Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Can't get rid of qte search
Message
<blockquote data-quote="Tomgudge123" data-source="post: 820314" data-attributes="member: 80430"><p>Hi,</p><p></p><p>I wonder if anyone could advise me on how to remove qte search/view-search? Its taken over my Microsoft Edge browser and I've tried everything in the Malware tips guide. I've scanned my PC with Hitman Pro, Zemana and Malware Bytes, all of which identified the problem and claimed resolve it but when I use my browser it's still there. I have also used the Emisoft Emergency Kit, but no luck there and I have tried resetting Microsoft Edge. For some reason it seemed to have gone all day yesterday but it has come back again today (I haven't downloaded anything in that time). I have also gone into add/remove programs and deleted a program called 'premier opinion' which I thought was probably the cause, but that didn't work either. What else can I do to remove it?</p><p></p><p></p><p>(I have also altered the settings in the browser to set a different homepage, but qte always comes back)</p><p></p><p>I couldn't work out how to upload the FRST and Addition scans so I've copied and pasted them here:</p><p>[spoiler=FRST]</p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2019</p><p>Ran by Tom (administrator) on DESKTOP-3FG400O (HP-Pavilion WC875AA-ABU s5300uk) (16-06-2019 21:27:26)</p><p>Running from C:\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads</p><p>Loaded Profiles: Tom (Available Profiles: Tom)</p><p>Platform: Windows 10 Home Version 1809 17763.557 (X64) Language: English (United Kingdom)</p><p>Default browser: Edge</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p>==================== Processes (Whitelisted) =================</p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p>() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe</p><p>() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19051.545.0_x64__8wekyb3d8bbwe\YourPhone.exe</p><p>(Apple Inc. -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe</p><p>(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe</p><p>(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe</p><p>(Microsoft Corporation -> Microsoft Corporation) C:\Users\Tom\AppData\Local\Microsoft\OneDrive\OneDrive.exe</p><p>(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe</p><p>(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe</p><p>(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe</p><p>(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe</p><p>(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe</p><p>(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe</p><p>(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe</p><p>(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe</p><p>(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJBE.EXE</p><p>(Zemana D.O.O. Sarajevo -> Copyright 2018.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe</p><p>(Zemana D.O.O. Sarajevo -> Copyright 2018.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe</p><p>==================== Registry (Whitelisted) ===========================</p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p>HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-29] (NVIDIA Corporation -> NVIDIA Corporation)</p><p>HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)</p><p>HKU\S-1-5-21-3778470857-3354985126-2849173473-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIJBE.EXE [283232 2012-10-01] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)</p><p>HKU\S-1-5-21-3778470857-3354985126-2849173473-1001\...\Run: [Dashlane] => "C:\Users\Tom\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup</p><p>FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION</p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p>Task: {0B08AF9E-7FC9-4C0C-B7B7-4C5FFBFF69B6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)</p><p>Task: {3F081A86-7CE9-43EF-B23A-99F0B4B92172} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)</p><p>Task: {B492E932-1C2D-4A83-B80D-395E01D317E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)</p><p>Task: {E3D74035-051D-4702-BA7F-8B4B197C6B44} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)</p><p>Task: {FF72E5D1-E548-4A26-A99D-E618C2368985} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)</p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p>Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe</p><p>==================== Internet (Whitelisted) ====================</p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.0.1</p><p>Tcpip\..\Interfaces\{4f549456-cb09-491e-93fe-37c52b6900a1}: [DhcpNameServer] 192.168.0.1</p><p>Internet Explorer:</p><p>==================</p><p>SearchScopes: HKLM -> DefaultScope value is missing</p><p>SearchScopes: HKU\S-1-5-21-3778470857-3354985126-2849173473-1001 -> {F5D00627-E61D-4C56-8A6F-B00363D6E2E9} URL =</p><p>Edge:</p><p>======</p><p>Edge HomeButtonPage: HKU\S-1-5-21-3778470857-3354985126-2849173473-1001 -> hxxp://www.google.com</p><p>==================== Services (Whitelisted) ====================</p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p>R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)</p><p>R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)</p><p>R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)</p><p>R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.)</p><p>S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]</p><p>===================== Drivers (Whitelisted) ======================</p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p>S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)</p><p>R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)</p><p>R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-06-15] (Malwarebytes Corporation -> Malwarebytes)</p><p>S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)</p><p>R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-06-16] (Malwarebytes Corporation -> Malwarebytes)</p><p>R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-06-16] (Malwarebytes Corporation -> Malwarebytes)</p><p>R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-16] (Malwarebytes Corporation -> Malwarebytes)</p><p>R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-06-16] (Malwarebytes Corporation -> Malwarebytes)</p><p>S0 nvrd64; C:\WINDOWS\System32\drivers\nvrd64.sys [175648 2009-06-22] (NVIDIA Corporation -> NVIDIA Corporation)</p><p>S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)</p><p>S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)</p><p>R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-04] (Microsoft Windows -> Microsoft Corporation)</p><p>R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-04] (Microsoft Windows -> Microsoft Corporation)</p><p>R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-06-15] (Zemana Ltd. -> Zemana Ltd.)</p><p>R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-15] (Zemana Ltd. -> Zemana Ltd.)