alphashoppers virus

[TonyH99]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-02-2020
Ran by USer (administrator) on TONY (MSI MS-7750) (21-02-2020 12:07:45)
Running from C:\Users\USer\Desktop\Downloads
Loaded Profiles: USer (Available Profiles: USer & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Discord Inc. -> Discord Inc.) C:\Users\USer\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\USer\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\USer\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\USer\AppData\Local\Discord\app-0.0.305\Discord.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\USer\AppData\Local\FluxSoftware\Flux\flux.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hold'em Manager) [File not signed] C:\Program Files (x86)\Holdem Manager 2\HoldemManager.exe
(HUAWEI Technologies Co., Ltd. -> ) C:\ProgramData\MobileBrServ\mbbService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(JRD COMMUNICATION (SHENZHEN) LTD -> ) C:\Program Files (x86)\EE\4GEEWiFi\BackgroundService\ModemListener.exe
(JRD COMMUNICATION (SHENZHEN) LTD -> ) C:\Program Files (x86)\EE\4GEEWiFi\BackgroundService\ServiceManager.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\USer\Desktop\Downloads\AdwCleaner.exe
(Microsoft Corporation -> Microsoft Corporation ) C:\Windows\vVX6000.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-01-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation -> Microsoft Corporation )
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [ee EE70 ModemListener] => C:\Program Files (x86)\EE\4GEEWiFi\BackgroundService\ModemListener.exe [172840 2016-07-01] (JRD COMMUNICATION (SHENZHEN) LTD -> )
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Run: [f.lux] => C:\Users\USer\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Run: [Discord] => C:\Users\USer\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91511144 2020-01-24] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Policies\system: [DisableLockWorkstation] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.116\Installer\chrmstp.exe [2020-02-20] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17DB3F50-53A3-45D6-8FDB-46BEF91D04A7} - System32\Tasks\{1958EAC9-3547-4AD7-B604-4A7ECB709F84} => C:\Windows\system32\pcalua.exe -a D:\ChangZhi2\dnplayer2\dnuninst.exe
Task: {233E1664-E4E0-4EDD-90D1-227D326040F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-02-20] (Google Inc -> Google LLC)
Task: {256598CF-F3ED-47A2-94C7-A4165AD71CAE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_pepper.exe [1453624 2020-02-16] (Adobe Inc. -> Adobe)
Task: {2A8A10EF-66B0-42FE-8F53-54FFC96BC03D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-02-20] (Google Inc -> Google LLC)
Task: {3A6DCBC5-1142-4018-8274-ECD56A9374C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6854360 2016-08-05] (Piriform Ltd -> Piriform Ltd)
Task: {5BBEE05A-4005-4143-9002-544ED025459A} - System32\Tasks\{C28EBD02-47E0-43EC-8736-5F08B94445C5} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.4.0.102&LastError=404
Task: {749A8677-DEB2-4AD1-89CE-A9A8C766AA8B} - System32\Tasks\{34AD6DB9-DF7A-475B-ABCA-EB98CF980B8D} => C:\Windows\system32\pcalua.exe -a "C:\Users\USer\Desktop\Downloads\Poker Minion v2.45 BETA install.exe" -d C:\Users\USer\Desktop\Downloads
Task: {88FB8720-369B-471C-9CAB-F13C408CCFBB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {9B7C521C-0FEA-46F2-86AC-633ECFC90538} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-16] (Adobe Inc. -> Adobe)
Task: {B0D9BC2E-0DA4-4A47-BA2B-1A29123A1505} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {B2B79E96-D9AF-4215-8709-08E3E8A6139E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{773B16E2-C9B7-4802-828E-7DBFBEF85063}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A4D44412-0BC6-4741-9C91-B8D70932D8B9}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{B39974D8-2076-42C3-B74D-83B1C027D90C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.co.uk/

FireFox:
========
FF DefaultProfile: voxs6snn.default
FF ProfilePath: C:\Users\USer\AppData\Roaming\Mozilla\Firefox\Profiles\voxs6snn.default [2020-02-21]
FF Extension: (Avast Online Security) - C:\Users\USer\AppData\Roaming\Mozilla\Firefox\Profiles\voxs6snn.default\Extensions\wrc@avast.com.xpi [2020-02-20]
FF ProfilePath: C:\Users\USer\AppData\Roaming\Mozilla\Firefox\Profiles\9xhjqm0d.default-release [2020-02-21]
FF Homepage: Mozilla\Firefox\Profiles\9xhjqm0d.default-release -> yahoo.co.uk
FF Notifications: Mozilla\Firefox\Profiles\9xhjqm0d.default-release -> hxxps://malwaretips.com
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\USer\AppData\Roaming\Mozilla\Firefox\Profiles\9xhjqm0d.default-release\Extensions\sp@avast.com.xpi [2020-02-20]
FF Extension: (Avast Online Security) - C:\Users\USer\AppData\Roaming\Mozilla\Firefox\Profiles\9xhjqm0d.default-release\Extensions\wrc@avast.com.xpi [2020-02-20]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-02-04] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default [2020-02-21]
CHR Notifications: Default -> hxxps://malwaretips.com
CHR HomePage: Default -> hxxp://www.yahoo.co.uk/
CHR StartupUrls: Default -> "hxxp://uk.yahoo.com/"
CHR Extension: (Slides) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-08]
CHR Extension: (Adobe Acrobat) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-01-28]
CHR Extension: (fancyfarm) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\efkinikclnjpihaibpmeicpebnffdamo [2017-07-07]
CHR Extension: (Sheets) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-10]
CHR Extension: (Avast Online Security) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-05]
CHR HKU\S-1-5-21-668954617-4150590539-4158307888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203776 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc. -> Apple Inc.)
R2 ee EE70 Modem Device Helper; C:\Program Files (x86)\EE\4GEEWiFi\BackgroundService\ServiceManager.exe [78120 2016-06-17] (JRD COMMUNICATION (SHENZHEN) LTD -> )
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] (HUAWEI Technologies Co., Ltd. -> )
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9319936 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [306176 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104976 2016-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [136040 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] (Intel(R) Smart Connect software -> )
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [20992 2009-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [281760 2017-10-20] (上海畅指网络科技有限公司 -> Oracle Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [82432 2011-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181760 2011-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-20 21:47 - 2020-02-20 21:47 - 000026721 _____ C:\Users\USer\Documents\tcyuioj.txt
2020-02-20 12:04 - 2020-02-21 12:09 - 000000000 ____D C:\FRST
2020-02-20 11:54 - 2020-02-20 11:54 - 000000000 ____D C:\ProgramData\Emsisoft
2020-02-20 11:53 - 2020-02-20 12:47 - 000000000 ____D C:\EEK
2020-02-20 11:15 - 2020-02-20 11:20 - 000000000 ____D C:\ProgramData\HitmanPro
2020-02-20 11:04 - 2020-02-20 11:10 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-20 11:04 - 2020-02-20 11:10 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-20 11:04 - 2020-02-20 11:04 - 000002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-02-20 11:04 - 2020-02-20 11:04 - 000002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-02-20 11:04 - 2020-02-20 11:04 - 000002255 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-02-20 10:43 - 2020-02-20 11:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-02-17 01:16 - 2020-02-17 01:16 - 000001443 _____ C:\Users\USer\Desktop\jh46ju4e6u46u47u5.txt
2020-02-09 23:26 - 2020-02-10 00:09 - 000000000 ____D C:\Users\USer\Desktop\6max reships
2020-02-05 12:02 - 2020-02-20 13:00 - 000000000 ____D C:\Users\USer\AppData\LocalLow\Mozilla
2020-02-05 12:02 - 2020-02-20 12:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-02-05 12:02 - 2020-02-05 13:56 - 000000968 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-02-05 12:02 - 2020-02-05 13:56 - 000000968 _____ C:\ProgramData\Desktop\Firefox.lnk
2020-02-05 12:02 - 2020-02-05 12:02 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-02-05 12:02 - 2020-02-05 12:02 - 000000000 ____D C:\Users\USer\AppData\Roaming\Mozilla
2020-02-05 12:02 - 2020-02-05 12:02 - 000000000 ____D C:\Users\USer\AppData\Local\Mozilla
2020-02-05 12:02 - 2020-02-05 12:02 - 000000000 ____D C:\ProgramData\Mozilla
2020-02-05 11:53 - 2020-02-05 11:53 - 000000000 ____D C:\AdwCleaner

