Adware Cleaner*

Download *AdwCleaner* and save it to your desktop.

Double click *AdwCleaner.exe* to run it.
Click *Scan Now*.
When the scan has finished, a *Scan Results* window will open.
Click *Cancel* _(at this point do not attempt to *Quarantine* anything that is found)_

Now click the *Log Files*tab.
Double click on the latest scan log _(Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)_
A Notepad file will open containing the results of the scan.
*Please post the contents of the file in your next reply.*


*In your next reply, please make sure to post:*

The Fixlog.txt content
The MBAM report
AdwCleaner[S0*].txt


----------



## UnicornSparkle (Apr 11, 2020)

Hi! This comes up when I try and uninstall it. This happened with PremierOpinion as well. Shall I remove it from the program list like I did with Premier Opinion? Thanks!


----------



## DR.M (Sep 4, 2019)

Yes, you can go on removing it from the Program and Features.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Yes, you can go on removing it from the Program and Features.


Ok thanks!


----------



## UnicornSparkle (Apr 11, 2020)

Hi! Here is fixlog.txt. Shall I move onto the next steps if I encounter no problems? Thanks!
Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by Dell2 (04-05-2020 08:05:10) Run:2
Running from C:\Users\Dell2\Desktop
Loaded Profiles: Dell2 (Available Profiles: Dell2)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {58D9B2CC-2D81-4421-8BB0-4667E5880018} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
C:\ProgramData\Norton
C:\Program Files\Common Files\AVAST Software
C:\Program Files\AVAST Software
FirewallRules: [{7ED2CC1B-967D-406B-B14A-DA5E8D244480}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
FirewallRules: [{31CECD98-F8C4-4F5E-965D-EBD721AEBBD3}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{58D9B2CC-2D81-4421-8BB0-4667E5880018}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58D9B2CC-2D81-4421-8BB0-4667E5880018}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
C:\ProgramData\Norton => moved successfully
"C:\Program Files\Common Files\AVAST Software" => not found
"C:\Program Files\AVAST Software" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7ED2CC1B-967D-406B-B14A-DA5E8D244480}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31CECD98-F8C4-4F5E-965D-EBD721AEBBD3}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25253760 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 257225026 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14914 B
NetworkService => 14914 B
Dell.ISISUNICORN => 14914 B
Dell2 => 121969876 B

RecycleBin => 607697724 B
EmptyTemp: => 976.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 08:05:43 ====


----------



## DR.M (Sep 4, 2019)

Yes, you can move on to the next steps.


----------



## UnicornSparkle (Apr 11, 2020)

Hi! Here is the report. Thanks!
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 04/05/2020
Scan Time: 08:27
Log File: adaebee2-8dd8-11ea-a985-00e18cf8fd85.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.889
Update Package Version: 1.0.23388
Licence: Trial

-System Information-
OS: Windows 10 (Build 18362.778)
CPU: x64
File System: NTFS
User: ISISUNICORN\Dell2

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 355030
Threats Detected: 40
Threats Quarantined: 0
Time Elapsed: 3 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 12
PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\SAntivirus, No Action By User, 5379, 783948, 1.0.23388, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\SAntivirus, No Action By User, 5379, 783948, 1.0.23388, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\SAntivirus, No Action By User, 5379, 783949, 1.0.23388, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\SAntivirusProduct, No Action By User, 5379, 783951, 1.0.23388, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\SAntivirus, No Action By User, 5379, 783949, 1.0.23388, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\SegOption, No Action By User, 5379, 757809, 1.0.23388, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\santivirusclient_RASAPI32, No Action By User, 5379, 783946, 1.0.23388, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\santivirusclient_RASMANCS, No Action By User, 5379, 783946, 1.0.23388, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\SAntivirusService_RASAPI32, No Action By User, 5379, 783947, 1.0.23388, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\SAntivirusService_RASMANCS, No Action By User, 5379, 783947, 1.0.23388, , ame, 
PUP.Optional.WebBar, HKLM\SOFTWARE\MICROSOFT\TRACING\winwb_RASAPI32, No Action By User, 5038, 262291, 1.0.23388, , ame, 
PUP.Optional.WebBar, HKLM\SOFTWARE\MICROSOFT\TRACING\winwb_RASMANCS, No Action By User, 5038, 262291, 1.0.23388, , ame,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\USERS\DELL\APPDATA\LOCAL\WALLPAPERSUITE, No Action By User, 2761, 748124, 1.0.23388, , ame, 
PUP.Optional.Segurazo, C:\PROGRAMDATA\SANTIVIRUS, No Action By User, 5379, 783940, 1.0.23388, , ame, 
PUP.Optional.Segurazo, C:\USERS\DELL\APPDATA\ROAMING\SANTIVIRUSCLIENT, No Action By User, 5379, 788610, 1.0.23388, , ame,

File: 24
PUP.Optional.Webbar, C:\USERS\DELL\APPDATA\LOCAL\MICROSOFT\CLR_V4.0\USAGELOGS\WINWB.EXE.LOG, No Action By User, 816, 375739, 1.0.23388, , ame, 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1200.jpg, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1210.jpg, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1220.jpg, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1230.jpg, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1240.jpg, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1250.jpg, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1260.jpg, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1270.jpg, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1280.jpg, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1290.jpg, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\uninstall.exe, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\WallpaperSuite.exe, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\WallpaperSuiteHelper64.exe, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\WallpaperSuiteLib.dll, No Action By User, 2761, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\WallpaperSuiteLib64.dll, No Action By User, 2761, 748124, , , , 
PUP.Optional.InstallCore.Generic, C:\USERS\DELL\DOWNLOADS\YOUR FILE IS READY TO DOWNLOAD_3452282368.EXE, No Action By User, 5964, 512151, 1.0.23388, , ame, 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 283, 628563, , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 283, 628563, , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 283, 628563, , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 283, 628563, , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 283, 628563, 1.0.23388, , ame, 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 283, 626729, 1.0.23388, , ame, 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 283, 626729, 1.0.23388, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)


----------



## DR.M (Sep 4, 2019)

Thanks.

Waiting for the AdwCleaner log. When you are ready.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Thanks.
> 
> Waiting for the AdwCleaner log. When you are ready.


Hi! Ok here it is. Thanks!
# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-04-2020
# Duration: 00:00:30
# OS: Windows 10 Home
# Scanned: 31802
# Detected: 16

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Segurazo C:\ProgramData\SAntivirus
PUP.Optional.Segurazo C:\Users\Dell\AppData\Roaming\santivirusclient
PUP.Optional.WallpaperSuiteHD C:\Users\Dell\AppData\Local\WallpaperSuite

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\WebBar
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
PUP.Optional.SAntivirus HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
PUP.Optional.SAntivirus HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
PUP.Optional.SAntivirus HKLM\SOFTWARE\Microsoft\Windows\SAntivirus
PUP.Optional.SAntivirus HKLM\Software\SegOption
PUP.Optional.SAntivirus HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
PUP.Optional.SAntivirus HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
PUP.Optional.SAntivirus HKLM\Software\Wow6432Node\\Microsoft\Windows\SAntivirus
PUP.Optional.Segurazo HKLM\Software\SAntivirus
PUP.Optional.Segurazo HKLM\Software\Wow6432Node\SAntivirus
PUP.Optional.Segurazo HKLM\Software\Wow6432Node\SAntivirusProduct
PUP.Optional.Segurazo HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


----------



## DR.M (Sep 4, 2019)

Hi, UnicornSparkle.

It seems that we are ready to kill that SAntivirus for ever! 

