Systweak pop-up ads!

Status
Not open for further replies.

SteveInMalta

New Member
Thread author
Feb 24, 2020
10
Being old and rather foolish, unfortunately I have managed to get my Dell Inspiron laptop running windows 10 infected with Systweak pop-up ads.

I subsequently deleted any possible pieces of software, recently installed, which may have included this malware - nothing changed, the ads still keep coming. So I downloaded Malwarebytes and performed a scan - no threats found! I use Eset NOD32 antivirus so I ran a scan with that and again no threats were found! Then I downloaded Adwcleaner and ran that with a similar result.

So, according to all the software I have no malware but Systweak keeps displaying on a regular basis.

Any suggestions please (apart from throw away the laptop)

:)

Best regards to all
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,418
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

[/b][/b]Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

Please post the logs for my review.

Wait for further instructions
 

SteveInMalta

New Member
Thread author
Feb 24, 2020
10
Being old and rather foolish, unfortunately I have managed to get my Dell Inspiron laptop running windows 10 infected with Systweak pop-up ads.

I subsequently deleted any possible pieces of software, recently installed, which may have included this malware - nothing changed, the ads still keep coming. So I downloaded Malwarebytes and performed a scan - no threats found! I use Eset NOD32 antivirus so I ran a scan with that and again no threats were found! Then I downloaded Adwcleaner and ran that with a similar result.

So, according to all the software I have no malware but Systweak keeps displaying on a regular basis.

Any suggestions please (apart from throw away the laptop)

:)

Best regards to all
Unfortunately so far non of the recommended tools have found any occurrence of Systweaks but the ads still appear!! Annoying! But thanks for all the recommendations. Cheers to everyone
 

SteveInMalta

New Member
Thread author
Feb 24, 2020
10
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

[/b][/b]Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

Please post the logs for my review.

Wait for further instructions
Hi, thanks for trying to help me

Here is the FRST file and I have attached the addition file as instructed

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020
Ran by Dell (administrator) on DESKTOP-STK38HV (Dell Inc. Inspiron 7720) (27-02-2020 17:47:41)
Running from C:\Users\Dell\Downloads
Loaded Profiles: Dell (Available Profiles: Dell)
Platform: Windows 10 Home Version 1809 17763.1039 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(DEVGURU Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(GameHouse Europe B.V. -> GameHouse) C:\Program Files (x86)\GameHouse Games\aminstantservice.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(GuinpinSoft inc) [File not signed] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19081.28230.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20012.133.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1357\DSAPI.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1357\SystemIdleCheck.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [717688 2015-06-22] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [183088 2019-12-13] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (Shenzhen Yi Xing Investment Co., Ltd. -> iSkySoft)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.122\Installer\chrmstp.exe [2020-02-24] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C09FD73-198D-44F6-A796-24037E88B377} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1519064 2020-01-14] (Dell Inc. -> Dell Inc.)
Task: {2CF5BB58-682D-4915-8DA4-22D91F68C5F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-19] (Google Inc -> Google LLC)
Task: {91AC589F-8656-43BC-B107-C4C1B50BE271} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A96D48D1-2CFA-4D80-87AB-49B7EAAD0885} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {D1DA27B8-406C-416F-8B99-5D1BDD005EF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-19] (Google Inc -> Google LLC)
Task: {E9AA6BD5-F9C3-487E-9441-B0CCF6FDB593} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {ED3A6F0F-767B-4A70-BDE7-5E6A6C311260} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1789370396-858827536-636936880-1001] => cs.tagaproxy.cs-technologies.net:808
Tcpip\Parameters: [DhcpNameServer] 212.56.129.228 212.56.132.20
Tcpip\..\Interfaces\{485c92af-15ca-48b2-ac60-a60266a01cb1}: [DhcpNameServer] 212.56.129.228 212.56.132.20

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-11-10] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Dell\Downloads