</p><p>==================== NetSvcs (Whitelisted) ===================</p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>==================== One month (created) ========</p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p>2019-06-16 21:27 - 2019-06-16 21:27 - 000000000 ____D C:\FRST</p><p>2019-06-16 21:15 - 2019-06-16 21:15 - 000000000 ___HD C:\OneDriveTemp</p><p>2019-06-16 21:14 - 2019-06-16 21:14 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys</p><p>2019-06-16 21:14 - 2019-06-16 21:14 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys</p><p>2019-06-16 21:14 - 2019-06-16 21:14 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys</p><p>2019-06-16 21:14 - 2019-06-16 21:14 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys</p><p>2019-06-15 20:09 - 2019-06-15 20:09 - 000000000 ____D C:\ProgramData\Emsisoft</p><p>2019-06-15 20:06 - 2019-06-15 20:22 - 000000000 ____D C:\EEK</p><p>2019-06-15 19:49 - 2019-06-15 19:49 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys</p><p>2019-06-15 19:49 - 2019-06-15 19:49 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk</p><p>2019-06-15 19:49 - 2019-06-15 19:49 - 000000000 ____D C:\Users\Tom\AppData\Local\mbamtray</p><p>2019-06-15 19:49 - 2019-06-15 19:49 - 000000000 ____D C:\Users\Tom\AppData\Local\mbam</p><p>2019-06-15 19:49 - 2019-06-15 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes</p><p>2019-06-15 19:49 - 2019-06-15 19:49 - 000000000 ____D C:\ProgramData\Malwarebytes</p><p>2019-06-15 19:49 - 2019-06-15 19:49 - 000000000 ____D C:\Program Files\Malwarebytes</p><p>2019-06-15 19:49 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys</p><p>2019-06-15 19:49 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys</p><p>2019-06-15 19:27 - 2019-06-16 21:28 - 000174968 _____ C:\WINDOWS\ZAM.krnl.trace</p><p>2019-06-15 19:27 - 2019-06-16 21:27 - 000037236 _____ C:\WINDOWS\ZAM_Guard.krnl.trace</p><p>2019-06-15 19:27 - 2019-06-15 19:27 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys</p><p>2019-06-15 19:27 - 2019-06-15 19:27 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys</p><p>2019-06-15 19:27 - 2019-06-15 19:27 - 000001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk</p><p>2019-06-15 19:27 - 2019-06-15 19:27 - 000000000 ____D C:\Users\Tom\AppData\Local\Zemana</p><p>2019-06-15 19:27 - 2019-06-15 19:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware</p><p>2019-06-15 19:27 - 2019-06-15 19:27 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware</p><p>2019-06-15 19:23 - 2019-06-15 19:23 - 000000926 _____ C:\WINDOWS\system32\.crusader</p><p>2019-06-15 19:20 - 2019-06-15 19:20 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2019-06-15 19:20 - 2019-06-15 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2019-06-15 19:20 - 2019-06-15 19:20 - 000000000 ____D C:\Program Files\HitmanPro</p><p>2019-06-15 19:18 - 2019-06-15 19:23 - 000000000 ____D C:\ProgramData\HitmanPro</p><p>2019-06-14 10:02 - 2019-06-14 10:02 - 001993528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll</p><p>2019-06-13 22:06 - 2019-06-13 22:06 - 000065452 _____ C:\WINDOWS\ntbtlog.txt</p><p>2019-06-13 22:06 - 2019-06-13 22:06 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job</p><p>2019-06-13 21:40 - 2019-06-13 21:40 - 000000000 ____D C:\Users\Tom\Documents\TotalAV</p><p>2019-06-13 21:39 - 2019-06-13 21:39 - 000000000 ____D C:\ProgramData\SecuritySuite</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 023438336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 022114960 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 018999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 012869120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 012162048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 007875072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 006926336 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 006547144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 006309256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 005588184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 005112792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 004661760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 004627456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 003983872 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 003906560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 003344896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 003091968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 002926096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 002777736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 002690048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 002627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 002276192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001860608 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001761280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001750016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001700312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001670840 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001644544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001618944 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuin.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001483872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001466496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001342904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001260048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001180184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000586040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000555232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000553664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000515152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000513904 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000451104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000427688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000398208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000351744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000287912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000262160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000091424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000087864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AssignedAccessRuntime.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll</p><p>2019-06-12 08:44 - 2019-06-12 08:44 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:44 - 005297152 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 003385344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 003270144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 002928640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 002653696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 002638336 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001929216 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001860096 ____R (The ICU Project) C:\WINDOWS\system32\icuin.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001298952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001229824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001219424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000752144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000730592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000676048 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000651064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000615440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000604344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000506192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000419368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000404792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000386576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000375544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000247608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000196920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000152896 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000152400 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000137056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000125528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000114648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000101176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingFilterDS.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessRuntime.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin</p><p>2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin</p><p>2019-06-11 22:51 - 2019-06-11 22:51 - 000001264 _____ C:\Users\Tom\Downloads\Slamming (1)</p><p>2019-06-11 22:51 - 2019-06-11 22:51 - 000001264 _____ C:\Users\Tom\Downloads\Slamming</p><p>2019-06-07 22:25 - 2019-06-07 18:10 - 001228590 _____ C:\Users\Tom\Documents\untitled_0.odp</p><p>2019-06-07 21:22 - 2019-06-07 21:22 - 000000000 ____D C:\Users\Tom\Documents\REAPER Media</p><p>2019-06-07 20:51 - 2019-06-07 20:57 - 000000000 ____D C:\Users\Tom\AppData\Roaming\REAPER</p><p>2019-06-07 20:46 - 2019-06-07 20:46 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software</p><p>2019-06-07 20:34 - 2019-06-07 20:34 - 000000550 _____ C:\abtext.txt</p><p>2019-06-07 20:29 - 2019-06-07 20:38 - 000000000 ____D C:\Program Files (x86)\MP3Gain</p><p>2019-06-07 20:29 - 2019-06-07 20:29 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain</p><p>2019-06-07 20:28 - 2019-06-12 08:24 - 000000000 ____D C:\Users\Tom\AppData\Local\WallpaperSuite</p><p>2019-06-07 20:28 - 2019-06-07 20:44 - 000000000 ____D C:\Users\Tom\AppData\Roaming\pctonics.com</p><p>2019-06-07 20:28 - 2019-06-07 20:44 - 000000000 ____D C:\ProgramData\pctonics.com</p><p>2019-06-07 20:28 - 2019-06-07 20:28 - 001980509 _____ C:\Users\Tom\Downloads\mp3gain-win-full-1_3_4.exe</p><p>2019-06-05 20:35 - 2019-06-05 20:35 - 000001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZ Vinyl Tape Converter.lnk</p><p>2019-06-05 20:35 - 2019-06-05 20:35 - 000001367 _____ C:\Users\Tom\Desktop\EZ Vinyl Tape Converter.lnk</p><p>2019-06-05 20:35 - 2019-06-05 20:35 - 000000000 ____D C:\Program Files (x86)\Ion Audio</p><p>2019-06-05 20:34 - 2019-06-05 20:34 - 001514897 _____ C:\Users\Tom\Downloads\EZVinylTapeConverterSetup_Win_11-7.zip</p><p>2019-06-04 16:13 - 2019-06-04 16:13 - 000001220 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk</p><p>2019-06-04 16:13 - 2019-06-04 16:13 - 000001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk</p><p>2019-06-04 16:13 - 2019-06-04 16:13 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Canneverbe Limited</p><p>2019-06-04 16:13 - 2019-06-04 16:13 - 000000000 ____D C:\ProgramData\Canneverbe Limited</p><p>2019-06-04 16:13 - 2019-06-04 16:13 - 000000000 ____D C:\Program Files (x86)\CDBurnerXP</p><p>2019-06-01 21:45 - 2019-06-01 22:07 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Dashlane</p><p>2019-06-01 21:43 - 2019-06-01 21:43 - 000000000 ____D C:\ProgramData\UniqueId</p><p>2019-06-01 21:36 - 2019-06-01 21:36 - 024785176 _____ C:\Users\Tom\Downloads\MSAoE.exe</p><p>==================== One month (modified) ========</p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p>2019-06-16 21:21 - 2019-03-23 15:39 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2019-06-16 21:21 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF</p><p>2019-06-16 21:16 - 2019-03-23 15:30 - 000000000 ____D C:\Users\Tom</p><p>2019-06-16 21:15 - 2019-03-19 16:53 - 000000000 ___RD C:\Users\Tom\OneDrive</p><p>2019-06-16 21:15 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft</p><p>2019-06-16 21:14 - 2019-03-23 15:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2019-06-16 21:14 - 2018-09-15 07:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI</p><p>2019-06-16 20:43 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps</p><p>2019-06-16 20:43 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness</p><p>2019-06-16 20:27 - 2019-03-19 16:50 - 000000000 ____D C:\Users\Tom\AppData\Local\Packages</p><p>2019-06-16 19:41 - 2019-03-23 15:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy</p><p>2019-06-15 19:49 - 2019-03-22 21:59 - 000000000 ____D C:\Users\Tom\AppData\Local\CrashDumps</p><p>2019-06-15 19:49 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP</p><p>2019-06-14 10:02 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp</p><p>2019-06-13 21:36 - 2019-03-23 15:37 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3778470857-3354985126-2849173473-1001</p><p>2019-06-13 21:36 - 2019-03-23 15:30 - 000002361 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk</p><p>2019-06-13 08:01 - 2019-03-23 15:28 - 000290312 _____ C:\WINDOWS\system32\FNTCACHE.DAT</p><p>2019-06-13 08:01 - 2019-03-19 16:50 - 000000000 __RHD C:\Users\Public\AccountPictures</p><p>2019-06-13 08:01 - 2019-03-19 16:50 - 000000000 ___RD C:\Users\Tom\3D Objects</p><p>2019-06-13 08:00 - 2019-03-21 18:17 - 000000000 ____D C:\ProgramData\AVAST Software</p><p>2019-06-12 23:01 - 2018-09-15 08:33 - 000000000 ___RD C:\Program Files\Windows Defender</p><p>2019-06-12 23:01 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\migwiz</p><p>2019-06-12 23:01 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr</p><p>2019-06-12 08:37 - 2019-03-19 17:07 - 000000000 ____D C:\WINDOWS\system32\MRT</p><p>2019-06-12 08:35 - 2019-03-19 17:07 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2019-06-08 13:14 - 2019-03-19 16:50 - 000000000 ____D C:\Users\Tom\AppData\Local\VirtualStore</p><p>2019-06-04 20:35 - 2019-03-19 05:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd</p><p>2019-05-31 19:03 - 2018-09-15 08:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2019-05-31 19:03 - 2018-09-15 08:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2019-05-31 08:33 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports</p><p>2019-05-23 22:45 - 2019-03-19 18:44 - 000000000 ____D C:\ProgramData\Packages</p><p>==================== SigCheck ===============================</p><p>(There is no automatic fix for files that do not pass verification.)</p><p>==================== End of FRST.txt ============================</p><p>[/spoiler]</p><p></p><p>[spoiler=Addition]</p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2019</p><p>Ran by Tom (16-06-2019 21:29:28)</p><p>Running from C:\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads</p><p>Windows 10 Home Version 1809 17763.557 (X64) (2019-03-23 14:37:50)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p>==================== Accounts: =============================</p><p>Administrator (S-1-5-21-3778470857-3354985126-2849173473-500 - Administrator - Disabled)</p><p>DefaultAccount (S-1-5-21-3778470857-3354985126-2849173473-503 - Limited - Disabled)</p><p>Guest (S-1-5-21-3778470857-3354985126-2849173473-501 - Limited - Disabled)</p><p>Tom (S-1-5-21-3778470857-3354985126-2849173473-1001 - Administrator - Enabled) => C:\Users\Tom</p><p>WDAGUtilityAccount (S-1-5-21-3778470857-3354985126-2849173473-504 - Limited - Disabled)</p><p>==================== Security Center ========================</p><p>(If an entry is included in the fixlist, it will be removed.)</p><p>AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>==================== Installed Programs ======================</p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p>CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7042 - CDBurnerXP)</p><p>EPSON XP-700 Series Printer Uninstall (HKLM\...\EPSON XP-700 Series) (Version: - SEIKO EPSON Corporation)</p><p>EZ Vinyl/Tape Converter by Ion Audio 11.7.0 (HKLM-x32\...\EZ Vinyl/Tape Converter by Ion Audio_is1) (Version: 11.7.0 - Ion Audio LLC)</p><p>HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.14.304 - SurfRight B.V.)</p><p>Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)</p><p>Microsoft OneDrive (HKU\S-1-5-21-3778470857-3354985126-2849173473-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)</p><p>NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)</p><p>OpenOffice 4.1.6 (HKLM-x32\...