*1. Run Malwarebytes (Clean mode)*

*Double click* the program's icon on your Desktop, as you did before.
Click the little gear on the top right *(Settings) *and when it opens, click the *Security *tab and make sure about the following:

```
Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) is unchecked.
Under the title Potentially unwanted items are set to Always.
```

Click on the little gear to return to the main menu and select *Scan. *The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
When finished, you will see the *Thread Scan Summary* window open.
*If threads are not found,* click *View Report *and proceed to the *two last steps below. *
*If threats are found,* make sure that *all threats are selected,* and click on *Quarantine/Remove selected.*
You may need to* restart* the computer.
Open *Malwarebytes* again, click on the *Scanner,* and then on the *Reports *tab.
Find the report with the most recent date and *double click on it.*
Click on *Export* and then *Copy to Clipboard.*
*Paste its content here, in your next reply.*

*2. AdwCleaner (Clean mode)*

*Double click* AdwCleaner.exe on your Desktop, to run it as you did before.
Click *Scan Now.*
When the scan has finished a *Scan Results* window will open.
Please check all threads found and then click *Quarantine.*
Click *Next.*
If any pre-installed software was found on your machine, a prompt window will open _(Note: previous scan showed no pre-installed software in your machine, so you can skip these sub steps)._
Click *OK* to close it.

Check any pre-installed software items you want to remove _(previous scan showed no pre-installed software in your machine, so you can skip this)._
Click *Quarantine.*

A prompt to save your work will appear.
Click *Continue* when you're ready to proceed.

A prompt to restart your computer will appear.
Click *Restart Now.*

Once your computer has restarted:
If it doesn't open automatically, please start *ADWCleaner.*
Click the *Log Files* tab.
Double click on the latest Clean log _(Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)_
A Notepad file will open containing the results of the removal.
*Please post the contents of the file in your next reply.*


*3. Fresh FRST logs*

*Double-click on the FRST icon to run it,* as you did before. When the tool opens click *Yes* to disclaimer.
Press *Scan* button and wait for a while.
The scanner will produced two logs on your Desktop: *FRST.txt *and *Addition.txt*.
*Please copy and paste the content of these two logs in your next reply.*

*In your next reply, please post:*

1. The MBAM report
2. AdwCleaner[*C0**].txt
3. FRST.txt and Addition.txt


----------



## UnicornSparkle (Apr 11, 2020)

Hi! I did Malware bytes yesterday, but didn't have enough time to run the rest of the fixes that day so this is the log from yesterday. The log from today that it automatically did is clear. Here they are...
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 04/05/2020
Scan Time: 17:49
Log File: 42cbd278-8e27-11ea-9af0-00e18cf8fd85.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.889
Update Package Version: 1.0.23404
Licence: Trial

-System Information-
OS: Windows 10 (Build 18362.778)
CPU: x64
File System: NTFS
User: ISISUNICORN\Dell2

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 355163
Threats Detected: 40
Threats Quarantined: 40
Time Elapsed: 3 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 12
PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\SAntivirus, Quarantined, 5378, 783948, 1.0.23404, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\SAntivirus, Quarantined, 5378, 783948, 1.0.23404, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\SAntivirus, Quarantined, 5378, 783949, 1.0.23404, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\SegOption, Quarantined, 5378, 757809, 1.0.23404, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\SAntivirus, Quarantined, 5378, 783949, 1.0.23404, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\SAntivirusProduct, Quarantined, 5378, 783951, 1.0.23404, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\santivirusclient_RASAPI32, Quarantined, 5378, 783946, 1.0.23404, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\santivirusclient_RASMANCS, Quarantined, 5378, 783946, 1.0.23404, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\SAntivirusService_RASAPI32, Quarantined, 5378, 783947, 1.0.23404, , ame, 
PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\SAntivirusService_RASMANCS, Quarantined, 5378, 783947, 1.0.23404, , ame, 
PUP.Optional.WebBar, HKLM\SOFTWARE\MICROSOFT\TRACING\winwb_RASAPI32, Quarantined, 5037, 262291, 1.0.23404, , ame, 
PUP.Optional.WebBar, HKLM\SOFTWARE\MICROSOFT\TRACING\winwb_RASMANCS, Quarantined, 5037, 262291, 1.0.23404, , ame,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\USERS\DELL\APPDATA\LOCAL\WALLPAPERSUITE, Quarantined, 2760, 748124, 1.0.23404, , ame, 
PUP.Optional.Segurazo, C:\PROGRAMDATA\SANTIVIRUS, Quarantined, 5378, 783940, 1.0.23404, , ame, 
PUP.Optional.Segurazo, C:\USERS\DELL\APPDATA\ROAMING\SANTIVIRUSCLIENT, Quarantined, 5378, 788610, 1.0.23404, , ame,

File: 24
PUP.Optional.Webbar, C:\USERS\DELL\APPDATA\LOCAL\MICROSOFT\CLR_V4.0\USAGELOGS\WINWB.EXE.LOG, Quarantined, 815, 375739, 1.0.23404, , ame, 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1200.jpg, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1210.jpg, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1220.jpg, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1230.jpg, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1240.jpg, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1250.jpg, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1260.jpg, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1270.jpg, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1280.jpg, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\Wallpapers\1290.jpg, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\uninstall.exe, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\WallpaperSuite.exe, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\WallpaperSuiteHelper64.exe, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\WallpaperSuiteLib.dll, Quarantined, 2760, 748124, , , , 
PUP.Optional.WallPaperSuite, C:\Users\Dell\AppData\Local\WallpaperSuite\WallpaperSuiteLib64.dll, Quarantined, 2760, 748124, , , , 
PUP.Optional.InstallCore.Generic, C:\USERS\DELL\DOWNLOADS\YOUR FILE IS READY TO DOWNLOAD_3452282368.EXE, Quarantined, 5963, 512151, 1.0.23404, , ame, 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 283, 626729, , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 283, 626729, , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 283, 626729, 1.0.23404, , ame, 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 283, 628563, , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 283, 628563, , , , 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 283, 628563, 1.0.23404, , ame, 
PUP.Optional.SearchManager.BITSRST, C:\USERS\DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 283, 626729, 1.0.23404, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Then AdwCleaner...
# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-05-2020
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 7
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\Software\WebBar
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2864 octets] - [04/05/2020 11:05:51]
AdwCleaner[S01].txt - [2311 octets] - [05/05/2020 15:48:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

The interesting thing is, WebBar was the thing that i accidentally installed that then installed Santivirus and premier opinion, but i deleted webbar but apparently not! S antivirus is stubborn....!
Thanks!