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-02-04] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default [2020-02-27]
CHR Notifications: Default -> hxxps://airastana.com; hxxps://blogs.systweak.com; hxxps://install.pdfpros.com; hxxps://malwaretips.com; hxxps://ocsnext.ebay.co.uk; hxxps://www.ashampoo.com; hxxps://www.hitc.com; hxxps://www.whathifi.com
CHR StartupUrls: Default -> "hxxp://www.bbc.co.uk/sport/0/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-19]
CHR Extension: (Docs) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-19]
CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-19]
CHR Extension: (Skype Calling) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2019-07-19]
CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-19]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-02-19]
CHR Extension: (Sheets) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-19]
CHR Extension: (Booking.com for Chrome™) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2019-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-01]
CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-06]
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-02-24]
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-24]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMInstantService; C:\Program Files (x86)\GameHouse Games\aminstantservice.exe [2041776 2016-10-26] (GameHouse Europe B.V. -> GameHouse)
R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe [8704 2020-02-06] (GuinpinSoft inc) [File not signed]
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [244280 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3339824 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [271416 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1357\DSAPI.exe [964592 2020-01-19] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36032 2019-11-08] (Dell Inc -> )
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-13] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-13] (ESET, spol. s r.o. -> ESET)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2020-02-24] (SurfRight B.V. -> SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-12-10] (Intel Corporation - pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2020-02-19] (Malwarebytes Inc -> Malwarebytes)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-07-10] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [780328 2019-07-10] (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [50648 2020-01-14] (Dell Inc. -> Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\NisSrv.exe [2455544 2019-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MsMpEng.exe [110104 2019-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [130336 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [35704 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [135520 2019-07-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149944 2019-10-31] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2019-05-31] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [189512 2019-10-31] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [116696 2019-12-13] (ESET, spol. s r.o. -> ESET)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-02-19] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2020-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-02-25] (Malwarebytes Inc -> Malwarebytes)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2018-09-15] (Microsoft Windows -> Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [451616 2018-11-23] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166752 2019-07-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [47704 2019-07-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [367032 2019-07-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54200 2019-07-09] (Microsoft Windows -> Microsoft Corporation)
S3 WsResetDevice; C:\Windows\SysWOW64\DRIVERS\WsResetDevice.sys [33544 2016-03-18] (Shenzhen Wondershare Information Technology Co., Ltd. -> WonderShare Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-27 17:47 - 2020-02-27 17:50 - 000023037 _____ C:\Users\Dell\Downloads\FRST.txt
2020-02-27 17:46 - 2020-02-27 17:49 - 000000000 ____D C:\FRST
2020-02-27 17:45 - 2020-02-27 17:46 - 002279424 _____ (Farbar) C:\Users\Dell\Downloads\FRST64.exe
2020-02-26 19:46 - 2020-02-26 19:46 - 000000000 ____D C:\Users\Dell\Downloads\The Beatles - Beatles For Sale (1964) (Japan CP32-5324)
2020-02-26 18:59 - 2020-02-26 19:16 - 000000000 ____D C:\Users\Dell\Downloads\Westworld.S01.BDRip.x264-DEMAND[rartv]
2020-02-26 18:57 - 2020-02-26 18:57 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-02-26 16:23 - 2020-02-26 16:23 - 000000000 ____D C:\Users\Dell\AppData\Local\CrashDumps
2020-02-25 21:49 - 2020-02-25 21:49 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-02-24 20:10 - 2020-02-24 20:10 - 000000599 _____ C:\Users\Dell\Desktop\JRT.txt
2020-02-24 20:03 - 2020-02-24 20:03 - 001790024 _____ (Malwarebytes) C:\Users\Dell\Downloads\JRT.exe
2020-02-24 19:11 - 2020-02-24 19:11 - 047658504 _____ (Adlice Software ) C:\Users\Dell\Downloads\RogueKiller_setup.exe
2020-02-24 13:46 - 2020-02-24 13:46 - 000001962 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2020-02-24 13:46 - 2020-02-24 13:46 - 000001962 _____ C:\ProgramData\Desktop\HitmanPro.lnk
2020-02-24 13:46 - 2020-02-24 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2020-02-24 13:44 - 2020-02-24 13:45 - 011575104 _____ (SurfRight B.V.) C:\Users\Dell\Downloads\HitmanPro_x64 (1).exe
2020-02-24 13:40 - 2020-02-24 13:40 - 000001543 _____ C:\Users\Dell\Desktop\adwcleaner_8.0.2.lnk
2020-02-24 13:21 - 2020-02-24 13:24 - 000000000 ____D C:\AdwCleaner
2020-02-24 13:21 - 2020-02-24 13:21 - 008356016 _____ (Malwarebytes) C:\Users\Dell\Downloads\adwcleaner_8.0.2.exe
2020-02-22 17:48 - 2020-02-22 17:48 - 000230840 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2020-02-22 17:46 - 2020-02-22 17:47 - 002573392 _____ (TrueCrypt Foundation) C:\Users\Dell\Downloads\TrueCrypt-7-2.exe
2020-02-20 18:54 - 2020-02-20 18:55 - 000474224 _____ C:\Windows\system32\FNTCACHE.DAT
2020-02-19 16:00 - 2020-02-19 16:00 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-02-19 15:57 - 2020-02-19 15:57 - 001883976 _____ (Malwarebytes) C:\Users\Dell\Downloads\MBSetup-009996.009996-consumer.exe
2020-02-19 15:51 - 2020-02-19 16:00 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-02-19 15:51 - 2020-02-19 16:00 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-02-19 15:51 - 2020-02-19 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-02-19 15:50 - 2020-02-19 15:59 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-02-19 15:50 - 2020-02-19 15:59 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-02-19 08:04 - 2020-02-19 08:04 - 010082977 _____ (TalkHelper Team ) C:\Users\Dell\Downloads\talkhelper-setup.exe
2020-02-19 08:01 - 2020-02-19 08:01 - 008692152 _____ C:\Users\Dell\Downloads\iFreeRecorder.exe
2020-02-19 08:01 - 2020-02-01 07:36 - 000801080 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2020-02-14 07:45 - 2020-02-19 08:16 - 000000000 ____D C:\Users\Public\Documents\Ashampoo
2020-02-14 07:45 - 2020-02-19 08:16 - 000000000 ____D C:\ProgramData\Documents\Ashampoo
2020-02-14 07:45 - 2020-02-14 07:45 - 000000000 ____D C:\Users\Dell\AppData\Local\Ashampoo
2020-02-13 09:04 - 2020-02-03 22:41 - 000835688 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-02-13 09:04 - 2020-02-03 22:41 - 000179608 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-02-12 22:43 - 2020-02-12 22:43 - 000000000 ____D C:\ProgramData\ssh