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-21 11:56 - 2009-07-14 04:45 - 000032352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-02-21 11:56 - 2009-07-14 04:45 - 000032352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-02-21 11:42 - 2016-04-21 12:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-02-21 11:36 - 2016-04-08 14:55 - 000000000 ____D C:\Users\USer\AppData\Roaming\HoldemManager
2020-02-21 11:05 - 2009-07-14 05:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2020-02-21 11:05 - 2009-07-14 03:20 - 000000000 ____D C:\Windows\inf
2020-02-21 11:01 - 2017-03-20 11:48 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-02-21 11:00 - 2016-12-31 18:13 - 000000000 ____D C:\Users\USer\AppData\Roaming\discord
2020-02-21 11:00 - 2016-04-08 14:02 - 000000000 ____D C:\ProgramData\AVAST Software
2020-02-21 11:00 - 2009-07-14 05:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-21 10:54 - 2016-04-08 14:04 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2020-02-21 00:00 - 2016-04-08 14:41 - 000000000 ____D C:\Users\USer\AppData\Local\PokerStars.UK
2020-02-20 11:40 - 2016-04-08 14:55 - 000000000 ____D C:\Users\postgres
2020-02-20 11:04 - 2016-04-08 14:06 - 000000000 ____D C:\Program Files (x86)\Google
2020-02-16 19:14 - 2016-05-17 12:36 - 000000000 ____D C:\Users\USer\AppData\Local\ElevatedDiagnostics
2020-02-16 10:40 - 2017-07-22 10:05 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-02-16 10:40 - 2016-04-05 14:30 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-02-16 10:40 - 2016-04-05 14:30 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-02-16 10:40 - 2016-04-05 14:30 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-02-16 10:40 - 2016-04-05 14:30 - 000000000 ____D C:\Windows\system32\Macromed
2020-02-16 10:40 - 2016-04-05 14:30 - 000000000 ____D C:\Users\USer\AppData\Local\Adobe
2020-02-14 11:54 - 2016-04-05 14:32 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-02-13 01:20 - 2016-04-05 11:11 - 000000000 ____D C:\Windows\system32\MRT
2020-02-13 01:18 - 2016-04-05 11:11 - 120407888 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-02-10 01:47 - 2016-04-08 17:54 - 000000000 ____D C:\Users\USer\AppData\Local\Equilab
2020-02-10 00:15 - 2019-01-07 17:03 - 000000000 ____D C:\Users\USer\AppData\Roaming\ICMIZER
2020-02-09 23:42 - 2016-04-13 12:14 - 000000000 ____D C:\Users\USer\Desktop\Marked Hnads for Coaching
2020-02-09 23:35 - 2019-07-18 22:11 - 000000000 ____D C:\Users\USer\Desktop\6max bubble
2020-02-05 11:33 - 2019-05-30 07:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-01-23 13:11 - 2017-12-20 19:43 - 000000000 ____D C:\Users\USer\AppData\Local\PokerClient
2020-01-22 00:41 - 2019-01-07 17:03 - 000002200 _____ C:\Users\USer\Desktop\ICMIZER.lnk

==================== Files in the root of some directories ========

2017-10-20 13:31 - 2017-10-20 13:31 - 000000068 _____ () C:\Users\USer\AppData\Roaming\changzhi_leidian.data
2017-10-20 13:37 - 2017-10-20 13:37 - 000000068 _____ () C:\Users\USer\AppData\Roaming\changzhi_mplayer.data
2016-04-08 16:41 - 2016-06-13 13:02 - 000008704 ___SH () C:\Users\USer\AppData\Roaming\Thumbs.db
2016-04-08 16:21 - 2016-04-08 16:21 - 000033193 _____ () C:\Users\USer\AppData\Roaming\UserTile.png
2016-04-08 16:26 - 2016-04-08 16:26 - 000000017 _____ () C:\Users\USer\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-02-17 11:47
==================== End of FRST.txt ========================

 

[TonyH99]

Have the same issue again now with the addition log. 50kb and wont attach or copy/paste. Also as a sidenote since I ran the farbar recovery scan tool I can no longer connect to postgreSQL. Any ideas why?

 

[icotonev]

Please archive the folder:

C:\FRST\Quarantine

... please upload it to an external server and post a link to download it

 

[TonyH99]

Sorry but can you explain both of those steps to me pls cus Im a noob

 

[icotonev]

Ok .. let's do it another way .. I want to see the contents of the Quarantine folder ..!

Farbar Recovery Scan Tool - Fix

Please download the attached file * fixlist.txt * to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:

• Fixlog.txt

 

[TonyH99]

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by USer (21-02-2020 13:21:23) Run:2
Running from C:\Users\USer\Desktop\Downloads
Loaded Profiles: USer (Available Profiles: USer & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Folder: C:\FRST\Quarantine

*****************


========================= Folder: C:\FRST\Quarantine ========================

2020-02-21 10:44 - 2020-02-21 10:44 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C
2020-02-21 10:44 - 2020-02-21 10:44 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows
2020-02-21 10:44 - 2020-02-21 10:44 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\System32
2020-02-21 10:44 - 2020-02-21 10:44 - 000000000 ____D [00000000000000000000000000000000] () C:\FRST\Quarantine\C\Windows\System32\Tasks
2018-01-20 21:51 - 2018-01-20 21:51 - 000003220 ____A [0C3D7EFAEA0CD1DE7ADED8D3F787CCA0] () C:\FRST\Quarantine\C\Windows\System32\Tasks\{223776EA-FC0D-4A94-9331-6FDCBE306EC1}.xBAD
2019-01-18 09:28 - 2019-01-18 09:28 - 000003220 ____A [4933D42BBDEB953B25AA77B01E30E95E] () C:\FRST\Quarantine\C\Windows\System32\Tasks\{83C22FE1-32F8-40C2-B9EA-88E3BE2A3112}.xBAD

====== End of Folder: ======


==== End of Fixlog 13:21:23 ====

 

[icotonev]

Farbar Recovery Scan Tool - Fix

Please download the attached file * fixlist.txt * to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:

• Fixlog.txt

 

[TonyH99]

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by USer (21-02-2020 13:32:49) Run:3
Running from C:\Users\USer\Desktop\Downloads
Loaded Profiles: USer (Available Profiles: USer & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
RestoreQuarantine:

*****************

RestoreQuarantine:=> Restoring from Quarantine completed.