----------



## UnicornSparkle (Apr 11, 2020)

Then FRST.txt part 1...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2020
Ran by Dell2 (administrator) on ISISUNICORN (Dell Inc. Inspiron 13-5378) (05-05-2020 15:59:51)
Running from C:\Users\Dell2\Desktop
Loaded Profiles: Dell2 (Available Profiles: Dell2)
Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <5>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <2>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\IntelCpHeciSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Dell2\Desktop\AdwCleaner.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Dell2\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9237968 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1497048 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [976768 2017-05-08] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [156256 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] (National Instruments Corporation -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3790778226-1724361597-474460523-1005\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-03-09] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-29] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\Installer\setup.exe [2020-04-29] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2020-03-30]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0682DCFB-1BE9-42D6-A7FA-502F998BC78B} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3790778226-1724361597-474460523-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {1239742A-ED43-4A6C-ABAB-BD4EF55E4A06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-25] (Google Inc -> Google Inc.)
Task: {33BED376-B1E9-4493-9342-0E43C4142D24} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-16] (Adobe Inc. -> Adobe)
Task: {33E8F873-6D95-4E84-9D0E-033323CB5691} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {34E68667-F92A-48CC-8C9B-E5AC77AD7424} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-16] (Adobe Inc. -> Adobe)
Task: {47170E82-A528-4397-B796-509E89804135} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {535C90CC-D12D-44B2-9AD2-C7D1D6BC0EA4} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3373072 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {5D0064CA-88FC-44E2-9819-E0CA949FDB82} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6FBFDE81-E731-4261-8EF0-C9E7D947F5E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {7520EB45-B7E9-4FA4-BE90-DE368E02F1E8} - System32\Tasks\HPCustParticipation HP LaserJet M14-M17 => C:\Program Files\HP\HP LaserJet M14-M17\Bin\HPCustPartic.exe [6662792 2018-07-04] (Hewlett Packard -> HP Inc.)
Task: {858CC683-261B-42D5-9DB8-93AEAA8B903D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-25] (Google Inc -> Google Inc.)
Task: {B45A5A99-92DE-486B-9EA3-A5E84CF5FE0B} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1497048 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {CB41A6AE-0D41-49CD-84F6-553A55A80DE5} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3790778226-1724361597-474460523-1005 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2019-03-19] (Microsoft Windows -> )
Task: {E8CCBA86-751E-4A7D-B85F-EEE0D9C6F7DB} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fee471dd-c8e9-4f2b-8d26-d737c8cbe35f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================

Edge: 
======
Edge Profile: C:\Users\Dell2\AppData\Local\Microsoft\Edge\User Data\Default [2020-05-05]
Edge Notifications: Default -> hxxps://forums.techguy.org; hxxps://teams.microsoft.com

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2020-03-30] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [345960 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5552064 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110608 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [223120 2020-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2223864 2017-01-05] (Intel Corporation -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-16] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-04] (Malwarebytes Inc -> Malwarebytes)
S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\elevation_service.exe [1125264 2020-04-29] (Microsoft Corporation -> Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333264 2017-06-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [592776 2017-05-08] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37960 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [206672 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [234840 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [179032 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61272 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16520 2020-04-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [43568 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175984 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [110064 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [85664 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [852392 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [459992 2020-04-17] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [235768 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [317864 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-08] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [75320 2017-01-05] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [358968 2017-01-05] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63496 2017-01-12] (Intel(R) Software -> Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [31328 2016-08-09] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [356608 2016-11-16] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [143984 2016-09-18] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [80496 2016-08-17] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-05-04] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-05-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-05-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-05-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-05-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [125088 2020-05-05] (Malwarebytes Inc -> Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8720384 2019-08-27] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [40008 2015-06-25] (Intel(R) Software -> Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-05 15:54 - 2020-05-05 15:54 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-05-05 15:54 - 2020-05-05 15:54 - 000125088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-05-05 15:54 - 2020-05-05 15:54 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-05-05 15:54 - 2020-05-05 15:54 - 000000000 ____D C:\Users\Dell2\AppData\LocalLow\IGDump
2020-05-05 15:53 - 2020-05-05 15:53 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-05-05 15:39 - 2020-05-05 15:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2020-05-04 11:05 - 2020-05-05 15:53 - 000000000 ____D C:\AdwCleaner
2020-05-04 11:04 - 2020-05-04 11:04 - 008196784 _____ (Malwarebytes) C:\Users\Dell2\Desktop\AdwCleaner.exe
2020-05-04 10:19 - 2020-05-04 10:20 - 000000000 ____D C:\Users\Dell2\AppData\Local\PDFCreator
2020-05-04 10:18 - 2020-05-04 10:18 - 004658115 _____ C:\Users\Dell2\Downloads\Scanned travel writing resources Y7.pdf
2020-05-04 08:23 - 2020-05-04 08:23 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-05-04 08:23 - 2020-05-04 08:23 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-05-04 08:23 - 2020-05-04 08:23 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-05-04 08:23 - 2020-05-04 08:23 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-05-04 08:23 - 2020-05-04 08:23 - 000000000 ____D C:\Users\Dell2\AppData\Local\mbamtray
2020-05-04 08:23 - 2020-05-04 08:23 - 000000000 ____D C:\Users\Dell2\AppData\Local\mbam
2020-05-04 08:23 - 2020-05-04 08:22 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-05-04 08:23 - 2020-05-04 08:22 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-05-04 08:22 - 2020-05-04 08:22 - 001980016 _____ (Malwarebytes) C:\Users\Dell2\Downloads\MBSetup.exe
2020-05-04 08:22 - 2020-05-04 08:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-04 08:22 - 2020-05-04 08:22 - 000000000 ____D C:\Program Files\Malwarebytes
2020-05-04 08:04 - 2020-05-04 08:04 - 000000000 ____D C:\Users\Dell2\Desktop\FRST-OlderVersion
2020-05-03 07:39 - 2020-05-03 07:41 - 000034239 _____ C:\Users\Dell2\Desktop\Addition.txt
2020-05-03 07:37 - 2020-05-05 16:00 - 000020228 _____ C:\Users\Dell2\Desktop\FRST.txt
2020-05-03 07:29 - 2020-05-04 08:05 - 000002648 _____ C:\Users\Dell2\Desktop\Fixlog.txt
2020-05-03 07:28 - 2020-05-04 08:04 - 002283520 _____ (Farbar) C:\Users\Dell2\Desktop\FRST64.exe
2020-05-02 16:36 - 2020-05-02 16:36 - 000000000 ___RD C:\Users\Dell2\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2020-05-01 12:30 - 2020-05-01 12:30 - 000000020 ___SH C:\Users\Dell.ISISUNICORN\ntuser.ini
2020-05-01 12:30 - 2020-05-01 12:30 - 000000000 ____D C:\Users\Dell.ISISUNICORN
2020-05-01 12:30 - 2019-03-19 05:46 - 000001105 _____ C:\Users\Dell.ISISUNICORN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-05-01 10:09 - 2020-05-01 10:09 - 000000000 ____D C:\Users\Dell\AppData\Roaming\AVG
2020-05-01 10:07 - 2020-05-01 10:07 - 000000000 ____D C:\Users\Dell\AppData\Local\Avg
2020-05-01 09:59 - 2020-05-01 09:59 - 000000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2020-04-30 17:52 - 2020-04-30 17:52 - 001579591 _____ C:\Users\Dell2\Downloads\Nominative Plural.pptx
2020-04-30 17:52 - 2020-04-30 17:52 - 000060806 _____ C:\Users\Dell2\Downloads\Latin Stage 4 consolidation + actores.pptx
2020-04-30 17:34 - 2020-04-30 17:34 - 000000000 ____D C:\Users\Dell2\AppData\Roaming\Apple Computer
2020-04-30 08:55 - 2020-04-30 08:55 - 000000000 ____D C:\Users\Dell2\AppData\Roaming\LibreOffice
2020-04-30 08:15 - 2020-05-01 09:23 - 000000191 _____ C:\Users\Dell2\Desktop\fix.reg
2020-04-30 08:15 - 2020-04-30 08:15 - 000001028 _____ C:\Users\Dell2\Documents\fix.reg
2020-04-29 19:46 - 2020-04-29 19:46 - 000000000 ____D C:\Users\Dell2\AppData\Roaming\Autodesk
2020-04-28 19:30 - 2019-03-19 05:46 - 000001105 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-28 19:03 - 2020-04-28 19:03 - 000000000 ____D C:\Users\Dell2\AppData\Local\Apple
2020-04-28 16:30 - 2020-04-28 16:30 - 000000000 ____D C:\Users\Dell2\AppData\Roaming\AVG
2020-04-28 16:23 - 2020-05-04 19:17 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3790778226-1724361597-474460523-1005
2020-04-28 16:23 - 2020-04-28 16:24 - 000000000 ___RD C:\Users\Dell2\OneDrive
2020-04-28 16:21 - 2020-05-04 17:21 - 000000000 ____D C:\Users\Dell2\AppData\Local\PlaceholderTileLogoFolder
2020-04-28 16:21 - 2020-05-02 15:59 - 000000000 ____D C:\Users\Dell2\AppData\Local\Comms
2020-04-28 16:20 - 2020-04-28 16:20 - 000000000 ____D C:\Users\Dell2\AppData\Local\D3DSCache
2020-04-28 16:20 - 2020-04-28 16:20 - 000000000 ____D C:\Users\Dell2\AppData\Local\Avg
2020-04-28 16:20 - 2020-04-28 16:20 - 000000000 ____D C:\Users\Dell2\AppData\Local\Adobe
2020-04-28 16:19 - 2020-04-28 16:19 - 000000000 ____D C:\Users\Dell2\AppData\Local\Publishers
2020-04-28 16:19 - 2020-04-28 16:19 - 000000000 ____D C:\Users\Dell2\AppData\Local\LEGO
2020-04-28 16:19 - 2020-04-28 16:19 - 000000000 ____D C:\Users\Dell2\AppData\Local\CEF
2020-04-28 16:18 - 2020-05-05 15:53 - 000000000 __SHD C:\Users\Dell2\IntelGraphicsProfiles
2020-04-28 16:18 - 2020-04-30 09:10 - 000000000 ____D C:\Users\Dell2\AppData\Local\Packages
2020-04-28 16:18 - 2020-04-30 09:09 - 000000000 ____D C:\Users\Dell2\AppData\Local\ConnectedDevicesPlatform
2020-04-28 16:18 - 2020-04-28 16:24 - 000000000 ____D C:\Users\Dell2\AppData\Roaming\Adobe
2020-04-28 16:18 - 2020-04-28 16:19 - 000000000 ____D C:\Users\Dell2\AppData\Local\Intel
2020-04-28 16:18 - 2020-04-28 16:18 - 000000000 ___RD C:\Users\Dell2\3D Objects
2020-04-28 16:18 - 2020-04-28 16:18 - 000000000 ____D C:\Users\Dell2\AppData\Local\VirtualStore
2020-04-28 16:18 - 2020-04-28 16:18 - 000000000 ____D C:\Users\Dell2\AppData\Local\Google
2020-04-28 16:17 - 2020-04-28 16:17 - 000000000 ____D C:\WINDOWS\pss
2020-04-26 13:36 - 2020-05-01 17:36 - 000008006 _____ C:\Profile.txt
2020-04-24 11:19 - 2020-05-05 15:44 - 000000000 ____D C:\Users\Dell2\AppData\Local\CrashDumps
2020-04-23 19:41 - 2020-04-23 19:41 - 000000000 ____D C:\Users\Dell2\AppData\Local\ElevatedDiagnostics
2020-04-23 19:40 - 2020-05-05 15:53 - 000000000 ____D C:\Users\Dell2
2020-04-23 19:40 - 2020-04-28 16:24 - 000002363 _____ C:\Users\Dell2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-23 19:40 - 2020-04-23 19:40 - 000000020 ___SH C:\Users\Dell2\ntuser.ini
2020-04-22 11:22 - 2020-04-28 19:30 - 000000020 ___SH C:\Users\TEMP\ntuser.ini
2020-04-22 11:22 - 2020-04-23 19:40 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-04-21 08:42 - 2020-04-21 08:42 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\ConnectedDevicesPlatform
2020-04-21 08:42 - 2020-04-21 08:42 - 000000000 ____D C:\Users\defaultuser100000
2020-04-17 18:51 - 2020-04-17 18:51 - 000000000 ___HD C:\OneDriveTemp
2020-04-16 17:54 - 2020-05-05 16:00 - 000000000 ____D C:\FRST
2020-04-15 17:25 - 2020-04-15 17:25 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-15 17:25 - 2020-04-15 17:25 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-15 17:25 - 2020-04-15 17:25 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-15 17:25 - 2020-04-15 17:25 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-15 17:25 - 2020-04-15 17:25 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-15 17:25 - 2020-04-15 17:25 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-15 17:25 - 2020-04-15 17:25 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-15 17:25 - 2020-04-15 17:25 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-15 17:24 - 2020-04-15 17:25 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-15 17:24 - 2020-04-15 17:24 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-15 17:24 - 2020-04-15 17:24 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-15 17:24 - 2020-04-15 17:24 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-15 17:24 - 2020-04-15 17:24 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-15 17:24 - 2020-04-15 17:24 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-15 17:23 - 2020-04-15 17:23 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-15 17:23 - 2020-04-15 17:23 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-15 17:23 - 2020-04-15 17:23 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-15 17:11 - 2020-04-15 17:11 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-15 17:11 - 2020-04-15 17:11 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-08 20:48 - 2020-04-08 20:48 - 001367012 _____ C:\WINDOWS\Minidump\040820-11500-01.dmp