2020-02-12 14:34 - 2020-02-12 14:34 - 005436936 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-02-12 14:34 - 2020-02-12 14:34 - 003550592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2020-02-12 14:34 - 2020-02-12 14:34 - 002469432 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-02-12 14:34 - 2020-02-12 14:34 - 002323904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2020-02-12 14:34 - 2020-02-12 14:34 - 002273080 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2020-02-12 14:34 - 2020-02-12 14:34 - 001877168 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2020-02-12 14:34 - 2020-02-12 14:34 - 001430672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2020-02-12 14:34 - 2020-02-12 14:34 - 001288856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2020-02-12 14:34 - 2020-02-12 14:34 - 001267216 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2020-02-12 14:34 - 2020-02-12 14:34 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
2020-02-12 14:34 - 2020-02-12 14:34 - 000263576 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2020-02-12 14:34 - 2020-02-12 14:34 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2020-02-12 14:33 - 2020-02-12 14:34 - 024617472 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 026806784 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 023463424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 020816384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 019020288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 013013504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 012306432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 008906752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 007923712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 006061056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 004658688 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 003904000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 003702784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 002942976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 002298880 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 001229824 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 001224704 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 001182720 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2020-02-12 14:33 - 2020-02-12 14:33 - 001166336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2020-02-12 14:33 - 2020-02-12 14:33 - 001071616 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2020-02-12 14:33 - 2020-02-12 14:33 - 001062400 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000883200 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000852480 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000796160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000684544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000560640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2020-02-12 14:33 - 2020-02-12 14:33 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000430592 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2020-02-12 14:33 - 2020-02-12 14:33 - 000428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000310784 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2020-02-12 14:33 - 2020-02-12 14:33 - 000252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000218624 _____ (Microsoft Corporation) C:\Windows\system32\wscinterop.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2020-02-12 14:33 - 2020-02-12 14:33 - 000212480 _____ (Microsoft Corporation) C:\Windows\system32\DiagSvc.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\recdisc.exe
2020-02-12 14:33 - 2020-02-12 14:33 - 000180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2020-02-12 14:33 - 2020-02-12 14:33 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000165888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscinterop.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000122880 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000096256 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2020-02-12 14:33 - 2020-02-12 14:33 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\RDSPnf.exe
2020-02-12 14:33 - 2020-02-12 14:33 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\SrTasks.exe
2020-02-12 14:32 - 2020-02-12 14:33 - 007870976 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 006546296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 006445568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 006318544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 005777920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 005608328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 005086208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 004872704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 004628992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 003874936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2020-02-12 14:32 - 2020-02-12 14:32 - 003656704 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 003430400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 002780296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 002770944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 002765312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 002699264 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 002348544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 002280024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 002086400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001866240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001677088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001674688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001647104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmsipc.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001590072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001476096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001247560 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2020-02-12 14:32 - 2020-02-12 14:32 - 001222672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001219584 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2020-02-12 14:32 - 2020-02-12 14:32 - 001193984 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001076224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 001051136 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000917816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000879104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2020-02-12 14:32 - 2020-02-12 14:32 - 000876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000866304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000849920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000840192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipcsecproc.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000681472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000622080 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe
2020-02-12 14:32 - 2020-02-12 14:32 - 000541472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000496128 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000492032 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000481280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000449024 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000395776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000349184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2020-02-12 14:32 - 2020-02-12 14:32 - 000348672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000252024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2020-02-12 14:32 - 2020-02-12 14:32 - 000186880 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2020-02-12 14:32 - 2020-02-12 14:32 - 000156712 _____ (Microsoft Corporation) C:\Windows\system32\omadmapi.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000128616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\omadmapi.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2020-02-12 14:32 - 2020-02-12 14:32 - 000032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasphone.exe