==== End of Fixlog 13:32:49 ====

 

[icotonev]

Also as a sidenote since I ran the farbar recovery scan tool I can no longer connect to postgreSQL. Any ideas why?

Please check everything works at this stage ..!

 

[TonyH99]

postgreSQL still wont connect to server. Could be a coincidence I suppose but timing of it makes me think the fix likely changed something? Is that the malware taken care of at this point?

 

[icotonev]

restart your computer and check ...

 

[TonyH99]

Will see how it goes, it didnt happen 100% of the time. When it started it happened even if i closed chrome and searched again but there were times where it worked normally. Thanks for your help.

 

[icotonev]

I understand ..! And connect to postgreSQL ..?

Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool - 64 bit and save it to your desktop.

• Right-click FRST64.exe then click "Run as administrator"
• When the tool opens, click Yes to the disclaimer.
• Press the Scan button.
• When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
• Please copy and paste the logs in your next reply.

 

[TonyH99]

Didnt stop it from happening but instead of alphashoppers its gone back to searchnewworld

 

[TonyH99]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by USer (21-02-2020 15:06:26)
Running from C:\Users\USer\Desktop\Downloads
Windows 10 Home Version 1909 18363.657 (X64) (2020-02-21 14:31:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-668954617-4150590539-4158307888-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-668954617-4150590539-4158307888-503 - Limited - Disabled)
Guest (S-1-5-21-668954617-4150590539-4158307888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-668954617-4150590539-4158307888-1002 - Limited - Enabled)
postgres (S-1-5-21-668954617-4150590539-4158307888-1004 - Limited - Enabled) => C:\Users\postgres
USer (S-1-5-21-668954617-4150590539-4158307888-1000 - Administrator - Enabled) => C:\Users\USer
WDAGUtilityAccount (S-1-5-21-668954617-4150590539-4158307888-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4GEE WiFi Portal (HKLM-x32\...\ee EE70 4GEE WiFi Portal_is1) (Version: - EE)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 30.0.0.107 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.330 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AutoHotkey 1.1.23.05 (HKLM\...\AutoHotkey) (Version: 1.1.23.05 - Lexikos)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Combonator version 1.75 (HKLM-x32\...\{1E8A5FB7-0573-4083-823B-B4E31962F0BC}_is1) (Version: 1.75 - Fuse Media LLC)
Discord (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
f.lux (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
ICMIZER (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\98ae6a83-32ab-5b3d-925e-62223f2568a9) (Version: 3.3.0 - Valentin Kuzub)
ICMIZER 2 (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\1875530414.www.icmpoker.com) (Version: - www.icmpoker.com)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
join.me (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\JoinMe) (Version: 3.3.1.5358 - LogMeIn, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 73.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 73.0.1 (x64 en-GB)) (Version: 73.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version: - PokerStars.uk)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.94.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
SessionLord (HKLM-x32\...\{4ceecc68-b7e1-4161-8a66-e14102ae4a39}) (Version: 1.0.6 - SessionLord Ltd.) Hidden
Simple GTO Trainer version 0.31 beta (HKLM-x32\...\{D8B6E9A1-AA50-4006-91D5-E9C9A02B28F9}_is1) (Version: 0.31 beta - Simple Poker, LP)
Simple3Way version 1.00 (HKLM-x32\...\{6D8C1DB1-A7B8-43E7-906B-D71520CF8209}_is1) (Version: 1.00 - )
Skype version 8.56 (HKLM-x32\...\Skype_is1) (Version: 8.56 - Skype Technologies S.A.)
StarsHelper (HKLM-x32\...\StarsHelper) (Version: - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.1.9025 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinDirStat 1.1.2 (HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\WinDirStat) (Version: - )

Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2020-02-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-02-21] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_x86__8wekyb3d8bbwe [2020-02-21] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2020-02-21] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\USer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICMIZER 2.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 1875530414.www.icmpoker.com

==================== Loaded Modules (Whitelisted) =============

2019-05-30 07:50 - 2020-01-24 17:22 - 001899520 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2019-05-30 07:50 - 2020-01-24 17:22 - 000115712 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2019-05-30 07:50 - 2020-01-24 17:22 - 006668800 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2016-04-04 16:00 - 2012-04-17 09:36 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2018-07-02 08:07 - 2011-01-15 15:45 - 000319488 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2016-04-26 15:47 - 2012-06-14 16:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2016-04-04 16:00 - 2012-04-17 09:30 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2009-07-14 01:19 - 2010-11-21 03:24 - 000221184 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\mxdwdui.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Steam => "D:\Program Files (x86)\Steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AA49637A-FFC9-422A-B2F2-7A3C7BD8535D}] => (Allow) LPort=5432
FirewallRules: [{39BF654D-88D3-4FEE-A826-C7DE790A63E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A2348019-416A-4861-A3EA-A13AF204747F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{85564EC4-C682-4BC9-9F85-65FEE3E3C71A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0F54C44F-59A1-41E7-B94F-8DAB1A6DE3FE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{131779B0-5784-4E6D-8404-E4CF649FC36C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{42662DFD-FD27-482B-87C6-FCA143C18EC9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{03EE3D11-0027-4A0F-9E40-7D7066B0939B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{36648DFF-D96C-4FC9-A0AC-AA88C2AFBED6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DF1BED7E-1620-4FB8-930C-68B90541E07B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FDC84345-D2CE-4855-AC9A-1F98256B92E8}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{A41997B6-F2E9-4D9F-873A-82FD2F2AAC05}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [UDP Query User{522A718C-4F5B-423C-8628-D66131BF4AD2}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (上海畅指网络科技有限公司 -> Oracle Corporation)
FirewallRules: [TCP Query User{98F5D212-131C-4D04-A272-DD4EBDD3B74C}C:\program files\dnplayerext2\ldboxheadless.exe] => (Allow) C:\program files\dnplayerext2\ldboxheadless.exe (上海畅指网络科技有限公司 -> Oracle Corporation)
FirewallRules: [{3CAE306C-E7BD-4B9D-9D55-E7C563027196}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{071F5919-23AE-41DA-88AB-BF78353164B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DD4A26D5-E2EA-4FEC-8950-0B7DFEA515E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{129BB04E-A5C8-4A59-8235-F0D95F865335}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{621F23CC-4765-4AC9-A2BD-74D854CCCB55}] => (Allow) LPort=5432

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:111.14 GB) (Free:26.07 GB) (23%)
21-02-2020 14:34:12 Windows Backup

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/21/2020 02:46:54 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1017) (User: NT AUTHORITY)
Description: Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (02/21/2020 02:46:54 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1021) (User: NT AUTHORITY)
Description: Windows cannot open the 32-bit extensible counter DLL "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll" in a 64-bit environment (Win32 error code 193). Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.