----------



## UnicornSparkle (Apr 11, 2020)

Then FRST.txt part 2...
==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-05 15:58 - 2019-09-15 09:11 - 000795992 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-05-05 15:58 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-05-05 15:55 - 2020-04-03 12:52 - 000000000 ____D C:\ProgramData\AVG
2020-05-05 15:53 - 2019-09-15 09:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-05 15:53 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-05 15:53 - 2019-03-19 05:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-05-05 15:42 - 2019-09-15 09:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-05 09:54 - 2020-03-30 18:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-05-05 09:54 - 2020-03-30 18:00 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-05-04 19:17 - 2020-04-03 12:55 - 000003250 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2020-05-04 19:17 - 2020-03-30 18:01 - 000002608 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2020-05-04 19:17 - 2020-03-17 08:35 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-05-04 19:17 - 2020-03-17 08:35 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-05-04 19:17 - 2019-12-04 22:30 - 000002642 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP LaserJet M14-M17
2020-05-04 19:17 - 2019-09-15 09:09 - 000003720 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-05-04 19:17 - 2019-09-15 09:09 - 000003404 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-05-04 19:17 - 2019-09-15 09:09 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-05-04 19:17 - 2019-09-15 09:09 - 000003306 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{1694A19D-2945-40D3-9EF6-F89601232488}
2020-05-04 19:17 - 2019-09-15 09:09 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-05-04 19:17 - 2019-09-15 09:09 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3790778226-1724361597-474460523-1001
2020-05-04 19:17 - 2019-09-15 09:09 - 000002304 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_PushButton
2020-05-04 19:17 - 2019-09-15 09:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-05-04 08:33 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-05-04 08:33 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-04 08:23 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-05-01 10:02 - 2019-09-15 09:02 - 000002360 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-05-01 10:02 - 2018-08-15 00:38 - 000000000 ___RD C:\Users\Dell\OneDrive
2020-05-01 09:57 - 2018-08-15 00:43 - 000000000 __SHD C:\Users\Dell\IntelGraphicsProfiles
2020-05-01 09:57 - 2018-08-04 06:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-05-01 09:57 - 2018-08-04 06:47 - 000000000 ___RD C:\Users\Dell\3D Objects
2020-05-01 09:57 - 2018-08-04 06:47 - 000000000 ____D C:\Users\Dell\AppData\Local\Packages
2020-04-29 21:00 - 2020-03-17 08:36 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-04-29 21:00 - 2020-03-17 08:36 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-04-29 21:00 - 2020-03-17 08:36 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-04-29 10:58 - 2018-09-25 17:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-29 10:58 - 2018-09-25 17:52 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-29 10:58 - 2018-09-25 17:52 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-28 19:30 - 2020-04-02 12:30 - 000000000 ____D C:\Users\TEMP
2020-04-20 14:14 - 2018-09-14 07:49 - 000000000 ____D C:\Users\Dell\AppData\LocalLow\Temp
2020-04-20 10:42 - 2020-04-02 12:36 - 000000000 ___RD C:\Users\TEMP\OneDrive
2020-04-17 16:05 - 2020-04-03 12:55 - 000459992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2020-04-16 09:46 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-16 09:46 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-15 18:09 - 2019-09-15 09:00 - 000552736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-15 18:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-15 18:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-10 08:20 - 2019-04-12 20:25 - 000000000 ____D C:\Users\Dell\AppData\Local\bbciplayerdownloads
2020-04-10 08:19 - 2019-04-12 20:25 - 000002717 _____ C:\Users\Dell\Desktop\BBCiPlayerDownloads.lnk
2020-04-08 20:48 - 2020-03-17 08:33 - 000000000 ____D C:\WINDOWS\Minidump
2020-04-08 09:02 - 2020-04-03 12:34 - 000001606 _____ C:\WINDOWS\ntbtlog.txt