2020-02-12 14:32 - 2020-02-12 14:32 - 000027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciwave.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 022137336 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 009669648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-02-12 14:31 - 2020-02-12 14:31 - 006943232 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 004588776 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-02-12 14:31 - 2020-02-12 14:31 - 002879488 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 002627600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2020-02-12 14:31 - 2020-02-12 14:31 - 001994976 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 001963536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2020-02-12 14:31 - 2020-02-12 14:31 - 001751432 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 001726480 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 001702392 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-02-12 14:31 - 2020-02-12 14:31 - 001486680 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 001473088 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2020-02-12 14:31 - 2020-02-12 14:31 - 001360912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2020-02-12 14:31 - 2020-02-12 14:31 - 001345984 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-02-12 14:31 - 2020-02-12 14:31 - 001319936 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 001262592 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 001183296 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2020-02-12 14:31 - 2020-02-12 14:31 - 001056272 _____ (Microsoft Corporation) C:\Windows\system32\pidgenx.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 001012736 _____ (Microsoft Corporation) C:\Windows\system32\refsutil.exe
2020-02-12 14:31 - 2020-02-12 14:31 - 000954368 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000953344 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000950272 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000930816 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthSSO.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000927232 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000860160 _____ C:\Windows\system32\MBR2GPT.EXE
2020-02-12 14:31 - 2020-02-12 14:31 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000764216 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000629760 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000613376 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000591376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000588600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2020-02-12 14:31 - 2020-02-12 14:31 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2020-02-12 14:31 - 2020-02-12 14:31 - 000520704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Notifications.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000519992 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2020-02-12 14:31 - 2020-02-12 14:31 - 000519168 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\msutb.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000494080 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000465424 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000452608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cldflt.sys
2020-02-12 14:31 - 2020-02-12 14:31 - 000431416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2020-02-12 14:31 - 2020-02-12 14:31 - 000408064 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000239616 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2020-02-12 14:31 - 2020-02-12 14:31 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2020-02-12 14:31 - 2020-02-12 14:31 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\rasphone.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 007888896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 005577656 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 005528576 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 005300736 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 004417552 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 004050944 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 003636736 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-02-12 14:30 - 2020-02-12 14:30 - 003387392 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 003363848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2020-02-12 14:30 - 2020-02-12 14:30 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 003329536 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 002848256 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 002634240 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 002437344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 002417664 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-02-12 14:30 - 2020-02-12 14:30 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\winmsipc.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 002192384 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 001830928 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 001824768 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 001796920 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 001665720 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 001608192 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 001538560 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 001479208 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 001260032 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 001259832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2020-02-12 14:30 - 2020-02-12 14:30 - 001114112 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 001087800 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 001054952 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 001051648 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000902344 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000898048 _____ (Microsoft Corporation) C:\Windows\system32\winipcsecproc.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000888864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000820736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000741688 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_StorageSense.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000681416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000657408 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000649728 _____ (Microsoft Corporation) C:\Windows\system32\cdpsvc.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000515584 _____ (Microsoft Corporation) C:\Windows\system32\cdpusersvc.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000510264 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000501248 _____ (Microsoft Corporation) C:\Windows\system32\winipcfile.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000485376 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000450912 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000446480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000442880 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000410624 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000389920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000376568 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000349696 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000333824 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000331104 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000313000 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000305664 _____ (Microsoft Corporation) C:\Windows\system32\DeviceDirectoryClient.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000293856 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000286520 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthAgent.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000281088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.AppDefaults.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000256512 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000226816 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000222720 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Geolocation.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000213816 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000193336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000163240 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000154624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_AppExecutionAlias.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_BackgroundApps.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000147944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2020-02-12 14:30 - 2020-02-12 14:30 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000105784 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthProxyStub.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2020-02-12 14:30 - 2020-02-12 14:30 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\mciwave.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 007701200 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 003577856 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 003334496 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 003269632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 003006464 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 002928640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 002707456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-02-12 14:29 - 2020-02-12 14:29 - 002590736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 002015608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 001677312 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 001674752 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 001520232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 001387512 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 001294488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 001258504 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-02-12 14:29 - 2020-02-12 14:29 - 001049400 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-02-12 14:29 - 2020-02-12 14:29 - 001005056 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000985088 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000902144 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000872000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000869888 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000856432 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000779776 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000777728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000758928 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2020-02-12 14:29 - 2020-02-12 14:29 - 000751632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2020-02-12 14:29 - 2020-02-12 14:29 - 000677144 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000662024 _____ (Microsoft Corporation) C:\Windows\system32\computecore.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000652088 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2020-02-12 14:29 - 2020-02-12 14:29 - 000613176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2020-02-12 14:29 - 2020-02-12 14:29 - 000611840 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000606224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000531976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000506200 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msutb.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000422712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2020-02-12 14:29 - 2020-02-12 14:29 - 000405520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-02-12 14:29 - 2020-02-12 14:29 - 000402584 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000398416 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000277504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000253256 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2020-02-12 14:29 - 2020-02-12 14:29 - 000203064 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000189496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000169784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2020-02-12 14:29 - 2020-02-12 14:29 - 000161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2020-02-12 14:29 - 2020-02-12 14:29 - 000109056 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000103736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2020-02-12 14:29 - 2020-02-12 14:29 - 000095760 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\keyiso.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\keyiso.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\UsoClient.exe
2020-02-12 14:29 - 2020-02-12 14:29 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\Websocket.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Websocket.dll
2020-02-12 14:29 - 2020-02-12 14:29 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-02-12 14:29 - 2020-02-12 14:29 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-02-12 14:29 - 2020-02-12 14:29 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-02-12 14:29 - 2020-02-12 14:29 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-02-12 14:29 - 2020-02-12 14:29 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-02-12 14:29 - 2020-02-12 14:29 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-02-12 14:29 - 2020-02-12 14:29 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-02-12 14:29 - 2020-02-12 14:29 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-02-11 18:26 - 2020-02-11 18:26 - 020744292 _____ C:\Users\Dell\Downloads\VID-20200210-WA0001.mp4
2020-02-09 17:35 - 2020-02-09 17:35 - 000000000 ____D C:\Users\Dell\Downloads\INSPECTOR ALLEYN MYSTERIES - DEATH AT THE BAR - 1993
2020-02-09 14:51 - 2020-02-09 14:57 - 000000000 ____D C:\Users\Dell\Downloads\Dark Waters (2019) [BluRay] [720p] [YTS.LT]
2020-02-06 15:55 - 2020-02-06 15:55 - 000000000 ____D C:\Users\Dell\.MakeMKV
2020-02-06 15:55 - 2020-02-06 15:55 - 000000000 ____D C:\Program Files\Common Files\cdarbsvc
2020-02-06 15:53 - 2020-02-06 15:54 - 012026456 _____ (GuinpinSoft inc) C:\Users\Dell\Downloads\Setup_MakeMKV_v1.14.7.exe
2020-02-06 14:49 - 2020-02-06 14:49 - 000000000 ____D C:\Users\Dell\Documents\MiniTool MovieMaker
2020-02-06 14:41 - 2020-02-06 15:01 - 000000000 ____D C:\Users\Dell\AppData\Roaming\QtProject
2020-02-06 14:40 - 2020-02-06 14:40 - 000000000 ____D C:\Users\Dell\AppData\Local\CEF
2020-02-06 14:37 - 2020-02-06 14:40 - 000730151 _____ C:\Innosetuplog.txt
2020-02-06 14:35 - 2019-09-06 18:50 - 069999448 _____ (Microsoft Corporation) C:\Users\Dell\Downloads\framework.exe
2020-02-06 13:54 - 2020-02-06 13:54 - 000000000 ____D C:\Users\Dell\AppData\Roaming\NVIDIA
2020-02-06 13:52 - 2020-02-06 16:40 - 000000000 ____D C:\Users\Dell\Documents\Aiseesoft Studio
2020-02-06 13:52 - 2020-02-06 13:52 - 000000000 ____D C:\Users\Dell\AppData\Local\Aiseesoft Studio
2020-02-06 13:50 - 2020-02-06 13:50 - 001091752 _____ ( ) C:\Users\Dell\Downloads\free-ts-converter.exe
2020-02-06 11:30 - 2020-02-06 17:38 - 000000000 ____D C:\Users\Dell\AppData\Roaming\dvdcss
2020-02-03 21:17 - 2020-02-03 21:17 - 000000000 ____D C:\Users\Dell\Downloads\Virtual Real Porn - Game Play
2020-01-29 15:30 - 2020-01-29 15:30 - 000000000 ____D C:\Windows\Dell
2020-01-29 15:13 - 2020-01-29 15:13 - 070418432 _____ (Dell Inc.) C:\Users\Dell\Downloads\Input_Driver_Y9JHW_WN32_10.1200.101.202_A00.EXE
2020-01-29 12:37 - 2020-02-06 10:55 - 000000000 ____D C:\Users\Dell\Downloads\3DCustomGirl
2020-01-29 12:33 - 2020-01-29 12:33 - 000000000 ____D C:\Users\Dell\Downloads\Akiko III 3D - The sin of lust - 3D Hentai Sex Game ( PC WIndows )