Error: (02/21/2020 02:39:46 PM) (Source: ESENT) (EventID: 455) (User: )
Description: StartMenuExperienceHost (6324,R,98) TILEREPOSITORYS-1-5-21-668954617-4150590539-4158307888-1000: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\USer\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/21/2020 02:39:46 PM) (Source: ESENT) (EventID: 522) (User: )
Description: StartMenuExperienceHost (6324,P,98) TILEREPOSITORYS-1-5-21-668954617-4150590539-4158307888-1000: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (02/21/2020 02:31:04 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

Error: (02/21/2020 02:28:37 PM) (Source: NtServicePack) (EventID: 4373) (User: )
Description: Event-ID 4373

Error: (02/21/2020 02:25:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure
.

Error: (02/21/2020 02:25:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure
.


System errors:
=============
Error: (02/21/2020 02:30:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%2147952449 = The requested address is not valid in its context.

Error: (02/21/2020 02:30:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\athExt.dll
Error Code: 126

Error: (02/21/2020 02:28:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\athExt.dll
Error Code: 126

Error: (02/21/2020 02:27:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Mobile Broadband HL Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/21/2020 02:27:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The ee EE70 Modem Device Helper service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/21/2020 02:27:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (02/21/2020 02:26:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\athExt.dll
Error Code: 126

Error: (02/21/2020 02:25:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The iphlpsvc service terminated with the following error:
The device is not ready.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V5.2 01/09/2013
Motherboard: MSI Z68A-G43 (G3) (MS-7750)
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 60%
Total physical RAM: 8143.68 MB
Available physical RAM: 3247.71 MB
Total Virtual: 16335.68 MB
Available Virtual: 11374.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.14 GB) (Free:26.31 GB) NTFS
Drive d: () (Fixed) (Total:596.17 GB) (Free:170.23 GB) NTFS

\\?\Volume{ae1fd33a-fa79-11e5-9279-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS
\\?\Volume{be0fd4f9-0000-0000-0000-20cf1b000000}\ () (Fixed) (Total:0.55 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: BE0FD4F9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=566 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: B01F70BC)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

[TonyH99]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-02-2020
Ran by USer (administrator) on TONY (MSI MS-7750) (21-02-2020 15:02:13)
Running from C:\Users\USer\Desktop\Downloads
Loaded Profiles: USer (Available Profiles: USer & postgres)
Platform: Windows 10 Home Version 1909 18363.657 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Discord Inc. -> Discord Inc.) C:\Users\USer\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\USer\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\USer\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\USer\AppData\Local\Discord\app-0.0.305\Discord.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\USer\AppData\Local\FluxSoftware\Flux\flux.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hold'em Manager) [File not signed] C:\Program Files (x86)\Holdem Manager 2\HoldemManager.exe
(HUAWEI Technologies Co., Ltd. -> ) C:\ProgramData\MobileBrServ\mbbService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(JRD COMMUNICATION (SHENZHEN) LTD -> ) C:\Program Files (x86)\EE\4GEEWiFi\BackgroundService\ModemListener.exe
(JRD COMMUNICATION (SHENZHEN) LTD -> ) C:\Program Files (x86)\EE\4GEEWiFi\BackgroundService\ServiceManager.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\USer\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.19418.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Renesas Electronics Corporation -> Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-01-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation -> Renesas Electronics Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [ee EE70 ModemListener] => C:\Program Files (x86)\EE\4GEEWiFi\BackgroundService\ModemListener.exe [172840 2016-07-01] (JRD COMMUNICATION (SHENZHEN) LTD -> )
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Run: [f.lux] => C:\Users\USer\AppData\Local\FluxSoftware\Flux\flux.exe [1385480 2019-08-30] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Run: [Discord] => C:\Users\USer\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91511144 2020-01-24] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\USer\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\USer\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\RunOnce: [Uninstall 19.002.0107.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\USer\AppData\Local\Microsoft\OneDrive\19.002.0107.0005\amd64"
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\RunOnce: [Uninstall 19.002.0107.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\USer\AppData\Local\Microsoft\OneDrive\19.002.0107.0005"
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\...\Policies\system: [DisableLockWorkstation] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.116\Installer\chrmstp.exe [2020-02-20] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0159A9BB-D091-4B7D-B1A4-29F003E3A311} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {10351C86-8A3C-4ED4-B856-D36071D11A01} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {17DB3F50-53A3-45D6-8FDB-46BEF91D04A7} - System32\Tasks\{1958EAC9-3547-4AD7-B604-4A7ECB709F84} => C:\Windows\system32\pcalua.exe -a D:\ChangZhi2\dnplayer2\dnuninst.exe
Task: {1EF38241-7CD9-4AC7-A524-9C1AD87E7350} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {233E1664-E4E0-4EDD-90D1-227D326040F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-02-20] (Google Inc -> Google LLC)
Task: {256598CF-F3ED-47A2-94C7-A4165AD71CAE} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_pepper.exe [1453624 2020-02-16] (Adobe Inc. -> Adobe)
Task: {2A8A10EF-66B0-42FE-8F53-54FFC96BC03D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-02-20] (Google Inc -> Google LLC)
Task: {2BFB41DA-83B1-4A0E-A9DC-288A9A2AD6F0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2C3CC18A-D87C-4312-9C56-593C75C6B7DB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2D28E1B3-C096-4C41-BAFA-2F37FFAFA167} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2FF49C88-72F5-4F89-B155-8C3A9A4A5AC5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3A6DCBC5-1142-4018-8274-ECD56A9374C6} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {3E981388-05EB-4F91-9C10-CA77C53EBA19} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4E3B359F-93D6-4B44-AA60-756A9B57F598} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4F7A8B06-234D-498E-B8ED-8A2EE185FFA6} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BBEE05A-4005-4143-9002-544ED025459A} - System32\Tasks\{C28EBD02-47E0-43EC-8736-5F08B94445C5} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.4.0.102&LastError=404
Task: {60867748-BC45-40D3-82CA-4257C09A691A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6E45F48C-9687-4113-8B12-8B933C8CDD98} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {70DD1C54-AFC4-4BEE-9B89-EAF665313E03} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {749A8677-DEB2-4AD1-89CE-A9A8C766AA8B} - System32\Tasks\{34AD6DB9-DF7A-475B-ABCA-EB98CF980B8D} => C:\Windows\system32\pcalua.exe -a "C:\Users\USer\Desktop\Downloads\Poker Minion v2.45 BETA install.exe" -d C:\Users\USer\Desktop\Downloads
Task: {77332987-5222-4C63-A162-629931473657} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7BD3B535-1F9B-49E4-85E0-304DD197662C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {846E68D7-77EA-4801-B5CF-F604542C80D2} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {87224D46-579A-4117-ABE2-4E47BA34D2F7} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {884E19F0-E15C-43B4-B054-5952DEEC4B51} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {88FB8720-369B-471C-9CAB-F13C408CCFBB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {8CEBFC52-D87A-4E56-BC95-BB991A8A0037} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8E431611-B961-4186-B4D0-6B676E91EA1A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {99CCEBD4-D457-445A-8DAE-87B576B76D75} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {9B7C521C-0FEA-46F2-86AC-633ECFC90538} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-16] (Adobe Inc. -> Adobe)
Task: {A4E87867-9B3C-4A3A-86A1-02780BAFCD63} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {A5768173-1EA9-4E2E-9FF3-478881ED85BE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B01FBD1D-821C-4214-98DF-6CD1C02EC1B1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B0D9BC2E-0DA4-4A47-BA2B-1A29123A1505} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {B2B79E96-D9AF-4215-8709-08E3E8A6139E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {B92B262C-7162-486F-B876-9B1E63312F1F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C5B2773F-9359-4B69-B671-0867E85576A2} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {CFB5FF4E-FA31-4CF3-9863-ECA6621B1BDB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DC04F439-5F01-442E-9301-BFA13DA20509} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EDA0B5B1-4DAD-4A46-9E53-800666104925} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F713D67A-D09D-40EB-825C-BA803CA6F0FF} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {FEF5EDF0-A306-4B6A-8E1E-681670896493} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{773B16E2-C9B7-4802-828E-7DBFBEF85063}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A4D44412-0BC6-4741-9C91-B8D70932D8B9}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{B39974D8-2076-42C3-B74D-83B1C027D90C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-668954617-4150590539-4158307888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.co.uk/