\{9C4CE297-775F-4579-80E5-2DF06E554998}) (Version: 4.16.9790 - Apache Software Foundation)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)</p><p>Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)</p><p>Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)</p><p>Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.664 - Zemana Ltd.)</p><p>Packages:</p><p>=========</p><p>Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220 [2019-03-23] (Dolby Laboratories)</p><p>iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa [2019-05-29] (Apple Inc.)</p><p>Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]</p><p>Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-19] (Microsoft Corporation) [MS Ad]</p><p>Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-19] (Microsoft Corporation) [MS Ad]</p><p>Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]</p><p>Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]</p><p>MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-19] (Microsoft Corporation) [MS Ad]</p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p>ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File</p><p>ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-06-15] (Zemana D.O.O. Sarajevo -> )</p><p>ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)</p><p>ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-01-29] (NVIDIA Corporation -> NVIDIA Corporation)</p><p>ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-06-15] (Zemana D.O.O. Sarajevo -> )</p><p>ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)</p><p>==================== Shortcuts & WMI ========================</p><p>(The entries could be listed to be restored or removed.)</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver"</p><p>==================== Association (Whitelisted) ===============</p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p>==================== Hosts content: ===============================</p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p>2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts</p><p></p><p>==================== Other Areas ============================</p><p>(Currently there is no automatic fix for this section.)</p><p>HKU\S-1-5-21-3778470857-3354985126-2849173473-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\cosmic%20dewdrops.jpg</p><p>DNS Servers: 192.168.0.1</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )</p><p>Windows Firewall is enabled.</p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p>If an entry is included in the fixlist, it will be removed.</p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p>FirewallRules: [{C8FF8B0F-BF73-4ABF-AF56-B2F61F85D1F0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)</p><p>FirewallRules: [{2D9B8479-506B-4CFA-903A-B90F8920CDEA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)</p><p>FirewallRules: [{2D82E202-5358-4EB8-B559-B251026BDA3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)</p><p>FirewallRules: [{4A8F0655-7FC9-4583-84E9-088B356D60EC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)</p><p>FirewallRules: [{913109A8-2ADB-4086-B187-58790C2A803D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)</p><p>FirewallRules: [{C9F0BD92-CE9D-4F2F-BE1B-E718B992FD15}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)</p><p>FirewallRules: [{96E6EF92-45E0-47D0-BB67-B165AC36125A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)</p><p>FirewallRules: [{917E20EA-CE36-4A98-8931-618F5692C980}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)</p><p>==================== Restore Points =========================</p><p>27-05-2019 21:50:06 Scheduled Checkpoint</p><p>06-06-2019 20:12:39 Scheduled Checkpoint</p><p>07-06-2019 20:29:13 Driver Tonic</p><p>12-06-2019 08:35:23 Windows Update</p><p>15-06-2019 19:09:32 Removed WinZip 23.0.</p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>==================== Event log errors: =========================</p><p>Application errors:</p><p>==================</p><p>Error: (06/15/2019 07:49:53 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: mbam.exe, version: 3.1.0.1807, time stamp: 0x5cc0b6f1</p><p>Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5cba0161</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x0018dc19</p><p>Faulting process ID: 0x1fd0</p><p>Faulting application start time: 0x01d523ab1aef9d83</p><p>Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe</p><p>Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll</p><p>Report ID: ac702dc7-40d7-4018-8f71-dd00c08ff1bc</p><p>Faulting package full name:</p><p>Faulting package-relative application ID:</p><p>Error: (06/15/2019 07:42:54 PM) (Source: SecurityCenter) (EventID: 17) (User: )</p><p>Description: Security Center failed to validate caller with error %1.</p><p>Error: (06/15/2019 06:24:44 PM) (Source: SecurityCenter) (EventID: 17) (User: )</p><p>Description: Security Center failed to validate caller with error %1.</p><p>Error: (06/15/2019 05:43:36 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17763.1, time stamp: 0x90f701bc</p><p>Faulting module name: edgehtml.dll, version: 11.0.17763.557, time stamp: 0x354992b2</p><p>Exception code: 0xc00001ad</p><p>Fault offset: 0x00000000007a562c</p><p>Faulting process ID: 0xf14</p><p>Faulting application start time: 0x01d523997014f1bb</p><p>Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe</p><p>Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll</p><p>Report ID: 69d6d166-2b75-4a89-848e-bf9a4963f71a</p><p>Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe</p><p>Faulting package-relative application ID: MicrosoftEdge</p><p>Error: (06/15/2019 05:24:44 PM) (Source: SecurityCenter) (EventID: 17) (User: )</p><p>Description: Security Center failed to validate caller with error %1.</p><p>Error: (06/15/2019 04:24:44 PM) (Source: SecurityCenter) (EventID: 17) (User: )</p><p>Description: Security Center failed to validate caller with error %1.</p><p>Error: (06/15/2019 03:24:43 PM) (Source: SecurityCenter) (EventID: 17) (User: )</p><p>Description: Security Center failed to validate caller with error %1.</p><p>Error: (06/15/2019 02:24:43 PM) (Source: SecurityCenter) (EventID: 17) (User: )</p><p>Description: Security Center failed to validate caller with error %1.</p><p></p><p>System errors:</p><p>=============</p><p>Error: (06/16/2019 09:17:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID</p><p>Windows.SecurityCenter.SecurityAppBroker</p><p>and APPID</p><p>Unavailable</p><p> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p>Error: (06/16/2019 09:17:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID</p><p>Windows.SecurityCenter.WscBrokerManager</p><p>and APPID</p><p>Unavailable</p><p> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p>Error: (06/16/2019 09:17:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID</p><p>Windows.SecurityCenter.WscDataProtection</p><p>and APPID</p><p>Unavailable</p><p> to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p>Error: (06/16/2019 09:15:38 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-3FG400O)</p><p>Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID</p><p>Windows.SecurityCenter.WscCloudBackupProvider</p><p>and APPID</p><p>Unavailable</p><p> to the user DESKTOP-3FG400O\Tom SID (S-1-5-21-3778470857-3354985126-2849173473-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.</p><p>Error: (06/16/2019 09:14:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The Stereo Service service failed to start due to the following error:</p><p>The system cannot find the file specified.</p><p>Error: (06/16/2019 09:14:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3FG400O)</p><p>Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.</p><p>Error: (06/16/2019 09:14:09 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3FG400O)</p><p>Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.