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-27 17:49 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-27 10:16 - 2019-05-30 10:01 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-02-27 09:52 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-02-27 09:52 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2020-02-27 09:42 - 2019-05-31 00:09 - 000000000 __SHD C:\Users\Dell\IntelGraphicsProfiles
2020-02-26 22:16 - 2019-07-19 20:04 - 000000000 ____D C:\Users\Dell\AppData\Roaming\vlc
2020-02-26 21:50 - 2019-07-19 15:39 - 000000000 ____D C:\Users\Dell\AppData\Roaming\uTorrent
2020-02-26 20:24 - 2019-07-19 15:42 - 000000000 ____D C:\Users\Dell\AppData\Local\BitTorrentHelper
2020-02-26 19:36 - 2020-01-13 10:09 - 1448513881 _____ C:\Users\Dell\Downloads\Red (2010) 1080p 5.1 x265.mkv
2020-02-26 14:47 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2020-02-25 21:55 - 2019-05-30 10:17 - 000842840 _____ C:\Windows\system32\PerfStringBackup.INI
2020-02-25 21:55 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\Registration
2020-02-25 21:48 - 2019-05-30 10:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-25 21:47 - 2018-09-15 07:09 - 000524288 _____ C:\Windows\system32\config\BBI
2020-02-25 16:53 - 2019-05-30 22:28 - 000000000 ____D C:\Users\Dell\AppData\Local\Packages
2020-02-24 18:57 - 2019-07-19 15:01 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-02-24 18:57 - 2019-07-19 15:01 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-02-24 18:57 - 2019-07-19 15:01 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-02-24 13:46 - 2019-11-17 06:16 - 000000000 ____D C:\Program Files\HitmanPro
2020-02-24 13:24 - 2019-11-01 08:19 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Lavasoft
2020-02-24 13:24 - 2019-11-01 08:19 - 000000000 ____D C:\Users\Dell\AppData\Local\Lavasoft
2020-02-24 13:24 - 2019-11-01 08:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-02-24 13:24 - 2019-11-01 08:19 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-02-24 13:24 - 2019-11-01 08:17 - 000000000 ____D C:\ProgramData\Lavasoft
2020-02-24 13:24 - 2019-08-12 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2020-02-24 13:24 - 2019-08-12 10:23 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Samsung
2020-02-24 13:24 - 2019-08-12 10:22 - 000000000 ____D C:\Program Files (x86)\Samsung
2020-02-24 12:44 - 2019-07-19 15:33 - 000000000 ____D C:\ProgramData\Package Cache
2020-02-22 08:55 - 2019-10-25 06:41 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Jewel Match 4
2020-02-20 22:27 - 2019-05-30 22:27 - 000000000 ____D C:\Users\Dell
2020-02-20 18:55 - 2019-05-30 19:01 - 000000000 ____D C:\Windows\Panther
2020-02-19 15:51 - 2019-11-20 13:07 - 000000000 ____D C:\Users\Dell\AppData\Local\cache
2020-02-19 15:50 - 2018-09-15 08:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-02-19 09:03 - 2019-07-24 13:32 - 000000000 ____D C:\Users\Dell\AppData\Local\PhotoManager
2020-02-19 08:37 - 2019-08-16 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2020-02-19 08:37 - 2019-08-16 12:54 - 000000000 ____D C:\Program Files (x86)\GameTop.com
2020-02-18 08:05 - 2019-11-11 13:00 - 1174356239 _____ C:\Users\Dell\Downloads\BBC Blood and Gold; The Making of Spain with Simon Sebag Montefiore 3 of 3 - Nation CC DVDTV x264 AC3 576p.mkv
2020-02-17 19:54 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\LiveKernelReports
2020-02-13 09:18 - 2019-07-21 14:36 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-02-13 09:05 - 2019-05-30 22:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-02-13 09:05 - 2019-05-30 22:28 - 000000000 ___RD C:\Users\Dell\3D Objects
2020-02-13 09:04 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2020-02-12 22:44 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\oobe
2020-02-12 22:44 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-02-12 22:43 - 2018-09-15 08:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-02-12 22:43 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2020-02-12 22:43 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\oobe
2020-02-12 22:43 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\ShellExperiences
2020-02-12 22:43 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\ShellComponents
2020-02-12 22:43 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\bcastdvr
2020-02-12 22:43 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\system32\Dism
2020-02-12 22:43 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\servicing
2020-02-12 14:52 - 2018-09-15 08:23 - 000000000 ____D C:\Windows\CbsTemp
2020-02-12 14:48 - 2019-07-09 21:19 - 000000000 ____D C:\Windows\system32\MRT
2020-02-12 14:42 - 2019-07-09 21:19 - 120407888 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-02-09 17:19 - 2020-01-27 19:52 - 000000000 ____D C:\Users\Dell\Downloads\Armour Of God (1986) DvDRip x264 [Dual-Audio] [Eng-Hindi] [Exclusive]~~~[CooL GuY] {{a2zRG}}
2020-02-06 11:34 - 2019-07-19 15:22 - 000000000 ____D C:\Steve's
2020-02-05 19:51 - 2019-11-16 14:26 - 000000000 ____D C:\Users\Dell\AppData\Roaming\MusicBee
2020-02-05 11:50 - 2019-07-19 15:00 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-05 11:50 - 2019-07-19 15:00 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-02 19:39 - 2019-11-16 21:24 - 000000000 ____D C:\Users\Dell\AppData\Local\D3DSCache
2020-01-29 15:14 - 2019-12-28 17:48 - 000000000 __SHD C:\ProgramData\Dell
2020-01-29 11:44 - 2020-01-03 19:29 - 000000000 ____D C:\ProgramData\PCDr