==================== Files in the root of some directories ========

2018-09-05 08:12 - 2019-12-27 10:20 - 000000009 _____ () C:\Users\Dell\style.dat
2020-04-28 16:24 - 2020-04-28 16:24 - 000000000 _____ () C:\Users\Dell2\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

And addition.txt...
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2019-01-01 13:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3790778226-1724361597-474460523-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F28A8E64-BACF-4119-9A99-B03026D0CCC1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{6A3E19D8-31CA-48F7-93B3-B287D9A5F9F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{B28413B6-999A-4103-B628-E057C7B06AE5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{639DE6D8-C152-493C-845A-E1D6875B8D5A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{E69030EB-CF45-4577-AEAC-9E5B85D154BD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{8041F4D0-94CE-4B9F-9E44-938084BFDBD6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{B69464D7-C47E-4884-BA28-29DDBB1B1175}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{19766A71-903D-4C7B-8D64-4B7B2B53BEE4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [UDP Query User{5F8B8938-604C-46AC-86B1-C73BD90EC958}C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe] => (Allow) C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe (National Instruments) [File not signed]
FirewallRules: [TCP Query User{1509D4B7-7000-4C1F-B069-BFA4653B907F}C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe] => (Allow) C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe (National Instruments) [File not signed]
FirewallRules: [TCP Query User{F468232A-782C-4386-AF14-03CFA72EB0FB}C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe (National Instruments) [File not signed]
FirewallRules: [UDP Query User{68E46633-8DC3-499C-A590-8A85F5FE92AD}C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe (National Instruments) [File not signed]
FirewallRules: [{B90EC05F-AF8D-409B-BC8F-DB1339571F22}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{26BB58B3-CE93-49BC-861B-7048FEAF3DE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD6B6F5E-D8CE-4DFA-9DBC-B0C2587A2D26}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{04DBA85E-2192-4517-8E1A-9A8B37C90633}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7F7BE050-30CD-4F04-B1E5-FD538BABB8CD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{FE61EC11-DE69-4A03-B79C-74C82B97668A}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [TCP Query User{3E0B28C0-5454-48D7-B83E-8935C322090A}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [{CAA133E6-2825-497B-8BA9-1B3BEED1A4F6}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS710C\HPDiagnosticCoreUI.exe No File
FirewallRules: [{C6ABEAFA-048F-4151-96F1-A42BFE9339CC}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS710C\HPDiagnosticCoreUI.exe No File
FirewallRules: [{46B8923F-A9B8-4E91-AADD-2BE3B7633A5B}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\bin\EWSProxy.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{3606C66C-2484-4A28-9750-82E6AAED8AC0}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{F890F4FD-947E-4A19-AE18-DEEE4311552C}] => (Allow) LPort=5357
FirewallRules: [{C3989B7C-F4E4-4D69-9A75-35A3294D83A6}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{B8F70699-63C0-4B05-A09E-32B3ACC7DF38}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{433E7DCA-401A-418E-8F16-6AEF89442FEF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4604C228-8E98-4C92-A064-341EBF0356E1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FA6FD34E-80AD-4B9E-B28C-64C3A57F43F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2BD3852B-97FD-4E2D-B3F9-3EE91FDA2D39}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E09B1FD3-4D37-4296-B209-7B1F7FC1CFD1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB726F6E-4F54-4577-A080-0C4C812994E8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F7FDAED0-4D07-493D-89DD-719AE1740DA1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2315198-21CF-4A6F-A0D8-1C20BB923C9B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{42D75EC0-185A-4A9B-B8D2-7B48FF72C7B6}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

20-04-2020 14:11:58 Restore Point Created by FRST
29-04-2020 20:05:24 Scheduled Checkpoint
04-05-2020 08:05:11 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/05/2020 04:01:30 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4332,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 03:44:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.638, time stamp: 0x5ea214c5
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x5e8272e4
Exception code: 0xc0000005
Fault offset: 0x0000000000219d05
Faulting process ID: 0x1b98
Faulting application start time: 0x01d622eb77430310
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report ID: b5455d74-daf6-4bdf-baf0-775dfb9e8696
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/05/2020 03:39:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.18362.1, time stamp: 0x32d6c210
Faulting module name: frameserver.dll, version: 10.0.18362.628, time stamp: 0x6c45b078
Exception code: 0xc00d4e24
Fault offset: 0x00000000000606a9
Faulting process ID: 0x8ec
Faulting application start time: 0x01d622ead20d643d
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: c:\windows\system32\frameserver.dll
Report ID: a790951b-9ae4-4e1f-8263-6993bfc4ef05
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/05/2020 03:16:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9232,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 03:09:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15576,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 03:04:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.18362.1, time stamp: 0x32d6c210
Faulting module name: frameserver.dll, version: 10.0.18362.628, time stamp: 0x6c45b078
Exception code: 0xc00d4e24
Fault offset: 0x00000000000606a9
Faulting process ID: 0x2aac
Faulting application start time: 0x01d622e5a530e0d3
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: c:\windows\system32\frameserver.dll
Report ID: 6ee78bd5-04d8-43d6-8130-cf0d958b4beb
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/05/2020 02:51:58 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15180,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 02:38:10 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12884,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (05/05/2020 03:53:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cbVSCService11 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (05/05/2020 03:53:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the cbVSCService11 service to connect.

Error: (05/05/2020 03:53:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (05/05/2020 03:53:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (05/05/2020 03:53:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (05/05/2020 03:53:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/05/2020 03:53:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Waves Audio Services service terminated unexpectedly. It has done this 1 time(s).

Error: (05/05/2020 03:53:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).

Windows Defender:
===================================
Date: 2020-03-17 21:17:58.901
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8E6B1EE1-0E26-4DCD-8C08-CF74DB01C5C2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-17 10:24:09.769
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1722F6D0-3E20-4AB6-8D4D-9212645E7F52}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-08 16:55:53.356
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F6D38FE1-8EC0-4119-87C1-CB6B4AE99A82}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-08 16:41:55.859
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C58F4585-3C53-4EAC-A2D5-40A1DB889671}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-02-08 19:58:45.153
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4C36BB76-A3CE-4910-98FA-99F87885AC7D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-02-14 07:40:47.534
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.309.857.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16700.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-12-08 12:21:57.863
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.22.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-05-05 16:03:27.100
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:27.077
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:21.788
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:21.767
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:10.629
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:10.595
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:10.040
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:10.004
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.27.0 01/18/2019
Motherboard: Dell Inc. 0WH5C0
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 83%
Total physical RAM: 3962.15 MB
Available physical RAM: 657.77 MB
Total Virtual: 10874.15 MB
Available Virtual: 6799.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.64 GB) (Free:54.96 GB) NTFS

\\?\Volume{3d36e852-0d7c-4e57-b0bf-f96529817c40}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{fb26560b-a463-4523-b3e4-d588e3177790}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: CE1E5D40)

Partition: GPT.