</p><p>Error: (06/16/2019 09:14:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)</p><p>Description: The server {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} did not register with DCOM within the required timeout.</p><p></p><p>Windows Defender:</p><p>===================================</p><p>Date: 2019-06-05 22:33:29.130</p><p>Description:</p><p>Windows Defender Antivirus scan has been stopped before completion.</p><p>Scan ID: {BC5D239C-DAA6-4B66-8A6C-2DD504254212}</p><p>Scan Type: Antimalware</p><p>Scan Parameters: Quick Scan</p><p>Date: 2019-05-31 23:41:33.694</p><p>Description:</p><p>Windows Defender Antivirus scan has been stopped before completion.</p><p>Scan ID: {D9E64287-1356-4E8A-9094-F178DB690D1F}</p><p>Scan Type: Antimalware</p><p>Scan Parameters: Quick Scan</p><p>Date: 2019-06-13 22:06:13.198</p><p>Description:</p><p>Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.</p><p>Feature: On Access</p><p>Error Code: 0x8007043c</p><p>Error description: This service cannot be started in Safe Mode</p><p>Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.</p><p>CodeIntegrity:</p><p>===================================</p><p>Date: 2019-06-15 19:54:40.560</p><p>Description:</p><p>Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p>Date: 2019-06-15 19:54:40.272</p><p>Description:</p><p>Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p>Date: 2019-06-15 19:54:39.916</p><p>Description:</p><p>Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p>Date: 2019-06-15 19:54:39.640</p><p>Description:</p><p>Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p>Date: 2019-06-15 19:24:38.167</p><p>Description:</p><p>Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p>Date: 2019-06-15 19:14:57.848</p><p>Description:</p><p>Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.</p><p>Date: 2019-06-15 19:14:57.841</p><p>Description:</p><p>Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.</p><p>Date: 2019-06-15 19:14:57.834</p><p>Description:</p><p>Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.</p><p>==================== Memory info ===========================</p><p>BIOS: American Megatrends Inc. 5.19 02/10/2010</p><p>Motherboard: PEGATRON CORPORATION Narra6</p><p>Processor: AMD Athlon(tm) II X2 215 Processor</p><p>Percentage of memory in use: 54%</p><p>Total physical RAM: 6143.3 MB</p><p>Available physical RAM: 2804.71 MB</p><p>Total Virtual: 6527.3 MB</p><p>Available Virtual: 3223.2 MB</p><p>==================== Drives ================================</p><p>Drive c: () (Fixed) (Total:446.6 GB) (Free:255.68 GB) NTFS</p><p>Drive e: (Mame) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS</p><p>\\?\Volume{6c9590b0-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.12 GB) NTFS</p><p>==================== MBR & Partition Table ==================</p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 6C9590B0)</p><p>Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)</p><p>==================== End of Addition.txt ============================</p><p>[/spoiler]</p></blockquote><p></p>
[QUOTE="Tomgudge123, post: 820314, member: 80430"] Hi, I wonder if anyone could advise me on how to remove qte search/view-search? Its taken over my Microsoft Edge browser and I've tried everything in the Malware tips guide. I've scanned my PC with Hitman Pro, Zemana and Malware Bytes, all of which identified the problem and claimed resolve it but when I use my browser it's still there. I have also used the Emisoft Emergency Kit, but no luck there and I have tried resetting Microsoft Edge. For some reason it seemed to have gone all day yesterday but it has come back again today (I haven't downloaded anything in that time). I have also gone into add/remove programs and deleted a program called 'premier opinion' which I thought was probably the cause, but that didn't work either. What else can I do to remove it? (I have also altered the settings in the browser to set a different homepage, but qte always comes back) I couldn't work out how to upload the FRST and Addition scans so I've copied and pasted them here: [spoiler=FRST] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2019 Ran by Tom (administrator) on DESKTOP-3FG400O (HP-Pavilion WC875AA-ABU s5300uk) (16-06-2019 21:27:26) Running from C:\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads Loaded Profiles: Tom (Available Profiles: Tom) Platform: Windows 10 Home Version 1809 17763.557 (X64) Language: English (United Kingdom) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19051.545.0_x64__8wekyb3d8bbwe\YourPhone.exe (Apple Inc. -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Tom\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJBE.EXE (Zemana D.O.O. Sarajevo -> Copyright 2018.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Zemana D.O.O. Sarajevo -> Copyright 2018.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-29] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.) HKU\S-1-5-21-3778470857-3354985126-2849173473-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIJBE.EXE [283232 2012-10-01] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) HKU\S-1-5-21-3778470857-3354985126-2849173473-1001\...\Run: [Dashlane] => "C:\Users\Tom\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B08AF9E-7FC9-4C0C-B7B7-4C5FFBFF69B6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software) Task: {3F081A86-7CE9-43EF-B23A-99F0B4B92172} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B492E932-1C2D-4A83-B80D-395E01D317E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E3D74035-051D-4702-BA7F-8B4B197C6B44} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {FF72E5D1-E548-4A26-A99D-E618C2368985} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4f549456-cb09-491e-93fe-37c52b6900a1}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-3778470857-3354985126-2849173473-1001 -> {F5D00627-E61D-4C56-8A6F-B00363D6E2E9} URL = Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-3778470857-3354985126-2849173473-1001 -> hxxp://www.google.com ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [25160568 2019-02-14] (Zemana D.O.O. Sarajevo -> Copyright 2018.) S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-06-15] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-06-16] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-06-16] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-16] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-06-16] (Malwarebytes Corporation -> Malwarebytes) S0 nvrd64; C:\WINDOWS\System32\drivers\nvrd64.sys [175648 2009-06-22] (NVIDIA Corporation -> NVIDIA Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-04] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-04] (Microsoft Windows -> Microsoft Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2019-06-15] (Zemana Ltd. -> Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2019-06-15] (Zemana Ltd. -> Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-16 21:27 - 2019-06-16 21:27 - 000000000 ____D C:\FRST 2019-06-16 21:15 - 2019-06-16 21:15 - 000000000 ___HD C:\OneDriveTemp 2019-06-16 21:14 - 2019-06-16 21:14 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-06-16 21:14 - 2019-06-16 21:14 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-06-16 21:14 - 2019-06-16 21:14 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-06-16 21:14 - 2019-06-16 21:14 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-06-15 20:09 - 2019-06-15 20:09 - 000000000 ____D C:\ProgramData\Emsisoft 2019-06-15 20:06 - 2019-06-15 20:22 - 000000000 ____D C:\EEK 2019-06-15 19:49 - 2019-06-15 19:49 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-06-15 19:49 - 2019-06-15 19:49 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-06-15 19:49 - 2019-06-15 19:49 - 000000000 ____D C:\Users\Tom\AppData\Local\mbamtray 2019-06-15 19:49 - 2019-06-15 19:49 - 000000000 ____D C:\Users\Tom\AppData\Local\mbam 2019-06-15 19:49 - 2019-06-15 19:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-06-15 19:49 - 2019-06-15 19:49 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-06-15 19:49 - 2019-06-15 19:49 - 000000000 ____D C:\Program Files\Malwarebytes 2019-06-15 19:49 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-06-15 19:49 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-06-15 19:27 - 2019-06-16 21:28 - 000174968 _____ C:\WINDOWS\ZAM.krnl.trace 2019-06-15 19:27 - 2019-06-16 21:27 - 000037236 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2019-06-15 19:27 - 2019-06-15 19:27 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2019-06-15 19:27 - 2019-06-15 19:27 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2019-06-15 19:27 - 2019-06-15 19:27 - 000001221 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2019-06-15 19:27 - 2019-06-15 19:27 - 000000000 ____D C:\Users\Tom\AppData\Local\Zemana 2019-06-15 19:27 - 2019-06-15 19:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2019-06-15 19:27 - 2019-06-15 19:27 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2019-06-15 19:23 - 2019-06-15 19:23 - 000000926 _____ C:\WINDOWS\system32\.crusader 2019-06-15 19:20 - 2019-06-15 19:20 - 000001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2019-06-15 19:20 - 2019-06-15 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2019-06-15 19:20 - 2019-06-15 19:20 - 000000000 ____D C:\Program Files\HitmanPro 2019-06-15 19:18 - 2019-06-15 19:23 - 000000000 ____D C:\ProgramData\HitmanPro 2019-06-14 10:02 - 2019-06-14 10:02 - 001993528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2019-06-13 22:06 - 2019-06-13 22:06 - 000065452 _____ C:\WINDOWS\ntbtlog.txt 2019-06-13 22:06 - 2019-06-13 22:06 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2019-06-13 21:40 - 2019-06-13 21:40 - 000000000 ____D C:\Users\Tom\Documents\TotalAV 2019-06-13 21:39 - 2019-06-13 21:39 - 000000000 ____D C:\ProgramData\SecuritySuite 2019-06-12 08:44 - 2019-06-12 08:44 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 023438336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 022114960 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 018999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 012869120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 012162048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-06-12 08:44 - 2019-06-12 08:44 - 007875072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 006926336 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 006547144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 006309256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 005588184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 005112792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 004661760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 004627456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-06-12 08:44 - 2019-06-12 08:44 - 003983872 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 003906560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-06-12 08:44 - 2019-06-12 08:44 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-06-12 08:44 - 2019-06-12 08:44 - 003344896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 003091968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 002926096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-06-12 08:44 - 2019-06-12 08:44 - 002777736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 002690048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 002627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-06-12 08:44 - 2019-06-12 08:44 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-06-12 08:44 - 2019-06-12 08:44 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 002276192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2019-06-12 08:44 - 2019-06-12 08:44 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2019-06-12 08:44 - 2019-06-12 08:44 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001860608 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001761280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001750016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001700312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-06-12 08:44 - 2019-06-12 08:44 - 001670840 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001644544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001618944 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuin.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001483872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-06-12 08:44 - 2019-06-12 08:44 - 001466496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001342904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-06-12 08:44 - 2019-06-12 08:44 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001260048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-06-12 08:44 - 2019-06-12 08:44 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001180184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-06-12 08:44 - 2019-06-12 08:44 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-06-12 08:44 - 2019-06-12 08:44 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2019-06-12 08:44 - 2019-06-12 08:44 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000586040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000555232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000553664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-06-12 08:44 - 2019-06-12 08:44 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000515152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000513904 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2019-06-12 08:44 - 2019-06-12 08:44 - 000451104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2019-06-12 08:44 - 2019-06-12 08:44 - 000427688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000398208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe 2019-06-12 08:44 - 2019-06-12 08:44 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-06-12 08:44 - 2019-06-12 08:44 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000351744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe 2019-06-12 08:44 - 2019-06-12 08:44 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000287912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2019-06-12 08:44 - 2019-06-12 08:44 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000262160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-06-12 08:44 - 2019-06-12 08:44 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2019-06-12 08:44 - 2019-06-12 08:44 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000091424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000087864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AssignedAccessRuntime.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2019-06-12 08:44 - 2019-06-12 08:44 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2019-06-12 08:43 - 2019-06-12 08:44 - 005297152 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 003385344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 003270144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 002928640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 002653696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 002638336 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2019-06-12 08:43 - 2019-06-12 08:43 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 001929216 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 001860096 ____R (The ICU Project) C:\WINDOWS\system32\icuin.