FireFox:
========
FF DefaultProfile: voxs6snn.default
FF ProfilePath: C:\Users\USer\AppData\Roaming\Mozilla\Firefox\Profiles\voxs6snn.default [2020-02-21]
FF Extension: (Avast Online Security) - C:\Users\USer\AppData\Roaming\Mozilla\Firefox\Profiles\voxs6snn.default\Extensions\wrc@avast.com.xpi [2020-02-20]
FF ProfilePath: C:\Users\USer\AppData\Roaming\Mozilla\Firefox\Profiles\9xhjqm0d.default-release [2020-02-21]
FF Homepage: Mozilla\Firefox\Profiles\9xhjqm0d.default-release -> yahoo.co.uk
FF Notifications: Mozilla\Firefox\Profiles\9xhjqm0d.default-release -> hxxps://malwaretips.com
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\USer\AppData\Roaming\Mozilla\Firefox\Profiles\9xhjqm0d.default-release\Extensions\sp@avast.com.xpi [2020-02-20]
FF Extension: (Avast Online Security) - C:\Users\USer\AppData\Roaming\Mozilla\Firefox\Profiles\9xhjqm0d.default-release\Extensions\wrc@avast.com.xpi [2020-02-20]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-02-04] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default [2020-02-21]
CHR Notifications: Default -> hxxps://malwaretips.com
CHR HomePage: Default -> hxxp://www.yahoo.co.uk/
CHR StartupUrls: Default -> "hxxp://uk.yahoo.com/"
CHR Extension: (Slides) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-08]
CHR Extension: (Adobe Acrobat) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-01-28]
CHR Extension: (fancyfarm) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\efkinikclnjpihaibpmeicpebnffdamo [2017-07-07]
CHR Extension: (Sheets) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-10]
CHR Extension: (Avast Online Security) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-02-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\USer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-05]
CHR HKU\S-1-5-21-668954617-4150590539-4158307888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [255472 2015-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc. -> Apple Inc.)
R2 ee EE70 Modem Device Helper; C:\Program Files (x86)\EE\4GEEWiFi\BackgroundService\ServiceManager.exe [78120 2016-06-17] (JRD COMMUNICATION (SHENZHEN) LTD -> )
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] (HUAWEI Technologies Co., Ltd. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11665136 2019-01-16] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21648880 2015-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [674288 2015-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 athur; C:\WINDOWS\System32\drivers\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2016-07-26] (Intel(R) Smart Connect software -> )
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [281760 2017-10-20] (上海畅指网络科技有限公司 -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-21 22:24 - 2020-02-21 14:31 - 000000000 ____D C:\Windows.old
2020-02-21 22:16 - 2020-02-21 22:16 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2020-02-21 22:16 - 2020-02-21 22:16 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2020-02-21 22:15 - 2020-02-21 22:15 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2020-02-21 22:14 - 2020-02-21 22:14 - 000000000 ____D C:\ProgramData\ssh
2020-02-21 22:12 - 2020-02-21 22:12 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 022635008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 019813376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 018026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 017787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 009929016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 007905208 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 007259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 006519752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 006284800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 006231200 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 006167552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 005912064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 005502464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 005041664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 004856832 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 004615376 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 004575232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 004562896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 004470784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 004348616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 004308480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 004005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 003967888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 003820032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 003792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 003728896 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 003590968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 003550208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 003484672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 003372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 003243080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 003110400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002988552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 002870272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002861568 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 002773776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002766088 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-02-21 22:12 - 2020-02-21 22:12 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-02-21 22:12 - 2020-02-21 22:12 - 002714624 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 002703872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002493720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002314952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002260176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002230232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002225160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002125904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002084576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002071552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 002032128 _____ C:\WINDOWS\system32\rdpnano.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001942016 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001916744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001858560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001835128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-02-21 22:12 - 2020-02-21 22:12 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001693184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001687040 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001664696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001664680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001562424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001541632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001512320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 001505592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001489064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001482040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 001481216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 001417760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001413912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001412096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001398584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001372160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-02-21 22:12 - 2020-02-21 22:12 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 001284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001283592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-02-21 22:12 - 2020-02-21 22:12 - 001273856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001272360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpsharercom.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001218120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001213752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001195008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001182232 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 001170960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001154448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001149928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 001105776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001077264 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001051448 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001026792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000928120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000904504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000892488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000891736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000875448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000857088 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-02-21 22:12 - 2020-02-21 22:12 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000824848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000804872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000784384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000782848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000774664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000768488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000758800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000732200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000679368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000678928 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000673080 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000661816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000642008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000637968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000637440 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000597816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000589592 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000587064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000568120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000542288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000537608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000518456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000516648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000510768 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2020-02-21 22:12 - 2020-02-21 22:12 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000486400 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-02-21 22:12 - 2020-02-21 22:12 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000467952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000459896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000453432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000441072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000437776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000422008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2020-02-21 22:12 - 2020-02-21 22:12 - 000416056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000405632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000375504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000369504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000366416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000335448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000324616 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpviewerax.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000311096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000300392 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000296760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000274464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpviewerax.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFMCP.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000259984 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapisrv.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\srrstr.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2020-02-21 22:12 - 2020-02-21 22:12 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Winlangdb.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000220984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\regapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\recdisc.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000194064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000190256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-02-21 22:12 - 2020-02-21 22:12 - 000186880 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000186672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47mrm.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000179720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000165832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Winlangdb.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWSD.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000150536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000143160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000133464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47mrm.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000132624 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\globinputhost.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000128528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWSD.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationControlCSP.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000117264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000107832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingExperienceMEM.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000106808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfrgui.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\globinputhost.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dfrgui.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSystray.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000084496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000063288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguageProfileCallback.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000059221 _____ C:\WINDOWS\system32\srms.dat
2020-02-21 22:12 - 2020-02-21 22:12 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrTasks.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcicda.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000047208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Websocket.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000042512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcicda.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000037392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Websocket.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciwave.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2020-02-21 22:12 - 2020-02-21 22:12 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciseq.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciwave.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciseq.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000020944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000019768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-02-21 22:12 - 2020-02-21 22:12 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-02-21 22:12 - 2020-02-21 22:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-02-21 22:09 - 2020-02-21 22:09 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2020-02-21 22:09 - 2020-02-21 22:09 - 000000000 ____D C:\WINDOWS\system32\msmq
2020-02-21 22:09 - 2020-02-21 22:09 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2020-02-21 22:09 - 2020-02-21 22:09 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-02-21 22:09 - 2020-02-21 22:09 - 000000000 ____D C:\Program Files\MSBuild
2020-02-21 22:09 - 2020-02-21 22:09 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2020-02-21 22:09 - 2020-02-21 22:09 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-02-21 22:09 - 2020-02-21 22:09 - 000000000 ____D C:\inetpub
2020-02-21 22:08 - 2019-03-19 03:21 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2020-02-21 22:08 - 2019-03-19 03:16 - 000903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2020-02-21 22:08 - 2019-03-19 02:15 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2020-02-21 22:08 - 2019-03-19 02:09 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2020-02-21 22:08 - 2019-03-02 01:33 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2020-02-21 22:08 - 2019-03-02 01:31 - 001166488 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2020-02-21 22:08 - 2019-03-02 01:31 - 000124568 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2020-02-21 22:08 - 2019-03-02 01:31 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2020-02-21 22:08 - 2019-02-06 02:41 - 000778912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2020-02-21 22:08 - 2019-02-06 02:41 - 000103072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2020-02-21 22:08 - 2019-02-06 02:41 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2020-02-21 22:08 - 2018-08-09 22:53 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2020-02-21 22:06 - 2020-02-21 22:06 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-02-21 22:06 - 2020-02-21 22:06 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-02-21 14:56 - 2020-02-21 14:56 - 000000000 ____D C:\Users\USer\AppData\Local\Comms
2020-02-21 14:56 - 2020-02-21 14:56 - 000000000 ____D C:\ProgramData\Packages
2020-02-21 14:45 - 2020-02-21 14:45 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-668954617-4150590539-4158307888-1000
2020-02-21 14:45 - 2020-02-21 14:45 - 000000000 ___RD C:\Users\USer\OneDrive
2020-02-21 14:45 - 2020-02-21 14:45 - 000000000 ____D C:\Users\USer\AppData\Local\PlaceholderTileLogoFolder
2020-02-21 14:43 - 2020-02-21 14:43 - 000001450 _____ C:\Users\USer\Desktop\Microsoft Edge.lnk
2020-02-21 14:43 - 2020-02-21 14:43 - 000000000 ____D C:\Users\USer\AppData\Roaming\ATI
2020-02-21 14:43 - 2020-02-21 14:43 - 000000000 ____D C:\Users\USer\AppData\Local\ATI
2020-02-21 14:43 - 2020-02-21 14:43 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-02-21 14:43 - 2020-02-21 14:43 - 000000000 ____D C:\ProgramData\ATI
2020-02-21 14:39 - 2020-02-21 14:56 - 000000000 ____D C:\Users\USer\AppData\Local\Packages
2020-02-21 14:39 - 2020-02-21 14:39 - 000000020 ___SH C:\Users\USer\ntuser.ini
2020-02-21 14:39 - 2020-02-21 14:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-02-21 14:39 - 2020-02-21 14:39 - 000000000 ___RD C:\Users\USer\3D Objects
2020-02-21 14:39 - 2020-02-21 14:39 - 000000000 ___HD C:\Users\USer\MicrosoftEdgeBackups
2020-02-21 14:39 - 2020-02-21 14:39 - 000000000 ____D C:\Users\USer\AppData\Local\Publishers
2020-02-21 14:39 - 2020-02-21 14:39 - 000000000 ____D C:\Users\USer\AppData\Local\MicrosoftEdge
2020-02-21 14:39 - 2020-02-21 14:39 - 000000000 ____D C:\Users\USer\AppData\Local\ConnectedDevicesPlatform
2020-02-21 14:30 - 2020-02-21 14:31 - 000003346 _____ C:\WINDOWS\system32\Tasks\{34AD6DB9-DF7A-475B-ABCA-EB98CF980B8D}
2020-02-21 14:30 - 2020-02-21 14:31 - 000003270 _____ C:\WINDOWS\system32\Tasks\{C28EBD02-47E0-43EC-8736-5F08B94445C5}
2020-02-21 14:30 - 2020-02-21 14:30 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2020-02-21 14:30 - 2020-02-21 14:30 - 000011433 _____ C:\WINDOWS\diagerr.xml
2020-02-21 14:30 - 2020-02-21 14:30 - 000004588 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-02-21 14:30 - 2020-02-21 14:30 - 000004576 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-02-21 14:30 - 2020-02-21 14:30 - 000003446 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-21 14:30 - 2020-02-21 14:30 - 000003318 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-21 14:30 - 2020-02-21 14:30 - 000003208 _____ C:\WINDOWS\system32\Tasks\{1958EAC9-3547-4AD7-B604-4A7ECB709F84}
2020-02-21 14:30 - 2020-02-21 14:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-02-21 14:30 - 2020-02-21 14:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2020-02-21 14:30 - 2020-02-21 14:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-02-21 14:30 - 2020-02-21 14:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2020-02-21 14:30 - 2020-02-21 14:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-02-21 14:30 - 2019-01-18 09:28 - 000003220 _____ C:\WINDOWS\system32\Tasks\{83C22FE1-32F8-40C2-B9EA-88E3BE2A3112}
2020-02-21 14:30 - 2018-01-20 21:51 - 000003220 _____ C:\WINDOWS\system32\Tasks\{223776EA-FC0D-4A94-9331-6FDCBE306EC1}
2020-02-21 14:30 - 2016-05-18 22:17 - 000003878 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-02-21 14:27 - 2020-02-21 14:45 - 000002394 _____ C:\Users\USer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-02-21 14:27 - 2020-02-21 14:35 - 000935984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-02-21 14:27 - 2020-02-21 14:28 - 000000000 ____D C:\Users\postgres
2020-02-21 14:27 - 2020-01-09 21:23 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-02-21 14:27 - 2019-03-19 04:46 - 000001105 _____ C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-02-21 14:26 - 2020-02-21 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2020-02-21 14:26 - 2020-02-21 14:26 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2020-02-21 14:26 - 2020-02-21 14:26 - 000000000 ____D C:\Program Files\ATI Technologies
2020-02-21 14:26 - 2020-02-21 14:26 - 000000000 ____D C:\Program Files\AMD
2020-02-21 14:26 - 2020-02-21 14:26 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2020-02-21 14:24 - 2020-02-21 14:28 - 000294528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-02-21 14:24 - 2020-02-21 14:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-02-21 13:46 - 2020-02-21 14:39 - 000000000 ___DC C:\WINDOWS\Panther
2020-02-21 13:35 - 2020-02-21 13:46 - 000000000 ____D C:\ESD
2020-02-21 13:33 - 2020-02-21 13:33 - 000000000 ___HD C:\$Windows.~WS
2020-02-21 12:29 - 2020-02-21 12:29 - 000000000 ____D C:\Users\USer\AppData\Roaming\postgresql
2020-02-20 21:47 - 2020-02-20 21:47 - 000026721 _____ C:\Users\USer\Documents\tcyuioj.txt
2020-02-20 12:04 - 2020-02-21 15:04 - 000000000 ____D C:\FRST
2020-02-20 11:54 - 2020-02-20 11:54 - 000000000 ____D C:\ProgramData\Emsisoft
2020-02-20 11:53 - 2020-02-20 12:47 - 000000000 ____D C:\EEK
2020-02-20 11:15 - 2020-02-20 11:20 - 000000000 ____D C:\ProgramData\HitmanPro
2020-02-20 11:04 - 2020-02-21 14:30 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-02-20 11:04 - 2020-02-21 14:30 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-02-20 10:43 - 2020-02-20 11:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-02-17 01:16 - 2020-02-17 01:16 - 000001443 _____ C:\Users\USer\Desktop\jh46ju4e6u46u47u5.txt
2020-02-09 23:26 - 2020-02-10 00:09 - 000000000 ____D C:\Users\USer\Desktop\6max reships
2020-02-05 12:02 - 2020-02-20 13:00 - 000000000 ____D C:\Users\USer\AppData\LocalLow\Mozilla
2020-02-05 12:02 - 2020-02-20 12:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-02-05 12:02 - 2020-02-05 13:56 - 000000968 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-02-05 12:02 - 2020-02-05 12:02 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-02-05 12:02 - 2020-02-05 12:02 - 000000000 ____D C:\Users\USer\AppData\Roaming\Mozilla
2020-02-05 12:02 - 2020-02-05 12:02 - 000000000 ____D C:\Users\USer\AppData\Local\Mozilla
2020-02-05 12:02 - 2020-02-05 12:02 - 000000000 ____D C:\ProgramData\Mozilla
2020-02-05 11:53 - 2020-02-05 11:53 - 000000000 ____D C:\AdwCleaner