==================== End of Addition.txt =======================

Thank-you so, so, so much!!!


----------



## DR.M (Sep 4, 2019)

Hi!

The first part of the Addition.txt is missing. Please post it again.

While reviewing your logs, how do you find the computer now?


----------



## UnicornSparkle (Apr 11, 2020)

Hi! My computer is sooooo much better!!! I can use skype for work, and open photos!!! It actually saves my passwords now and doesn't delete everything every few days!!! Thank-you so much!  Here it is again...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by Dell2 (05-05-2020 16:01:49)
Running from C:\Users\Dell2\Desktop
Windows 10 Home Version 1903 18362.778 (X64) (2019-09-15 08:09:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3790778226-1724361597-474460523-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3790778226-1724361597-474460523-503 - Limited - Disabled)
Dell2 (S-1-5-21-3790778226-1724361597-474460523-1005 - Administrator - Enabled) => C:\Users\Dell2
Guest (S-1-5-21-3790778226-1724361597-474460523-501 - Limited - Disabled)
saman (S-1-5-21-3790778226-1724361597-474460523-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3790778226-1724361597-474460523-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Character Animator 2020 (HKLM-x32\...\CHAR_3_2) (Version: 3.2 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_4) (Version: 14.0.4 - Adobe Inc.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Autodesk SketchBook (HKLM\...\{AE6C5657-8710-4968-BEB5-1E2ED89CB2D2}) (Version: 8.71.0000 - Autodesk)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.2.3116 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brackets (HKLM-x32\...\{9CB3A036-0B7E-49B7-A60B-291E245CA6B2}) (Version: 1.13.17696 - brackets.io)
Canon MG6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series) (Version: - )
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Edraw Max 9.3 (HKLM-x32\...\Edraw Max_is1) (Version: - EdrawSoft)
Fuze Basic (HKLM\...\fuzebasic) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HP LaserJet M14-M17 Basic Device Software (HKLM\...\{DBD3A5B4-0A41-4C1B-A3EE-DA05AA5D5D70}) (Version: 46.2.2636.18185 - HP Inc.)
HP LaserJet M14-M17 Help (HKLM-x32\...\{860F83D4-E1ED-425C-9A5F-C07867AE1EC5}) (Version: 0.00.0005 - HP)
iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Krita (x64) 4.2.9 (HKLM\...\Krita_x64) (Version: 4.2.9.0 - Krita Foundation)
LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)
LEGO MINDSTORMS EV3 Home Content (HKLM-x32\...\{336475F0-51BA-4D15-9A19-08FB3DC48805}) (Version: 1.3.9 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home Edition (HKLM-x32\...\{D977D412-7728-4B45-9A17-D1A4B31A33F8}) (Version: 1.3.8 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home English Support (HKLM-x32\...\{7BB50FF6-F974-4D77-8338-6B50D98BDC5A}) (Version: 1.3.7 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Uninstaller (HKLM-x32\...\{5F3092B9-4240-4037-A287-BF6F9A2996BC}) (Version: 1.0.11 - The LEGO Group) Hidden
LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{0189C6FA-7333-4873-8E0B-3A1BE8E6726B}) (Version: 1.31.5.0 - LEGO)
LibreOffice 6.2 Help Pack (English (United Kingdom)) (HKLM\...\{7F3D2481-D36B-4A25-B3E8-CF1DA7C6FA54}) (Version: 6.2.5.2 - The Document Foundation)
LibreOffice 6.2.4.2 (HKLM\...\{B8FF8670-C6F4-4868-9DB2-C23324C0E575}) (Version: 6.2.4.2 - The Document Foundation)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{83D2491E-E25D-4CEB-9AFD-CEF77BF03974}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9179.0 - Waves Audio Ltd.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 81.0.416.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.127.21 - )
Microsoft OneDrive (HKU\S-1-5-21-3790778226-1724361597-474460523-1005\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
NI .NET Framework 4.0 (HKLM-x32\...\{0C43BB65-C604-4D94-A83A-54DCB42780B8}) (Version: 4.01.49154 - National Instruments) Hidden
NI EulaDepot (HKLM-x32\...\{87F60C46-07E2-46B4-B872-680DE4184C0A}) (Version: 3.20.363 - National Instruments) Hidden
NI MDF Support (HKLM-x32\...\{FA35D849-889D-4454-9532-6BE2008D2CDF}) (Version: 3.20.363 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (HKLM\...\{4A78D9E6-D349-4CCA-9295-45B12BE5BC6C}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (HKLM-x32\...\{20124E21-206B-485F-838F-14BB88161045}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Uninstaller (HKLM-x32\...\{C7743231-5899-418D-8CA5-22B0F654D894}) (Version: 3.20.363 - National Instruments) Hidden
NI VC2008MSMs x64 (HKLM\...\{07E00E94-7A78-40FA-9BEF-71C190E98041}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (HKLM-x32\...\{E84997A1-4D6F-4C0B-B60D-F85B360D2666}) (Version: 9.0.401 - National Instruments) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.3.2 - pdfforge GmbH)
Product Improvement Study for HP LaserJet M14-M17 (HKLM\...\{44899623-FEB7-4FE2-BC7C-3D22C2F4D84C}) (Version: 46.2.2636.18185 - HP Inc.)
Python 3.7.1 Core Interpreter (32-bit) (HKLM-x32\...\{5439005C-640E-473B-8374-5AA6BA9F8780}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Development Libraries (32-bit) (HKLM-x32\...\{D1F1A0E0-328E-438D-A18C-ACE71BCE10B7}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Documentation (32-bit) (HKLM-x32\...\{DAB8D967-E729-443C-96A7-BFE581D8B0B0}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Executables (32-bit) (HKLM-x32\...\{FFE80953-6126-49BF-9CC0-57113A8AAA37}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 pip Bootstrap (32-bit) (HKLM-x32\...\{4CAAB4B2-69D4-437A-870B-9AB2D0703E56}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Standard Library (32-bit) (HKLM-x32\...\{E8A32F30-F5EC-4724-8F99-A51B69176B2F}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Tcl/Tk Support (32-bit) (HKLM-x32\...\{AC008439-97C6-4079-B451-069A1AC86C9D}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Test Suite (32-bit) (HKLM-x32\...\{A9C09A2F-4ABC-41EF-B3F7-629C8178186B}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python 3.7.1 Utility Scripts (32-bit) (HKLM-x32\...\{D3397B2B-DC1F-4EDF-BFAE-827431206FB6}) (Version: 3.7.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{C3A1C6B1-9096-47A7-AB5C-09114002A996}) (Version: 3.7.6501.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8158 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Vita Concert Grand LE (HKLM\...\{CB5D721E-C919-4CDF-8356-D6F84490FB3F}) (Version: 2.4.0.96 - MAGIX Software GmbH) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-10] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2018-11-13] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxDTCM.dll [2018-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-04] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-12-26 11:38 - 2018-12-26 11:38 - 000116736 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 00:38 - 2019-01-01 13:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3790778226-1724361597-474460523-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F28A8E64-BACF-4119-9A99-B03026D0CCC1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{6A3E19D8-31CA-48F7-93B3-B287D9A5F9F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{B28413B6-999A-4103-B628-E057C7B06AE5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{639DE6D8-C152-493C-845A-E1D6875B8D5A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{E69030EB-CF45-4577-AEAC-9E5B85D154BD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{8041F4D0-94CE-4B9F-9E44-938084BFDBD6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{B69464D7-C47E-4884-BA28-29DDBB1B1175}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{19766A71-903D-4C7B-8D64-4B7B2B53BEE4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [UDP Query User{5F8B8938-604C-46AC-86B1-C73BD90EC958}C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe] => (Allow) C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe (National Instruments) [File not signed]
FirewallRules: [TCP Query User{1509D4B7-7000-4C1F-B069-BFA4653B907F}C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe] => (Allow) C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe (National Instruments) [File not signed]
FirewallRules: [TCP Query User{F468232A-782C-4386-AF14-03CFA72EB0FB}C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe (National Instruments) [File not signed]
FirewallRules: [UDP Query User{68E46633-8DC3-499C-A590-8A85F5FE92AD}C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe (National Instruments) [File not signed]
FirewallRules: [{B90EC05F-AF8D-409B-BC8F-DB1339571F22}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{26BB58B3-CE93-49BC-861B-7048FEAF3DE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD6B6F5E-D8CE-4DFA-9DBC-B0C2587A2D26}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{04DBA85E-2192-4517-8E1A-9A8B37C90633}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7F7BE050-30CD-4F04-B1E5-FD538BABB8CD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{FE61EC11-DE69-4A03-B79C-74C82B97668A}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [TCP Query User{3E0B28C0-5454-48D7-B83E-8935C322090A}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [{CAA133E6-2825-497B-8BA9-1B3BEED1A4F6}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS710C\HPDiagnosticCoreUI.exe No File
FirewallRules: [{C6ABEAFA-048F-4151-96F1-A42BFE9339CC}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS710C\HPDiagnosticCoreUI.exe No File
FirewallRules: [{46B8923F-A9B8-4E91-AADD-2BE3B7633A5B}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\bin\EWSProxy.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{3606C66C-2484-4A28-9750-82E6AAED8AC0}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{F890F4FD-947E-4A19-AE18-DEEE4311552C}] => (Allow) LPort=5357
FirewallRules: [{C3989B7C-F4E4-4D69-9A75-35A3294D83A6}] => (Allow) C:\Program Files\HP\HP LaserJet M14-M17\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{B8F70699-63C0-4B05-A09E-32B3ACC7DF38}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{433E7DCA-401A-418E-8F16-6AEF89442FEF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4604C228-8E98-4C92-A064-341EBF0356E1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FA6FD34E-80AD-4B9E-B28C-64C3A57F43F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2BD3852B-97FD-4E2D-B3F9-3EE91FDA2D39}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E09B1FD3-4D37-4296-B209-7B1F7FC1CFD1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB726F6E-4F54-4577-A080-0C4C812994E8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F7FDAED0-4D07-493D-89DD-719AE1740DA1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C2315198-21CF-4A6F-A0D8-1C20BB923C9B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{42D75EC0-185A-4A9B-B8D2-7B48FF72C7B6}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