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 001298952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-06-12 08:43 - 2019-06-12 08:43 - 001229824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 001219424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-06-12 08:43 - 2019-06-12 08:43 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-06-12 08:43 - 2019-06-12 08:43 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-06-12 08:43 - 2019-06-12 08:43 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000752144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000730592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000676048 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-06-12 08:43 - 2019-06-12 08:43 - 000651064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 000615440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 000604344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2019-06-12 08:43 - 2019-06-12 08:43 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000506192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000419368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000404792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000386576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000375544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2019-06-12 08:43 - 2019-06-12 08:43 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000247608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 000196920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe 2019-06-12 08:43 - 2019-06-12 08:43 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000152896 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000152400 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000137056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000125528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000114648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000101176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingFilterDS.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-06-12 08:43 - 2019-06-12 08:43 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe 2019-06-12 08:43 - 2019-06-12 08:43 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessRuntime.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2019-06-12 08:43 - 2019-06-12 08:43 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2019-06-12 08:43 - 2019-06-12 08:43 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2019-06-11 22:51 - 2019-06-11 22:51 - 000001264 _____ C:\Users\Tom\Downloads\Slamming (1) 2019-06-11 22:51 - 2019-06-11 22:51 - 000001264 _____ C:\Users\Tom\Downloads\Slamming 2019-06-07 22:25 - 2019-06-07 18:10 - 001228590 _____ C:\Users\Tom\Documents\untitled_0.odp 2019-06-07 21:22 - 2019-06-07 21:22 - 000000000 ____D C:\Users\Tom\Documents\REAPER Media 2019-06-07 20:51 - 2019-06-07 20:57 - 000000000 ____D C:\Users\Tom\AppData\Roaming\REAPER 2019-06-07 20:46 - 2019-06-07 20:46 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software 2019-06-07 20:34 - 2019-06-07 20:34 - 000000550 _____ C:\abtext.txt 2019-06-07 20:29 - 2019-06-07 20:38 - 000000000 ____D C:\Program Files (x86)\MP3Gain 2019-06-07 20:29 - 2019-06-07 20:29 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain 2019-06-07 20:28 - 2019-06-12 08:24 - 000000000 ____D C:\Users\Tom\AppData\Local\WallpaperSuite 2019-06-07 20:28 - 2019-06-07 20:44 - 000000000 ____D C:\Users\Tom\AppData\Roaming\pctonics.com 2019-06-07 20:28 - 2019-06-07 20:44 - 000000000 ____D C:\ProgramData\pctonics.com 2019-06-07 20:28 - 2019-06-07 20:28 - 001980509 _____ C:\Users\Tom\Downloads\mp3gain-win-full-1_3_4.exe 2019-06-05 20:35 - 2019-06-05 20:35 - 000001379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZ Vinyl Tape Converter.lnk 2019-06-05 20:35 - 2019-06-05 20:35 - 000001367 _____ C:\Users\Tom\Desktop\EZ Vinyl Tape Converter.lnk 2019-06-05 20:35 - 2019-06-05 20:35 - 000000000 ____D C:\Program Files (x86)\Ion Audio 2019-06-05 20:34 - 2019-06-05 20:34 - 001514897 _____ C:\Users\Tom\Downloads\EZVinylTapeConverterSetup_Win_11-7.zip 2019-06-04 16:13 - 2019-06-04 16:13 - 000001220 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2019-06-04 16:13 - 2019-06-04 16:13 - 000001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2019-06-04 16:13 - 2019-06-04 16:13 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Canneverbe Limited 2019-06-04 16:13 - 2019-06-04 16:13 - 000000000 ____D C:\ProgramData\Canneverbe Limited 2019-06-04 16:13 - 2019-06-04 16:13 - 000000000 ____D C:\Program Files (x86)\CDBurnerXP 2019-06-01 21:45 - 2019-06-01 22:07 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Dashlane 2019-06-01 21:43 - 2019-06-01 21:43 - 000000000 ____D C:\ProgramData\UniqueId 2019-06-01 21:36 - 2019-06-01 21:36 - 024785176 _____ C:\Users\Tom\Downloads\MSAoE.exe ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-16 21:21 - 2019-03-23 15:39 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-06-16 21:21 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF 2019-06-16 21:16 - 2019-03-23 15:30 - 000000000 ____D C:\Users\Tom 2019-06-16 21:15 - 2019-03-19 16:53 - 000000000 ___RD C:\Users\Tom\OneDrive 2019-06-16 21:15 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-06-16 21:14 - 2019-03-23 15:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-06-16 21:14 - 2018-09-15 07:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2019-06-16 20:43 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps 2019-06-16 20:43 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-06-16 20:27 - 2019-03-19 16:50 - 000000000 ____D C:\Users\Tom\AppData\Local\Packages 2019-06-16 19:41 - 2019-03-23 15:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-06-15 19:49 - 2019-03-22 21:59 - 000000000 ____D C:\Users\Tom\AppData\Local\CrashDumps 2019-06-15 19:49 - 2018-09-15 08:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-06-14 10:02 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-06-13 21:36 - 2019-03-23 15:37 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3778470857-3354985126-2849173473-1001 2019-06-13 21:36 - 2019-03-23 15:30 - 000002361 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-06-13 08:01 - 2019-03-23 15:28 - 000290312 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-06-13 08:01 - 2019-03-19 16:50 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-06-13 08:01 - 2019-03-19 16:50 - 000000000 ___RD C:\Users\Tom\3D Objects 2019-06-13 08:00 - 2019-03-21 18:17 - 000000000 ____D C:\ProgramData\AVAST Software 2019-06-12 23:01 - 2018-09-15 08:33 - 000000000 ___RD C:\Program Files\Windows Defender 2019-06-12 23:01 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\migwiz 2019-06-12 23:01 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-06-12 08:37 - 2019-03-19 17:07 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-06-12 08:35 - 2019-03-19 17:07 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-06-08 13:14 - 2019-03-19 16:50 - 000000000 ____D C:\Users\Tom\AppData\Local\VirtualStore 2019-06-04 20:35 - 2019-03-19 05:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-05-31 19:03 - 2018-09-15 08:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-05-31 19:03 - 2018-09-15 08:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-05-31 08:33 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-05-23 22:45 - 2019-03-19 18:44 - 000000000 ____D C:\ProgramData\Packages ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================ [/spoiler] [spoiler=Addition] Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2019 Ran by Tom (16-06-2019 21:29:28) Running from C:\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads Windows 10 Home Version 1809 17763.557 (X64) (2019-03-23 14:37:50) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3778470857-3354985126-2849173473-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3778470857-3354985126-2849173473-503 - Limited - Disabled) Guest (S-1-5-21-3778470857-3354985126-2849173473-501 - Limited - Disabled) Tom (S-1-5-21-3778470857-3354985126-2849173473-1001 - Administrator - Enabled) => C:\Users\Tom WDAGUtilityAccount (S-1-5-21-3778470857-3354985126-2849173473-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7042 - CDBurnerXP) EPSON XP-700 Series Printer Uninstall (HKLM\...