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-21 22:24 - 2020-01-10 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker
2020-02-21 22:24 - 2019-05-30 07:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-02-21 22:24 - 2019-05-07 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4GEE WiFi Portal
2020-02-21 22:24 - 2019-03-19 04:56 - 000000000 ____D C:\WINDOWS\Setup
2020-02-21 22:24 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-02-21 22:24 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-02-21 22:24 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-02-21 22:24 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-02-21 22:24 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-02-21 22:24 - 2019-03-19 04:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2020-02-21 22:24 - 2018-09-12 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2020-02-21 22:24 - 2018-07-05 07:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combonator
2020-02-21 22:24 - 2018-07-02 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG4100 series
2020-02-21 22:24 - 2017-11-01 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2020-02-21 22:24 - 2017-10-24 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple3Way
2020-02-21 22:24 - 2016-07-13 14:47 - 000000000 ____D C:\WINDOWS\SysWOW64\STRING
2020-02-21 22:24 - 2016-06-13 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2020-02-21 22:24 - 2016-04-26 15:47 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2020-02-21 22:24 - 2016-04-26 15:47 - 000000000 ____D C:\WINDOWS\system32\STRING
2020-02-21 22:24 - 2016-04-08 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2
2020-02-21 22:24 - 2016-04-08 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.4
2020-02-21 22:24 - 2016-04-08 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.UK
2020-02-21 22:24 - 2016-04-05 14:34 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2020-02-21 22:24 - 2016-04-05 14:31 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2020-02-21 22:24 - 2016-04-05 14:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2020-02-21 22:24 - 2010-11-21 07:16 - 000000000 ____D C:\WINDOWS\ShellNew
2020-02-21 22:24 - 2009-07-14 05:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-02-21 22:24 - 2009-07-14 03:20 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2020-02-21 22:24 - 2009-07-14 03:20 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-02-21 22:16 - 2019-03-19 04:52 - 000000000 __SHD C:\Program Files\Windows Sidebar
2020-02-21 22:16 - 2019-03-19 04:52 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2020-02-21 22:16 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2020-02-21 22:16 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\IME
2020-02-21 22:16 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\schemas
2020-02-21 22:16 - 2016-04-26 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2020-02-21 22:16 - 2016-04-08 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
2020-02-21 22:16 - 2016-04-04 16:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
2020-02-21 22:16 - 2016-04-04 15:59 - 000000000 ____D C:\Program Files\Realtek
2020-02-21 22:16 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files\Microsoft Games
2020-02-21 22:16 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files\DVD Maker
2020-02-21 22:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-02-21 22:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-02-21 22:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-02-21 22:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2020-02-21 22:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-02-21 22:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-02-21 22:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-02-21 22:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-02-21 22:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-02-21 22:14 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\servicing
2020-02-21 22:09 - 2020-01-09 21:24 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2020-02-21 22:09 - 2020-01-09 21:24 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2020-02-21 22:09 - 2020-01-09 21:24 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2020-02-21 22:09 - 2020-01-09 21:24 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2020-02-21 22:09 - 2020-01-09 21:24 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2020-02-21 22:09 - 2020-01-09 21:24 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2020-02-21 22:09 - 2020-01-09 21:24 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2020-02-21 22:09 - 2020-01-09 21:24 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2020-02-21 22:09 - 2020-01-09 21:24 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2020-02-21 22:09 - 2020-01-09 21:24 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2020-02-21 22:09 - 2019-03-19 05:00 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2020-02-21 22:09 - 2019-03-19 05:00 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2020-02-21 22:09 - 2019-03-19 05:00 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2020-02-21 22:09 - 2019-03-19 05:00 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2020-02-21 22:09 - 2019-03-19 05:00 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2020-02-21 22:09 - 2019-03-19 05:00 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2020-02-21 22:09 - 2019-03-19 05:00 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2020-02-21 22:09 - 2019-03-19 05:00 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2020-02-21 22:09 - 2019-03-19 05:00 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2020-02-21 22:09 - 2019-03-19 05:00 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2020-02-21 22:09 - 2019-03-19 05:00 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2020-02-21 22:09 - 2019-03-19 05:00 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2020-02-21 22:09 - 2019-03-19 05:00 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2020-02-21 22:09 - 2019-03-19 05:00 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2020-02-21 22:09 - 2019-03-19 04:58 - 001401344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2020-02-21 22:09 - 2019-03-19 04:58 - 000783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2020-02-21 22:09 - 2019-03-19 04:58 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2020-02-21 22:09 - 2019-03-19 04:58 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2020-02-21 22:09 - 2019-03-19 04:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2020-02-21 22:09 - 2019-03-19 04:58 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2020-02-21 22:09 - 2019-03-19 04:58 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2020-02-21 22:09 - 2019-03-19 04:58 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2020-02-21 22:09 - 2019-03-19 04:58 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2020-02-21 22:09 - 2019-03-19 04:58 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2020-02-21 22:09 - 2019-03-19 04:58 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2020-02-21 22:09 - 2019-03-19 04:58 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2020-02-21 22:09 - 2019-03-19 04:58 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2020-02-21 22:09 - 2019-03-19 04:58 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2020-02-21 22:09 - 2019-03-19 04:57 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2020-02-21 22:09 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2020-02-21 22:09 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2020-02-21 22:08 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2020-02-21 22:08 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2020-02-21 22:08 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2020-02-21 22:08 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2020-02-21 22:08 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2020-02-21 22:08 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2020-02-21 22:08 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\et-EE
2020-02-21 22:08 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2020-02-21 22:03 - 2010-11-21 07:16 - 000000000 ___RD C:\Users\Public\Recorded TV
2020-02-21 15:00 - 2017-08-01 09:33 - 000001078 _____ C:\Users\USer\Desktop\StarsHelper.lnk
2020-02-21 15:00 - 2016-04-08 14:55 - 000001088 _____ C:\Users\USer\Desktop\Holdem Manager.lnk
2020-02-21 15:00 - 2016-04-08 14:55 - 000000000 ____D C:\Users\USer\AppData\Roaming\HoldemManager
2020-02-21 14:56 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-02-21 14:56 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ServiceState
2020-02-21 14:56 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-02-21 14:54 - 2019-03-19 06:19 - 000000000 ____D C:\WINDOWS\OCR
2020-02-21 14:54 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-21 14:54 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-02-21 14:46 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-02-21 14:34 - 2019-03-19 04:50 - 000000000 ____D C:\WINDOWS\INF
2020-02-21 14:31 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\spool
2020-02-21 14:31 - 2019-03-19 04:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-02-21 14:30 - 2019-03-19 04:52 - 000000000 __RSD C:\WINDOWS\Media
2020-02-21 14:30 - 2019-03-19 04:52 - 000000000 __RHD C:\Users\Public\Libraries
2020-02-21 14:28 - 2019-03-19 04:37 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2020-02-21 14:28 - 2017-03-20 11:48 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-02-21 14:27 - 2017-08-01 09:33 - 000000000 ____D C:\Users\USer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarsHelper
2020-02-21 14:27 - 2016-12-31 18:13 - 000000000 ____D C:\Users\USer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2020-02-21 14:27 - 2016-04-05 12:00 - 000892382 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2020-02-21 14:26 - 2019-03-19 04:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-02-21 14:26 - 2019-03-19 04:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-02-21 14:26 - 2016-05-18 22:13 - 000000000 ____D C:\AMD
2020-02-21 14:26 - 2016-04-08 14:42 - 000000000 ____D C:\ProgramData\Package Cache
2020-02-21 14:26 - 2016-04-04 15:59 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2020-02-21 13:57 - 2016-12-31 18:13 - 000000000 ____D C:\Users\USer\AppData\Roaming\discord
2020-02-21 13:57 - 2009-07-14 04:45 - 000032352 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-02-21 13:57 - 2009-07-14 04:45 - 000032352 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-02-21 11:42 - 2016-04-21 12:05 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-02-21 11:00 - 2016-04-08 14:02 - 000000000 ____D C:\ProgramData\AVAST Software
2020-02-21 00:00 - 2016-04-08 14:41 - 000000000 ____D C:\Users\USer\AppData\Local\PokerStars.UK
2020-02-20 11:04 - 2016-04-08 14:06 - 000000000 ____D C:\Program Files (x86)\Google
2020-02-16 19:14 - 2016-05-17 12:36 - 000000000 ____D C:\Users\USer\AppData\Local\ElevatedDiagnostics
2020-02-16 10:40 - 2016-04-05 14:30 - 000000000 ____D C:\Users\USer\AppData\Local\Adobe
2020-02-14 11:54 - 2016-04-05 14:32 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-02-13 01:20 - 2016-04-05 11:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-02-13 01:18 - 2016-04-05 11:11 - 120407888 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-02-10 01:47 - 2016-04-08 17:54 - 000000000 ____D C:\Users\USer\AppData\Local\Equilab
2020-02-10 00:15 - 2019-01-07 17:03 - 000000000 ____D C:\Users\USer\AppData\Roaming\ICMIZER
2020-02-09 23:42 - 2016-04-13 12:14 - 000000000 ____D C:\Users\USer\Desktop\Marked Hnads for Coaching
2020-02-09 23:35 - 2019-07-18 22:11 - 000000000 ____D C:\Users\USer\Desktop\6max bubble
2020-01-23 13:11 - 2017-12-20 19:43 - 000000000 ____D C:\Users\USer\AppData\Local\PokerClient
2020-01-22 00:41 - 2019-01-07 17:03 - 000002200 _____ C:\Users\USer\Desktop\ICMIZER.lnk