20-04-2020 14:11:58 Restore Point Created by FRST
29-04-2020 20:05:24 Scheduled Checkpoint
04-05-2020 08:05:11 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/05/2020 04:01:30 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4332,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 03:44:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.638, time stamp: 0x5ea214c5
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x5e8272e4
Exception code: 0xc0000005
Fault offset: 0x0000000000219d05
Faulting process ID: 0x1b98
Faulting application start time: 0x01d622eb77430310
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report ID: b5455d74-daf6-4bdf-baf0-775dfb9e8696
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/05/2020 03:39:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.18362.1, time stamp: 0x32d6c210
Faulting module name: frameserver.dll, version: 10.0.18362.628, time stamp: 0x6c45b078
Exception code: 0xc00d4e24
Fault offset: 0x00000000000606a9
Faulting process ID: 0x8ec
Faulting application start time: 0x01d622ead20d643d
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: c:\windows\system32\frameserver.dll
Report ID: a790951b-9ae4-4e1f-8263-6993bfc4ef05
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/05/2020 03:16:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9232,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 03:09:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15576,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 03:04:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_FrameServer, version: 10.0.18362.1, time stamp: 0x32d6c210
Faulting module name: frameserver.dll, version: 10.0.18362.628, time stamp: 0x6c45b078
Exception code: 0xc00d4e24
Fault offset: 0x00000000000606a9
Faulting process ID: 0x2aac
Faulting application start time: 0x01d622e5a530e0d3
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: c:\windows\system32\frameserver.dll
Report ID: 6ee78bd5-04d8-43d6-8130-cf0d958b4beb
Faulting package full name: 
Faulting package-relative application ID:

Error: (05/05/2020 02:51:58 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15180,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 02:38:10 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12884,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (05/05/2020 03:53:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cbVSCService11 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (05/05/2020 03:53:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the cbVSCService11 service to connect.

Error: (05/05/2020 03:53:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (05/05/2020 03:53:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (05/05/2020 03:53:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\system32\IntelWifiIhv04.dll

Error: (05/05/2020 03:53:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/05/2020 03:53:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Waves Audio Services service terminated unexpectedly. It has done this 1 time(s).

Error: (05/05/2020 03:53:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).

Windows Defender:
===================================
Date: 2020-03-17 21:17:58.901
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8E6B1EE1-0E26-4DCD-8C08-CF74DB01C5C2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-17 10:24:09.769
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1722F6D0-3E20-4AB6-8D4D-9212645E7F52}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-08 16:55:53.356
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F6D38FE1-8EC0-4119-87C1-CB6B4AE99A82}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-03-08 16:41:55.859
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C58F4585-3C53-4EAC-A2D5-40A1DB889671}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-02-08 19:58:45.153
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4C36BB76-A3CE-4910-98FA-99F87885AC7D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-02-14 07:40:47.534
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.309.857.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16700.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-12-08 12:21:57.863
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.22.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-05-05 16:03:27.100
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:27.077
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:21.788
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:21.767
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:10.629
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:10.595
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:10.040
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-05 16:03:10.004
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.27.0 01/18/2019
Motherboard: Dell Inc. 0WH5C0
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 83%
Total physical RAM: 3962.15 MB
Available physical RAM: 657.77 MB
Total Virtual: 10874.15 MB
Available Virtual: 6799.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.64 GB) (Free:54.96 GB) NTFS

\\?\Volume{3d36e852-0d7c-4e57-b0bf-f96529817c40}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{fb26560b-a463-4523-b3e4-d588e3177790}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: CE1E5D40)

Partition: GPT.

==================== End of Addition.txt =======================


----------



## DR.M (Sep 4, 2019)

Hi, again, UnicornSparkle!

The computer seems to be clean now! Since there was a problem with the profile account, it wouldn't hurt to make a check about corrupted files in the system and the disk.

*1. Please do the following to run a FRST fix:*

*NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system*

Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

```
Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\TEMP
FirewallRules: [{CAA133E6-2825-497B-8BA9-1B3BEED1A4F6}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS710C\HPDiagnosticCoreUI.exe No File
FirewallRules: [{C6ABEAFA-048F-4151-96F1-A42BFE9339CC}] => (Allow) C:\Users\Dell\AppData\Local\Temp\7zS710C\HPDiagnosticCoreUI.exe No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: type C:\Windows\Logs\DISM\dism.log
CMD: SFC /scannow
CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log
EmptyTemp:
End::
```

*Please right-click on FRST64 on your Desktop,* to run it as administrator. When the tool opens, click *"yes"* to the disclaimer.
Press the *Fix* button once and wait.
FRST will process *fixlist.txt*
When finished, it will produce a log *fixlog.txt* on your Desktop.
*Please post the log in your next reply.*

*2. Check disk*

Click on the Start button and in the search box, type *Command Prompt.*
When you see Command Prompt on the list, *right-click* on it and select *Run as administrator.*
Enter the command below and press on *Enter* and wait for it to finish (~15 minutes).

```
chkdsk C: /r
```

You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Click "Schedule disk check" and then restart the computer, allowing disk check to run at startup.
The process will take some time, depending on the disk condition.
Download ListChkdskResult by SleepyDude and save it on your Desktop.
Double click on the created icon.
A notepad file will open.* Copy its content and paste it in your next reply.*


----------



## UnicornSparkle (Apr 11, 2020)

Hi! I have completed step 1 successfully but on step two mine doesn't have the option to schedule a disk check? Mine says this with a yes/no option? 
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)
Thanks!