==================== Files in the root of some directories ========

2020-01-02 15:13 - 2020-01-02 15:13 - 000003584 _____ () C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Attachments

  • Addition.txt
    26.1 KB · Views: 2

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,418
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The PUSH Notifications are coming from the two sites listed in bold.

CHR Notifications: Default -> hxxps://airastana.com; hxxps://blogs.systweak.com; hxxps://install.pdfpros.com; hxxps://malwaretips.com; hxxps://ocsnext.ebay.co.uk; hxxps://www.ashampoo.com; hxxps://www.hitc.com; hxxps://www.whathifi.com

Navigate to this page and remove them in the compromised browsers.

Browser push notifications: a feature asking to be abused

Let me know if your problem is solved.
 
  • Like
Reactions: [correlate]

SteveInMalta

New Member
Thread author
Feb 24, 2020
10
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The PUSH Notifications are coming from the two sites listed in bold.

CHR Notifications: Default -> hxxps://airastana.com; hxxps://blogs.systweak.com; hxxps://install.pdfpros.com; hxxps://malwaretips.com; hxxps://ocsnext.ebay.co.uk; hxxps://www.ashampoo.com; hxxps://www.hitc.com; hxxps://www.whathifi.com

Navigate to this page and remove them in the compromised browsers.

Browser push notifications: a feature asking to be abused

Let me know if your problem is solved.
Dear nasdaq - an interesting 'name' given the latest stock market problems from the coronavirus! :)

Forgive me asking for clarification but I certainly don't wish to mess this up

I am using google chrome within windows 10 system.

are you saying that I should open up chrome settings, go to Privacy and security, select 'Site settings' and then go to Pop-ups and redirects and enter the two website URLs in the Blocked section? Please see attached screens printed with the URL already entered but I did not save them in case I am incorrect in my assumptions!!

Ooops, just entered the first URL and the system tells me it is not a valid web address so I am obviously moving totally along the wrong path!!

I await more specific instructions

Apologies



Forgive me but I am not an 'expert' and not sure what it is I have to do exactly.

Best regards

Steve
 

Attachments

  • Screen prints.jpg
    Screen prints.jpg
    90.6 KB · Views: 4
  • Like
Reactions: [correlate]

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,418
Hi,

Sorry my bad.

The Farbar log shows hxxps://blogs.systweak.com; hxxps://install.pdfpros.com;

The https protocol is reported as hxxps so that the links are obfuscated.
This prevent anyone from getting to bad sites.

Enter these sites with https links to the box and click the Add button.

Repeat for this site.
 
  • Like
Reactions: [correlate]

SteveInMalta

New Member
Thread author
Feb 24, 2020
10
Hi,

Sorry my bad.

The Farbar log shows hxxps://blogs.systweak.com; hxxps://install.pdfpros.com;

The https protocol is reported as hxxps so that the links are obfuscated.
This prevent anyone from getting to bad sites.

Enter these sites with https links to the box and click the Add button.

Repeat for this site.
Hi nasdaq NOT your bad at all, it's my bad because of my lack of knowledge - hopefully I understood you well and did exactly what I said I was going to do last time only - as you instructed - I amended the URLs so they were tt instead of xx - I have included a final screen print to show how it looks - sorry to be so nervous as to whether I have done the right thing! :)

If all is correct then please do not waste your time replying - if I do not hear back from you I shall assume I did it correctly.