==================== Files in the root of some directories ========

2017-10-20 13:31 - 2017-10-20 13:31 - 000000068 _____ () C:\Users\USer\AppData\Roaming\changzhi_leidian.data
2017-10-20 13:37 - 2017-10-20 13:37 - 000000068 _____ () C:\Users\USer\AppData\Roaming\changzhi_mplayer.data
2016-04-08 16:41 - 2016-06-13 13:02 - 000008704 ___SH () C:\Users\USer\AppData\Roaming\Thumbs.db
2016-04-08 16:21 - 2016-04-08 16:21 - 000033193 _____ () C:\Users\USer\AppData\Roaming\UserTile.png
2016-04-08 16:26 - 2016-04-08 16:26 - 000000017 _____ () C:\Users\USer\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[icotonev]

Please do the following ..:


Turn off Google Chrome sync with the cloud:


https://forums.malwarebytes.com/topi...ys-comes-back/


Then..:


Reset Google Chrome

Note: this step will revert some Chrome browser settings to default.
For a complete list of what is removed during a Chrome reset, see here for more information.

• Open Google Chrome.
• Click the Menu icon in the upper right corner of the Chrome window (three dots) and select Settings.
• Under Reset and Cleanup, select Reset Settings.
• Select Reset Settings to confirm the reset.

 

[TonyH99]

Ok Ive done as directed but first thing I noticed is that sync wasnt turned on to start with but i turned it on briefly then followed everything step by step. I'll keep you posted how it performs this time but no threats were found still using malwarebytes so unsure.

 

[icotonev]

Ok Ive done as directed but first thing I noticed is that sync wasnt turned on to start with but i turned it on briefly then followed everything step by step. I'll keep you posted how it performs this time but no threats were found still using malwarebytes so unsure.

Hi , TonyH99 , do you still need help? What happens to your system ..?

 

[icotonev]

Due to lack of response, this topic will now be closed. If you need support, please begin a new thread, and provide a link to this topic. Have a nice day. ...!