----------



## DR.M (Sep 4, 2019)

The option is Yes. 
Go on.


----------



## UnicornSparkle (Apr 11, 2020)

Hi! I did the disk scan, but I am having trouble downloading the app by SleepDude? It comes up with the following error message. The first time it said that, I didn't have an account so I created one and verified my email address. Then I tried it again. It keeps on coming up with that error message. So I press sign in and it comes to my home page, signed into my account! Do you know why this is happening? Maybe I create another account instead?

This is the error message.










This is what happens when I press 'sign in'.










Thanks!


----------



## DR.M (Sep 4, 2019)

Hi!

Apologies! I didn't check the link first.

Try download it from here: ListChkdskResult by SleepyDude


----------



## UnicornSparkle (Apr 11, 2020)

Hi! Thanks, that link works! Here is fixlog.txt! Thank-you so much, I know it's a lot to read, sorry!


----------



## UnicornSparkle (Apr 11, 2020)

Here is the other one! Thank-you!
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 06/05/2020 11:15:12 >------
Category: 0
Computer Name: isisunicorn
Event Code: 1001
Record Number: 8368
Source Name: Microsoft-Windows-Wininit
Time Written: 05-06-2020 @ 07:10:57
Event Type: Information
User: 
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

Stage 1: Examining basic file system structure ...
728064 file records processed.

File verification completed.
24885 large file records processed.

0 bad file records processed.

Stage 2: Examining file name linkage ...
76953 reparse records processed.

918138 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered to lost and found.

76953 reparse records processed.

Stage 3: Examining security descriptors ...
Cleaning up 3174 unused index entries from index $SII of file 0x9.
Cleaning up 3174 unused index entries from index $SDH of file 0x9.
Cleaning up 3174 unused security descriptors.
Security descriptor verification completed.
95038 data files processed.

CHKDSK is verifying Usn Journal...
35848176 USN bytes processed.

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
728048 files processed.

File data verification completed.

Stage 5: Looking for bad, free clusters ...
13873976 free clusters processed.

Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

124403711 KB total disk space.
67696568 KB in 575069 files.
356448 KB in 95039 indexes.
0 KB in bad sectors.
854787 KB in use by the system.
65536 KB occupied by the log file.
55495908 KB available on disk.

4096 bytes in each allocation unit.
31100927 total allocation units on disk.
13873977 allocation units available on disk.

Internal Info:
00 1c 0b 00 a6 39 0a 00 fe 8b 12 00 00 00 00 00 .....9..........
3d 04 00 00 5c 28 01 00 00 00 00 00 00 00 00 00 =...\(..........

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------


----------



## DR.M (Sep 4, 2019)

Hi, UnicornSparkle!

The logs are good! No corrupted files, either on the system or on the disk!

We removed the problematic profile account, cleaned the computer from malware, and now you are ready to go!

You have cooperated great with me, and helping you was really a pleasure!

Well done!









Since you are not experiencing any other issue, we can remove the tools we used, and reset system restore points:

Download *KpRm* by kernel-panik and save it to your desktop.

Right-click *kprm_(version).exe* and select *Run as Administrator.*
Read and accept the disclaimer.
When the tool opens, ensure *all* boxes under *Actions* are checked.
Under *Delete Quarantines* select *Delete Now*, then click *Run*.
Once complete, click *OK.*
A log will open in Notepad titled *kprm-(date).txt*.
Please copy and paste its contents in your next reply.

*Here are some final tips about your computer's security from now on: *

Some of the following, are from Klein's (2005) article, _So how did I get infected in the first place_. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

*1. Keep your Windows updated!*
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer. I noticed that you are running with the version 1903. Although it is still supported, I would recommend to update as soon as possible, considering that this month there will be the next big update. When you decide to update:

Go *here,* and click on the Update now button.
Follow the instructions, choose to *keep your files and apps when you are asked, *and be patient. The process might take a few hours, depending also from your wi-fi connection speed.
*2. Update 3rd Party Software Programs*
Third Party software programs have long been targets for malware creators. It has been stated that _"Adobe's Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware._'' It's important to keep everything updated.

*3. Update the browsers you use*
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

*4. Be careful about what you download and what you open!*

Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software. I'm sure you won't forget The WebBar, the Premium Opinion and the SAntivirus! 
Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
Cracked or pirated programs are not only illegal, but also can make your computer a malware target.
Do not open any files without being certain of what they are!
*5. Avoid questionable web sites!*
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

*6. PC means personal computer!*
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

*7. Back-up your work!*
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

*8. Must-Have Software*
An anti-virus and an anti-spyware/anti-malware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled.

*If you have any questions or concerns please don't hesitate to ask!

Stay safe, you and your computer! *


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Hi, UnicornSparkle!
> 
> The logs are good! No corrupted files, either on the system or on the disk!
> 
> ...


Hi! I cannot thank you enough for your patience, kindness and positivity throughout my computers MANY issues!  Those are very good tips, thanks! One last question, shall I keep MalwareBytes as an antivirus and malware removal program for my computer? Here is the log. And thank-you so, so, so, so, so much!!! Without you, I would have had to buy another computer, which would of been expensive. Thank-you again!!!!   
# Run at 06/05/2020 18:09:45
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by Dell2 from C:\WINDOWS\system32
# Computer Name: ISISUNICORN
# OS: Windows 10 X64 (18362)
# Number of passes: 2

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\Dell2\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2020-05-06-18-09-44

- Delete Tools -

## FRST
[OK] C:\FRST deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Restore Point Created by FRST created at 04/20/2020 13:11:58 deleted
~ [OK] RP named Scheduled Checkpoint created at 04/29/2020 19:05:24 deleted
~ [OK] RP named Restore Point Created by FRST created at 05/04/2020 07:05:11 deleted
~ [OK] RP named Restore Point Created by FRST created at 05/05/2020 17:59:13 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ _ RP named KpRm created at 05/06/2020 17:13:52

-- KPRM finished in 268.93s --_


----------



## DR.M (Sep 4, 2019)

> Hi! I cannot thank you enough for your patience, kindness and positivity throughout my computers MANY issues! Those are very good tips, thanks! Here is the log. And thank-you so, so, so, so, so much!!! Without you, I would have had to buy another computer, which would of been expensive. Thank-you again!!!!


As I already said, your contribution was of great value!

Take care!


----------



## DR.M (Sep 4, 2019)

> One last question, shall I keep MalwareBytes as an antivirus and malware removal program for my computer?


Just saw your addition. Yes, you can keep Malwarebytes, having in mind that the free version does not have the option for real protection. You can run it, however, on demand, every now and then, probably once a week, depending on how often you use the computer.


----------



## UnicornSparkle (Apr 11, 2020)

DR.M said:


> Just saw your addition. Yes, you can keep Malwarebytes, having in mind that the free version does not have the option for real protection. You can run it, however, on demand, every now and then, probably once a week, depending on how often you use the computer.


Ok, thank-you!


----------