If so, then thank you so much for your assistance 'nasdaq', I doubt that you will ever be in Malta (I presume that you are thousands of miles away in the USA? Maybe not?) but if ever you do come to our fair isle in the Med then please email me and I will give you and your partner / family a trip around the (admittedly smallish) island to see the tourist sites. The film Popeye with Robin Williams in the lead role, was made in Malta and a dummy town built for the production and it's now a tourist attraction, see attached file and also the capital Valletta is pretty special (another image attached)

Thanks once again

Keep safe and go well.

Best regards

Steve
 

Attachments

  • Screen print 2.jpg
    Screen print 2.jpg
    25.5 KB · Views: 4
  • Popeye village.jpg
    Popeye village.jpg
    156.4 KB · Views: 4
  • Valletta.jpg
    Valletta.jpg
    291.4 KB · Views: 7

SteveInMalta

New Member
Thread author
Feb 24, 2020
10
Hi nasdaq - Bad news unfortunately - logged off last night after our discussion (having amended the settings) and this morning another pop-up occurred!! Annoying
 

Attachments

  • Systweak 01 03 2020 at 09 10 local time.jpg
    Systweak 01 03 2020 at 09 10 local time.jpg
    44 KB · Views: 5

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,418
Hi,

If these are PopUps and you are using Chrome check this out.

Chrome is Synced with other Devices reset it.


Execute the suggested fix.

Restart the computer normally.
===========

Keep me posted.
 

SteveInMalta

New Member
Thread author
Feb 24, 2020
10
Hi,

If these are PopUps and you are using Chrome check this out.

Chrome is Synced with other Devices reset it.


Execute the suggested fix.

Restart the computer normally.
===========

Keep me posted.
Still no luck - it is very persistent!! What would happen if I deleted (uninstalled) google chrome and then reinstalled it? I presume that that would not get rid of the problem?
 

Attachments

  • Systweak 03 03 2020 at 10 27 local time.jpg
    Systweak 03 03 2020 at 10 27 local time.jpg
    150.6 KB · Views: 2

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,418
Hi,

Possibly, do it this way to save your passwords and Bookmarks.
Your copy of Chrome may have been compromised

Remove and re-install Chrome. Follow these instructions.

https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step2.gif[/URL]] If you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step3.gif[/URL]] Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: How To Back Up Your Google Chrome Bookmarks

https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step4.gif Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome

https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step5.gif Clear your Chrome cache and cookies

https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step6.gif Remove Chrome using the the instructions on this page.

https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step7.gif Re-install Chrome and the Bookmarks.
<<<>>
 
Last edited:

SteveInMalta

New Member
Thread author
Feb 24, 2020
10
Hi,

Possibly, do it this way to save your passwords and Bookmarks.
Your copy of Chrome may have been compromised

Remove and re-install Chrome. Follow these instructions.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step1.gif[/URL]] Remove Chrome from your Computer and reinstall a fresh copy later.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step2.gif[/URL]] If you remove the syncing of your account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ...

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step3.gif[/URL]] Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
How To: How To Back Up Your Google Chrome Bookmarks

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step4.gif[/URL]] Before you remove Chrome Export your Passwords
How to export your saved passwords from Chrome

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step5.gif[/URL]] Clear your Chrome cache and cookies

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step6.gif[/URL]] Remove Chrome using the the instructions on this page.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step7.gif[/URL]] Re-install Chrome and the Bookmarks.
<<<>>
Sorry, neither of those first two links worked, they gave me errors so I could not move forward
 

SteveInMalta

New Member
Thread author
Feb 24, 2020
10
Sorry, neither of those first two links worked, they gave me errors so I couldn't move forward

I am speaking of the two links here

Remove and re-install Chrome. Follow these instructions.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step1.gif[/URL]] Remove Chrome from your Computer and reinstall a fresh copy later.

[img=[URL]https://www.bleepingcomputer.com/forums/public/style_emoticons/default/step2.gif[/URL]] If you remove the syncing of your account you must remove it before you save your bookmarks etc...
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,418
Hi,
The links were not formatted correctly for this forum.
I changed them. If you click on them now you will only see a small gif file with a number.
 

SteveInMalta

New Member
Thread author
Feb 24, 2020
10
Hi,
The links were not formatted correctly for this forum.
I changed them. If you click on them now you will only see a small gif file with a number.
Sorry but I think I am giving up!! I deleted and reinstalled chrome but still no luck so I tried using Edge (having uninstalled chrome again) and I don't like it all, the bookmarks handling is awful. So then I downloaded internet explorer and apart from it repeatedly telling me to use Edge its OKish - not as good as Chrome but acceptable

It seems that Systweak has me beat!
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,418
It's all in our preferences and what we want to do.

Good luck.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top