\EPSON XP-700 Series) (Version: - SEIKO EPSON Corporation) EZ Vinyl/Tape Converter by Ion Audio 11.7.0 (HKLM-x32\...\EZ Vinyl/Tape Converter by Ion Audio_is1) (Version: 11.7.0 - Ion Audio LLC) HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.14.304 - SurfRight B.V.) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-3778470857-3354985126-2849173473-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) OpenOffice 4.1.6 (HKLM-x32\...\{9C4CE297-775F-4579-80E5-2DF06E554998}) (Version: 4.16.9790 - Apache Software Foundation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation) Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.664 - Zemana Ltd.) Packages: ========= Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220 [2019-03-23] (Dolby Laboratories) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa [2019-05-29] (Apple Inc.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-19] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-19] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-03-19] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-06-15] (Zemana D.O.O. Sarajevo -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-01-29] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2019-06-15] (Zemana D.O.O. Sarajevo -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ZAM.exe" /service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ZAM.exe" /service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zam64.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zamguard64.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-12 00:38 - 2018-04-12 00:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3778470857-3354985126-2849173473-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\cosmic%20dewdrops.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C8FF8B0F-BF73-4ABF-AF56-B2F61F85D1F0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2D9B8479-506B-4CFA-903A-B90F8920CDEA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2D82E202-5358-4EB8-B559-B251026BDA3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4A8F0655-7FC9-4583-84E9-088B356D60EC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{913109A8-2ADB-4086-B187-58790C2A803D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C9F0BD92-CE9D-4F2F-BE1B-E718B992FD15}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{96E6EF92-45E0-47D0-BB67-B165AC36125A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{917E20EA-CE36-4A98-8931-618F5692C980}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) ==================== Restore Points ========================= 27-05-2019 21:50:06 Scheduled Checkpoint 06-06-2019 20:12:39 Scheduled Checkpoint 07-06-2019 20:29:13 Driver Tonic 12-06-2019 08:35:23 Windows Update 15-06-2019 19:09:32 Removed WinZip 23.0. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/15/2019 07:49:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 3.1.0.1807, time stamp: 0x5cc0b6f1 Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5cba0161 Exception code: 0xc0000005 Fault offset: 0x0018dc19 Faulting process ID: 0x1fd0 Faulting application start time: 0x01d523ab1aef9d83 Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll Report ID: ac702dc7-40d7-4018-8f71-dd00c08ff1bc Faulting package full name: Faulting package-relative application ID: Error: (06/15/2019 07:42:54 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (06/15/2019 06:24:44 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (06/15/2019 05:43:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17763.1, time stamp: 0x90f701bc Faulting module name: edgehtml.dll, version: 11.0.17763.557, time stamp: 0x354992b2 Exception code: 0xc00001ad Fault offset: 0x00000000007a562c Faulting process ID: 0xf14 Faulting application start time: 0x01d523997014f1bb Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll Report ID: 69d6d166-2b75-4a89-848e-bf9a4963f71a Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: MicrosoftEdge Error: (06/15/2019 05:24:44 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (06/15/2019 04:24:44 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (06/15/2019 03:24:43 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (06/15/2019 02:24:43 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. System errors: ============= Error: (06/16/2019 09:17:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/16/2019 09:17:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/16/2019 09:17:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/16/2019 09:15:38 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-3FG400O) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscCloudBackupProvider and APPID Unavailable to the user DESKTOP-3FG400O\Tom SID (S-1-5-21-3778470857-3354985126-2849173473-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/16/2019 09:14:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Stereo Service service failed to start due to the following error: The system cannot find the file specified. Error: (06/16/2019 09:14:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3FG400O) Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout. Error: (06/16/2019 09:14:09 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-3FG400O) Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout. Error: (06/16/2019 09:14:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2019-06-05 22:33:29.130 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {BC5D239C-DAA6-4B66-8A6C-2DD504254212} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-05-31 23:41:33.694 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {D9E64287-1356-4E8A-9094-F178DB690D1F} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-06-13 22:06:13.198 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. CodeIntegrity: =================================== Date: 2019-06-15 19:54:40.560 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-15 19:54:40.272 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-15 19:54:39.916 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-15 19:54:39.640 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Tom\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HitmanPro (1).exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-15 19:24:38.167 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\TotalAV\TotalAV.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-06-15 19:14:57.848 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-15 19:14:57.841 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. Date: 2019-06-15 19:14:57.834 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 5.19 02/10/2010 Motherboard: PEGATRON CORPORATION Narra6 Processor: AMD Athlon(tm) II X2 215 Processor Percentage of memory in use: 54% Total physical RAM: 6143.3 MB Available physical RAM: 2804.71 MB Total Virtual: 6527.3 MB Available Virtual: 3223.2 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:446.6 GB) (Free:255.68 GB) NTFS Drive e: (Mame) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS \\?\Volume{6c9590b0-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.12 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 6C9590B0) Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ [/spoiler] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
